Microsoft makes Windows the local execution layer for AI agents — Aion models, Execution Containers, and on-device AI ship at Build

At Build 2026 on June 2, 2026, Microsoft laid out its case for Windows as the local execution layer for AI agents — not just a platform that connects to cloud AI, but one that runs capable models and enforces governance policies entirely on the device. The core announcements: two new Aion small language models, Microsoft Execution Containers (MXC) for sandboxed agent environments, and expanded Windows AI runtime APIs that now reach more CPU and GPU configurations.

Aion 1.0: Microsoft's new on-device SLMs. Microsoft announced two Aion 1.0 models at Build. Aion 1.0 Instruct is a small, fast model for everyday text intelligence tasks — summarisation, rewriting, short-form generation — described as smaller and more efficient than the current Windows OS SLM. It enters preview through Edge Insider channels and is expected to ship as open-source on Hugging Face in July 2026. Aion 1.0 Plan is a 14-billion-parameter model with a 32K context window, designed for reasoning and tool-calling. Unlike Instruct, Plan "ships in-box as part of Windows on capable devices" — meaning it's embedded directly in the operating system on hardware that meets the requirements — and enables applications to reason over user intent and invoke tools locally, without sending data to the cloud. No specific hardware requirements for Aion 1.0 Plan were published in the announcement.

Microsoft Execution Containers (MXC). MXC, announced in early preview, is a policy-driven execution layer for AI agents running on Windows and WSL. Developers declare what an agent is allowed to access — files, network — and MXC enforces those boundaries at runtime rather than relying on the agent's own guardrails, binding agents to a strong user identity. Available isolation options include process isolation, session isolation, and Windows 365 for Agents; micro-VMs and Linux containers are on the roadmap. The design pattern is explicitly about giving enterprises a mechanism to run third-party agents without granting them unconstrained access to the operating environment. This matters for any company evaluating AI agent adoption in regulated or sensitive-data contexts.

Expanded Windows AI APIs. The Windows AI runtime is expanding to more Windows 11 PC configurations beyond NPU-only hardware. Per Microsoft, a new speech-recognition API for real-time and batch on-device speech-to-text will enter public preview with initial English-only support; the existing on-device SLM is available on capable GPUs, and video super-resolution and speech recognition reach CPUs — all in public preview. The direction is consistent: more on-device AI capability available across a wider range of developer machines, without cloud dependency.

Why on-device AI for enterprises. The Build framing for all of this is "sovereign AI" — organisations that need data to stay on-premise or within a specific jurisdiction, either for compliance reasons (healthcare, legal, government) or competitive confidentiality reasons. Aion Plan running in-box on Windows with MXC enforcement gives enterprise IT departments a way to say: this agent runs locally, accesses only what we've permitted, and never sends data to a cloud provider. That's a meaningfully different deployment model than the current default (route everything to Azure OpenAI or another cloud endpoint). For developers building tools or agents for enterprise buyers, this is the infrastructure to understand now so you can design toward it as it reaches GA.