3 June 2026: Microsoft gives AI agents a control layer (AM)

Today’s AI news is less about one spectacular model launch and more about the systems around AI becoming harder to ignore. Microsoft is trying to standardise how agents are controlled, Washington has chosen a lighter touch for frontier model review, and consumer AI is moving from novelty into fraud protection, workplace plugins and youth safety rules.

Microsoft says its new Agent Control Specification gives developers a portable way to decide what AI agents can and cannot do. The company introduced ACS alongside ASSERT, an open source evaluation framework for testing whether agents follow policies before and after deployment. Microsoft's Foundry blog reports that ACS lets teams write policy files that travel with an agent across frameworks, with checks for inputs, model calls, state, tool execution and outputs.

For small businesses, the useful part is not the acronym. It is the idea that an AI agent should have controls that security, legal and operations teams can review, rather than a loose set of prompt instructions buried inside one app. Microsoft says ACS is designed to work with LangChain, OpenAI Agents SDK, Anthropic Agents SDK, AutoGen, CrewAI, Semantic Kernel, MCP tools and other frameworks. That matters because the risks around AI agents often show up when a system starts taking actions through tools, not when it simply writes text.

There is still a gap between an open specification and real adoption. The watch point is whether software vendors treat ACS as a serious control layer, or whether it remains another developer option that only careful teams use.

President Trump signed a narrower AI executive order that asks certain companies to submit powerful models for voluntary government review before public release. TechCrunch reported that the order gives the US government a 30 day review window, compared with an earlier draft that had discussed up to 90 days. The order also says it does not create a mandatory licensing or preclearance regime for releasing AI models.

For UK readers, the practical point is that US AI oversight still shapes the products British firms use. If American labs know they may be asked for pre release access on frontier models, product launches, safety disclosures and enterprise procurement could all adjust around that rhythm. The order also puts AI assisted hacking and unauthorised access higher on the enforcement agenda, which is relevant for any company using AI agents inside software development or security operations.

The risk is that voluntary review becomes a signal rather than a safeguard. The next few weeks should show whether major labs publicly commit to the process, and whether other governments decide that the US approach is too light or simply more realistic.

OpenAI is pushing youth safety into a global policy conversation, while also selling Codex as a broader workplace tool. In one update, OpenAI said it would convene policy, education and civil society experts in Paris to discuss safeguards, standards and opportunities for young people using AI. In a separate workplace story, TechCrunch reported that OpenAI released six Codex plugins for roles including data analytics, creative production, sales, product design, equity investing and investment banking.

Those two moves sit awkwardly together, which is why they are worth reading together. AI providers are trying to expand use into schools, offices and regulated work while also arguing that guardrails can keep pace. OpenAI’s own Codex usage claims, including weekly active user figures and knowledge worker growth, are vendor reported and should be treated as company data rather than independent adoption proof.

The immediate implication is simple: businesses should test role based AI tools against real workflows, not against a launch demo. For families and schools, the youth safety question is not whether AI can help with learning, but whether age appropriate defaults, reporting routes and data rules are clear enough to trust.

Google is rolling out fake call detection for Android to counter AI voice impersonation scams. TechCrunch reported that the feature is launching globally in Phone by Google for Android 12 and newer devices this month, starting with Pixel devices. According to Google’s explanation cited in the report, the system uses a silent confirmation signal between devices to warn when a caller appears to be impersonating a trusted contact.

This is one of the clearest consumer uses of AI in the brief because it addresses a risk readers already understand: spoofed numbers and cloned voices. The feature does not make every phone call safe, and it depends on supported apps and devices, but it moves fraud protection closer to the point where the scam happens. That is more useful than another after the fact warning about deepfakes.

UK consumers should still be cautious with payment requests, emergency stories and calls from supposed family members. The technology can help, but the practical rule remains: hang up, call back using a known number, and never move money because a voice sounds familiar.

Anthropic is expanding Project Glasswing, its restricted cybersecurity programme for using advanced AI to find and patch serious software vulnerabilities. Anthropic says the project is being extended to about 150 new organisations across more than 15 countries, covering sectors such as power, water, healthcare, communications and hardware. The company says partners must meet its security requirements before gaining access.

This story belongs in the daily update because it shows where AI capability is becoming too sensitive for ordinary product release. Anthropic says the bottleneck is no longer only finding vulnerabilities, but verifying, disclosing and patching them responsibly once models surface large numbers of issues. That connects directly to the wider AI safety question: stronger models can help defenders and attackers, so access controls become part of the product.

The thing to watch is whether restricted programmes like Glasswing become a temporary bridge to public cyber tools or a permanent split between what trusted institutions can use and what ordinary developers can access.

Here is everything else worth knowing from today’s AI news.

• Microsoft launched seven MAI models. Microsoft AI says the family includes MAI Thinking 1, MAI Code 1 Flash, MAI Image 2.5 and new voice and transcription models.
• Travelers expanded an OpenAI powered claims assistant. OpenAI says its AI Claim Assistant is now countrywide after an eight state launch, with completion figures reported by the company.
• OpenAI’s Codex push now includes hosted sites. The TechCrunch report says Codex can output work as hosted interactive websites, with partners including Wix, Replit, Lovable and Figma.
• Google’s call protection uses RCS signals. The TechCrunch report says the detection method is built on Rich Communication Services, which may make broader adoption possible.
• Anthropic is holding back broad Mythos access. Anthropic says stronger safeguards are still needed before Mythos level cyber capabilities can be made generally available.
• Agent evaluation is becoming its own product category. Microsoft’s ASSERT framework points to a market where businesses test agents against policy, not just benchmark scores.
• Policy files may become as important as prompts. If ACS gains traction, agent behaviour could be governed by auditable controls rather than only by hidden system instructions, a risk also covered in Cristoniq’s guide to prompt injection.

The next signal to watch is adoption, not announcement volume. If developers, insurers, phone makers and AI labs all start publishing clearer controls around agents, calls, youth use and cyber access, AI moves from feature race to operating discipline.

This is a daily news update for informational purposes only. AI products and policies change rapidly. Verify details directly with providers before making decisions. Nothing here is financial or legal advice.

AI Daily is Cristoniq’s daily guide to developments in artificial intelligence, published every morning.