MCP Weekly: Microsoft Locks Down Agentic AI, Google Upgrades Security at RSAC, Meta Acquires Dreamer

This issue of MCP Weekly spans March 20th to March 27th, 2026 and covers enterprise security platform launches, new AI governance frameworks, autonomous coding tools, and real-time voice model releases.

TL;DR

Microsoft published an end-to-end security framework for agentic AI and shipped VS Code 1.113 with nested agents and MCP support for the command line. Google launched autonomous security agents at RSAC 2026, responding to a 22-second attacker window. OpenAI released a public behavioral framework defining how its models handle autonomous decisions. Anthropic released Claude Code Auto Mode, which offers developers a supervised way to run long coding tasks without continuous manual approvals. Meta acquired the Dreamer team, bringing plain-English software creation into its Superintelligence Labs. 

On the security side, Palo Alto Networks updated Prisma AIRS 3.0 and Cisco relaunched its platform specifically for the agentic workforce. Lucid Software and Domo both launched new MCP servers and agent-building tools for business teams. Finally, Google DeepMind released Gemini 3.1 Flash Live, a low-latency voice and vision model built for real-time agent conversations across 90 languages.

Major Updates of the Week

Microsoft: End-to-End Agentic Security and VS Code 1.113

Microsoft published its end-to-end agentic AI security framework this week, covering identity, data governance, threat monitoring, and access control for autonomous agents running inside enterprise environments. The framework is designed to give security teams a consistent way to manage agents across Microsoft tools and third-party platforms.

Alongside this, VS Code 1.113 shipped with nested subagent support, MCP server bridges to Copilot CLI and Claude agents, and a new Thinking Effort control that lets developers manually adjust how deeply a model reasons on any given task.This establishes a reference architecture for how enterprises are expected to secure and govern agents across environments.

Google at RSAC 2026: Autonomous Defense and the 22-Second Window

At RSAC 2026, Google Cloud announced the completed Wiz acquisition and the preview launch of autonomous security agents. The M-Trends 2026 report found that defenders now have only 22 seconds, necessitating automated responses. This compresses the response window beyond human reaction time, making automated defense systems a necessity rather than an optimization. New Triage and Investigation agents in Google Security Operations automatically gather evidence and deliver verdicts. A Gemini-powered dark web intelligence tool processes millions of signals daily, identifying intent-based threats with 98% accuracy. Google also introduced remote MCP server support for enterprises to build and govern their own security agents under unified controls.

OpenAI Publishes Its Model Spec

OpenAI unveiled its open-sourced Model Spec, a formal framework detailing how its models should behave, resolve instruction conflicts, and prioritize safety and helpfulness. The spec dictates that hard safety rules always override developer or user instructions. It also guides agentic behavior, preferring reversible actions and avoiding surprises in autonomous tasks. The spec includes a scenario-based evaluation suite to track compliance.

Anthropic Ships Claude Code Auto Mode

Anthropic released Auto Mode for Claude Code (research preview for Team plan users), enabling Claude to handle complex coding tasks, like multi-file writes and shell commands, without step-by-step approval. A real-time safety classifier monitors tool calls, blocking unsafe actions (e.g., mass file deletion) while allowing safe ones. If repeatedly blocked, the system finds an alternative or asks the user. Auto Mode is available on the Claude Code CLI, VS Code extension, and desktop app, and can be disabled by organization admins.

Other Updates

My Thoughts: Governance is Becoming Mandatory

Four major security vendors shipped agent-specific tools in the same week. That does not happen by coincidence. Microsoft, Google, Palo Alto, and Cisco are all responding to the same enterprise signal: organizations are moving agents into production, and the controls are not keeping up. Security is no longer a feature request. It is a deployment requirement.

What is worth paying attention to beneath the product announcements is the governance layer taking shape. OpenAI codifying model behavior into a public, auditable spec and Anthropic building a real-time safety classifier directly into Claude Code Auto Mode are solving the same problem from different angles. Both are making agent behavior legible and inspectable, which is the prerequisite for any enterprise that needs to explain to a regulator or a board what its AI systems are actually doing.

The pattern across this week is consistent. Agents are being granted more autonomy, and the infrastructure around them is being hardened in parallel. The teams that treat governance as an architectural layer from the start will move faster with fewer constraints. The ones who bolt it on later will spend their time rebuilding trust instead of building products.

‍