News Analysis
White Paper
The Future of Leadership Development: AI-Driven Manager Enablement
At Build 2026, Microsoft launched Scout, an always-on autonomous agent that acts on a user's behalf across Teams, Outlook, OneDrive and SharePoint without the need to be prompted.
The announcement may come as a surprise to some. In March, Satya Nadella told a Morgan Stanley audience that although he considered OpenClaw, the open-source foundation Scout is built on, to be innovative, he couldn't launch it within Microsoft because it would be "considered Microsoft launching a virus."
Three months later, Microsoft has turned that concern into a product roadmap.
Internal planning documents obtained and first reported by 404 Media add another, discomfiting dimension. The three-phase Scout rollout strategy, developed under the codename ClawPilot as part of Project Lobster, labels phase one with three words: "Make people addicted."
At a moment when AI dependency is an active concern for researchers, regulators and HR teams, Microsoft appears to be treating it as a design objective that the governance architecture built around Scout will need to answer for.
Why Microsoft Turned to OpenClaw
Scout needed a foundation capable of running an always-on agent with its own governed identity across a complex, heterogeneous enterprise environment. OpenClaw provided that. Microsoft's decision to build on it rather than develop an equivalent in-house reflects a calculation that the open-source project had matured faster than the market expected. Omar Shahine, Microsoft's corporate vice president for Scout, described the shift at Build in a blog post: "Most systems still stop at answering the question. The real unlock is in the follow-through, where systems hold your priorities and act on them for you."
Scout operates across cloud, desktop and web, extending to Teams, Outlook, OneDrive, SharePoint and MCP servers, built, as Microsoft's internal documents note, for workers who "have never heard of OpenClaw and will never open a terminal." Every agent operates under its own governed Entra identity with credentials scoped to the task and redacted from logs.
The competitive logic behind the reversal is straightforward. The timeline tells the story on its own, said Zbyněk Sopuch, CTO of Safetica, a data security firm that has closely tracked OpenClaw's enterprise adoption. "This reversal shows that competitive pressure will almost always win in the end," he said.
"The timeline from 'this is a virus' to 'this is part of our flagship product' occurred in months," he continued. The security concerns have not disappeared; they have been reclassified as acceptable risk, because the alternative was ceding the agentic workspace to competitors already deploying inside Microsoft's own tool stack.
"A year ago, most of the conversation was about ethics, security, governance and whether we should deploy agents at all," Laura Stash, executive vice president at iTech said. "Today, agents are already being integrated into enterprise workflows through MCP and AI connectors. The market has moved." The first major vendor to normalize always-on agents in the enterprise sets the terms for everyone that follows.
The Risks Inherent in Building Habitual Use
The Scout rollout strategy was clearly not intended for public release. It instructs the team to "grow the user base and build the skill and tool ecosystem that makes people depend on it daily." In the same documents, Shahine noted that early internal pilots were already showing "high retention and intensity of usage," language that sits at some distance from the public framing at Build.
One Microsoft employee told 404 Media the language was "very troubling." A second offered a more pragmatic reading: making software habitual is the unstated ambition of most major technology companies, and Microsoft has historically been worse at it than its peers.
John Licato, associate professor of AI at the University of South Florida's Bellini College, rejects the framing that "addictive" is standard product thinking. "An addiction is an extreme, often harmful dependence which should not be the goal of any software tool," he said. "The goal should be to provide value and add to the user's life in a net positive way."
The push to increase habitual use raises compliance exposure, noted Sopuch. "If you have designed an agent to deepen habitual use, the security surface area and associated data risk will grow along with the usage," he said. If a harm event occurs, he adds, a documented strategy labelled 'make people addicted' becomes an exhibit in any regulatory inquiry.
Stash draws a distinction between cognitive dependency, where users substitute AI for their own reasoning, and identity dependency, where professionals begin to define their effectiveness through the tool rather than their own judgment. The latter, she argues, is the point of no return.
"When AI becomes the primary interface through which work, knowledge, decisions and eventually professional identity are formed, we are addicted and we won't be able to go back easily," Stash said.
The Difference With an Always-On Agent
Unlike prompt-based tools, that a human initiates before the tool accesses data or takes action, always-on agents analyze, index and potentially act continuously. The attack surface moves from a human to tool interaction to a persistent process with access to corporate collaboration and communication data.
Earlier deployments of AI agents have already produced documented failure modes: exposed API keys, logged transcripts and leaked credentials in plaintext.
Licato's concern is the autonomous scope. "Agents that can work while you sleep and perform tasks without being explicitly instructed to are incredibly powerful," he said. "Without proper safeguards they may make some serious mistakes that could damage existing systems."
Stash's concern is longer-term. Always-on agents become assumed and then forgotten. Organizations adapt around them without fully understanding what they are doing. "We gain productivity and speed, but we may lose judgment, institutional knowledge, and independent thinking," she said. The habitual use Microsoft's strategy is explicitly designed to create is, on this reading, inseparable from the cognitive risk.
Does Work IQ Answer the Governance Question?
Microsoft's response to the governance concern sits in the data layer. Work IQ is the intelligence infrastructure underneath Scout, a continuously updated semantic model of how a business operates. It ingests email, calendars, meetings, chats, files and organizational data to build a context layer that compounds over time. Nadella has described it as Microsoft's 'frontier model' for the enterprise: "the data plus the model embedded together."
At Build, the company introduced new Work IQ APIs, generally available from June 16. These APIs collapse what would otherwise require hundreds of data-specific tools into just 10, running at twice the speed of traditional alternatives with 80% fewer tokens. Agent actions remain within the Microsoft 365 tenant boundary, auditable through Purview.
Webinar
Jun
17
Engaged, But Not Convinced: What's Eroding Beneath Your Strongest Engagement Numbers
Perceptyx EX Benchmark '26: leadership trust, change confidence and conviction gap truths at large enterprises.
Register
Webinar
On demand
Retention Is a Communication Problem: New Data from 6,000+ Employees
This session gives leaders a clear diagnosis and practical path to treat retention as an infrastructure problem.
Watch Now
Webinar
On demand
Do Learning Programs Really Work? How to Turn Education Into Engagement In Healthcare
See how leaders are using learning programs to build trust with healthcare professionals and create measurable engagement.
Watch Now
Webinar
On demand
Fuel Your Front Line: Workforce Trends Shaping 2026
Get expert insight into the tools and tactics top frontline teams will need in 2026.
Watch Now
Webinar
On demand
Fix the Disconnect Between Projects and Profit
Your margins are hiding in disconnected data. Let's find them.
Watch Now
Webinar
On demand
AI in Customer Service: Faster Resolutions, Happier Customers
Don’t let rising demand burn out your team. See how to build a smarter, more resilient support org.
Watch Now
Sopuch is unconvinced the architecture resolves the underlying concern. Work IQ builds a behavioral model of how an organization operates: who talks to whom, how decisions move, where expertise sits — and that extends to Scout, meaning the agent will have an auditable trail. "CISOs need to go beyond 'is Work IQ compliant on paper?' to asking whether they have clarity on every data flow touched," he said.
The Question for Enterprise Buyers
Scout is in private preview for Frontier tier customers, requiring Frontier enrollment, Intune configuration and a GitHub Copilot license. Internal testing involved over 1,000 Microsoft employees including Nadella.
Stash's advice to CIOs is clear: the job is not to avoid dependency on vendor platforms, given that most Microsoft customers are already dependent. The job is to manage it deliberately: revisiting data classification, tightening permissions and ensuring data loss prevention policies are built for agentic workflows rather than the prompt-based tools that preceded them.
Her sharpest observation cuts through the product announcement entirely: "I believe the first major public failure will push this conversation right back toward risk and governance again."
Microsoft's bet is that the productivity upside is too large and the competitive pressure too immediate for enterprise buyers to wait. Whether that bet holds will become clear in the Frontier preview, at which point the question of whether 'make people addicted' was candid product strategy or a serious governance failure will be considerably harder to set aside.
Editor's Note: The AI technology market moves fast. Catch up on recent history:
- Moltbook's AI Agent Internet Falls Apart Over Simple Security Flaw — Moltbook's database breach exposed more than API keys — it showed how unprepared companies are to secure, govern and prove accountability for autonomous agents.
- Atlassian Cuts 1600 Jobs – and Exposes the Biggest Crack in the SaaS Growth Model — Atlassian cuts 1,600 jobs to fund AI. But this isn't just one company restructuring — it's the clearest sign yet that the SaaS growth model is breaking apart.
- Asana Makes it Official: It's an Agentic Work Management Platform — Asana is shedding its project management roots to become a platform where companies organize work across humans and AI agents.