Microsoft used its annual developer conference in San Francisco this week to make a simple claim: in the agent era, the operating system matters again. Instead of betting only on its own Copilot, Microsoft turned Windows and Microsoft 365 into a neutral platform that can run, watch and govern agents from anyone — its own Scout, OpenAI’s Codex, Anthropic’s Claude Code, the open-source OpenClaw project, and more. A new control plane called Agent 365 hands every agent an Entra identity, the same way every employee gets one. A new kernel feature, Microsoft Execution Containers, locks agents into sandboxes that IT can shape with policy. For enterprises wrestling with EU AI Act deadlines and BSI scrutiny, this is the first agent stack that looks recognisable to a compliance officer.

On the Build keynote stage in San Francisco, Mustafa Suleyman, the CEO of Microsoft AI, walked through what he called a “humanist superintelligence” pitch — and then handed the show to a far less philosophical idea: governance. Behind him, Pavan Davuluri, EVP for Windows and Devices, framed the operating system as “the most trusted platform to build and run agents.” Microsoft AI VP Omar Shahine, demoing the new always-on agent Scout, described it almost as a colleague: “We all have our interesting quirks in how we work, and people are codifying those patterns into memories and skills that persist in their agent. Then the agent becomes more capable, better understanding you and gaining more agency and exercising judgments.” Scout itself is the headline product — an always-on personal agent, built on the open-source OpenClaw framework, that watches a user’s inbox, Teams threads and calendar, blocks focus time for upcoming deliverables, and flags stalled decisions. Each Scout instance gets a name, a persistent style, and a policy conformance system that runs continuous checks against organisational guardrails and emits its own audit trail. It ships through Microsoft’s Frontier program and requires a GitHub Copilot subscription. The more consequential move sat one layer down. Agent 365, the management plane Microsoft introduced earlier this spring, now discovers and governs agents Microsoft did not build. A new Shadow AI page inside the admin console identifies unauthorised agents on managed endpoints, with first-wave detection for GitHub Copilot CLI and — pointedly — Anthropic’s Claude Code. Each agent can be granted an Entra Agent ID (generally available for ‘on behalf of user’ flows, in preview for ‘own identity’), pulled into Intune policy, watched by Defender and gated by Purview’s data-loss controls. Microsoft is treating third-party agents the way it once treated third-party laptops on a corporate network: tolerated, fingerprinted, and managed. Underneath both sits a new kernel primitive. Microsoft Execution Containers, or MXC, is a policy-driven sandbox that the OS enforces at runtime. Developers — or, more often, IT admins via Intune — declare what files, networks and devices an agent may touch; MXC keeps it inside the lines. The spectrum runs from fast process isolation, already adopted by GitHub Copilot CLI, to session isolation that severs the agent from the user’s clipboard and input devices, to Windows 365 for Agents — a full Cloud PC, Intune-managed, that lets a computer-using agent click around a virtual desktop without ever touching the user’s laptop. OpenClaw’s Windows node now runs on MXC by default. So does NVIDIA’s OpenShell. OpenAI’s Codex and the Chinese agent startup Manus are integrating. “With Microsoft Execution Containers, Windows gives developers a policy-driven way to define what an agent can access and enforce those boundaries at runtime, so more autonomous agents can operate safely in enterprise environments,” said Manus chief product officer Tao Zhang. Nothing about the choreography was subtle. Microsoft now wants to be the operating system of the agent era — not the lab that builds the smartest model, but the platform on which other labs’ models are forced to behave.

To understand why this matters, it helps to remember what Microsoft tried first. Copilot, launched in 2023, was a single product wrapped around a single model — OpenAI’s GPT-4 — sold per seat on top of Microsoft 365. It worked, modestly: Satya Nadella told the Build crowd Copilot now has roughly 15 million paying users, a number Ben Thompson at Stratechery called “a tiny fraction of Microsoft 365’s overall customer base.” Worse, as Thompson noted, the rise of autonomous agents “raises serious questions about the long-term viability of the per-seat licensing model on which Microsoft’s productivity business is built.” If one Scout instance does the work of three analysts, why pay for three Copilot seats? Agent 365 is the answer — and it is structurally different. Where Copilot was a product, Agent 365 is a management surface. It charges for governance, not for tokens or seats, bundled into a new Microsoft 365 E7 tier (Frontier Suite) that wraps E5, Copilot, Entra Suite and Agent 365 into one SKU. Microsoft already cites Agent 365 touching 80 percent of the Fortune 500, an extraordinary figure for a product barely six months old — though the number reflects pilot deployments, not full per-seat licensing. The historical parallel that actually fits is not Office 365’s cloud migration. It is Active Directory in 2000. Back then, Microsoft did not need to build the best file server or the best email client; it needed to be the directory that every other piece of enterprise software had to authenticate against. Two decades on, Entra has become the default identity layer for ninety-plus percent of large Western enterprises. Agent 365 is the deliberate replay: give every agent — yours, ours, OpenAI’s, Anthropic’s, an open-source experiment your CTO has never heard of — an Entra Agent ID, and Microsoft sits in the middle of every agentic transaction in the building. MXC pushes the same logic into the kernel. The architectural bet is that enterprises will tolerate a profusion of agents only if the operating system, not each individual lab, enforces the rules. That is a fundamentally different posture from the “safety is part of the model” line that OpenAI and Anthropic have been selling. Microsoft is saying: assume the model is hostile, assume the prompt is poisoned, assume the agent will try to exfiltrate something — and contain it anyway, with kernel-level isolation and runtime policy. For DAX security architects who have spent the last eighteen months arguing with Procurement about whether an agent can be allowed near a SAP instance, this is the first answer that maps cleanly onto an existing ISMS. The catch: MXC is in early preview, Agent 365’s native MXC integration is promised for July, and Microsoft 365 E7 pricing has not been fully disclosed. The architecture is real; the bill is still being written.

Reaction split along predictable lines. Ben Thompson found the keynote itself “very underwhelming to start,” criticising Nadella’s “lack of vision and enthusiasm,” but conceded that the strategic substance — Project Solara, Work IQ, and the agent control plane — is among the most ambitious platform moves Microsoft has made since Azure. Computerworld’s Joab Jackson framed Scout as the first true Microsoft response to OpenClaw’s viral spread earlier in 2026, when, as TechCrunch’s Russell Brandom put it, an OpenClaw agent ran amok on a Meta researcher’s inbox and forced enterprise IT to confront what unsandboxed agents actually do. ServiceNow, in a move that says more than any analyst note, immediately extended its AI Control Tower to integrate with Agent 365 — accepting Microsoft’s control plane rather than fighting it. Salesforce, whose Agentforce competes directly with Scout, has so far stayed quiet, beyond Marc Benioff’s earlier broadsides about Copilot not working. Critics piled on from the other direction: Ed Zitron, in his Where’s Your Ed At newsletter, has continued to argue that Copilot’s 15 million paid seats generate revenue, not profit, and that Microsoft is funding the entire agent stack from a cash flow that may not survive an enterprise recession. Gary Marcus warned that autonomous agents burn orders of magnitude more tokens than chat-style usage — economics Microsoft is partially answering with on-device models like Aion 1.0 Plan, a 14-billion-parameter reasoner shipping in-box on capable Windows devices.

Microsoft used Build 2026 to declare independence from a single model supplier. The Microsoft AI team, led by Mustafa Suleyman, unveiled seven in-house ‘MAI’ models spanning reasoning, coding, image, voice and transcription, with the 35-billion-active-parameter MAI-Thinking-1 as the flagship. The pitch to enterprises is twofold: competitive coding quality against Anthropic’s Claude Opus 4.6, and a training corpus Microsoft says is clean and commercially licensed, trained from scratch with no distillation from OpenAI or anyone else. In a parallel Financial Times interview, Suleyman said Microsoft’s superintelligence team is now ‘less concerned’ about Google, Meta and OpenAI and is pursuing an ‘Anthropic-style direction — enterprise, developers and coding.’ For DAX40 procurement teams that have spent two years asking ‘which default LLM?’ the answer set just narrowed.

On the morning of 2 June 2026, Mustafa Suleyman walked onto the Build keynote stage in Seattle and did something Microsoft’s AI chief has avoided for the entire OpenAI era: he showed his own models. Seven of them. Behind him, a slide listed MAI-Thinking-1, MAI-Code-1, MAI-Image-2.5, a flash variant, MAI-Voice-2, another flash, and MAI-Transcribe-1.5. ‘We’re going to keep developers building at the absolute frontier,’ Suleyman said, and then framed the strategy in a sentence that landed harder than the demos: Microsoft is building ‘humanist superintelligence’ that is ‘designed to serve humans, not replace them.’ The flagship is the interesting object. MAI-Thinking-1 is a mixture-of-experts model with roughly one trillion total parameters and 35 billion active per token, a 256k context window, and — according to Microsoft’s own technical paper ‘Building a Hill-Climbing Machine’ — a base model trained on thirty trillion tokens of human-written text, with synthetic-from-LLM content actively stripped from the crawl and no distillation from third-party models. On Microsoft’s internal evaluations the model scores 97.0 percent on AIME 2025, 94.5 percent on AIME 2026, and matches Anthropic’s Claude Opus 4.6 on SWE-Bench Pro, the harder coding benchmark. In a blind preference test Microsoft commissioned, raters preferred MAI-Thinking-1 to Claude Sonnet 4.6. The more consequential reveal came the night before, in the Financial Times. Suleyman told the paper that his team is ‘less concerned’ with the consumer-AI race being run by Google, Meta and OpenAI, and is instead ‘more focused on the Anthropic-style which is enterprise, developers and coding.’ He added that Microsoft is now pursuing ‘true self-sufficiency’ in AI following the late-October restructuring deal that converted Microsoft’s OpenAI position into a 27 percent equity stake with model access guaranteed only until 2032. Around the same announcement window, Microsoft confirmed a $35 billion cloud commitment with Anthropic and bundled Claude into the new Copilot Cowork enterprise SKU at $99 per user per month. The choreography matters. A flagship reasoning model that under-cuts GPT-5.5 on token cost while matching Opus on coding, a coding-specific MAI-Code-1 tuned for GitHub, a public embrace of Anthropic’s commercial playbook, and a $35 billion bet that Claude will be in the stack regardless — the message to CIOs is that Microsoft no longer has a single horse in the frontier race, and is not pretending otherwise. Satya Nadella, introducing Suleyman, called it the moment Microsoft ‘graduated from being an AI consumer to an AI producer.’ For a company whose entire 2023–2025 narrative was ‘we are OpenAI’s distribution channel,’ that is a different story.

The benchmark sheet is the part most enterprise readers will want to interrogate, because Microsoft has clearly chosen its battles. MAI-Thinking-1’s headline claim is parity with Claude Opus 4.6 on SWE-Bench Pro, the stricter Princeton coding evaluation where Opus 4.6 sits around 60 percent and Opus 4.8 has since pushed to 69.2 percent. Microsoft does not claim parity with Opus 4.7 or 4.8, and Anthropic has shipped two model upgrades since the February 4.6 release, meaning the comparison is to a target that has already moved. The same caveat applies to GPT-5: Microsoft’s cost claim of roughly ten-times efficiency versus GPT-5.5 is impressive on paper but is Microsoft’s own measurement, run on Microsoft infrastructure, with no independent reproduction yet on the Hugging Face leaderboards or the Vals.ai SWE-bench-Verified board. The more durable number is the training-data story. Microsoft says MAI-Base-1, the foundation under MAI-Thinking-1, was trained on thirty trillion tokens of ‘human-written’ data sourced from a proprietary web crawl of approximately 1.2 trillion pages, licensed enterprise partner content, Creative-Commons and open-source corpora, and synthetic data generated only by formal-methods tools rather than other LLMs. A domain block list strips adult and piracy sites; AI-generated text is filtered out before training. As Gizmodo put it, ‘Microsoft is targeting legal fears to sell its powerful new AI model to businesses’ — and that is exactly the point. For a DAX40 general counsel weighing exposure under the EU AI Act’s training-data transparency provisions and the parallel wave of New York Times v. OpenAI-style copyright suits, ‘trained from scratch on licensed data’ is a procurement-grade answer that GPT-4 and -5 cannot offer. The historical comparison worth drawing is to Microsoft’s late-1990s Office story. In 1995 Microsoft did not need the best word processor; it needed the one IT departments could safely standardise on. MAI-Thinking-1 looks engineered to the same brief: not the absolute frontier, but the model your legal and security teams can sign without flinching, sitting inside Foundry with Azure compliance attached. The asterisk is that independent labs have not yet reproduced any of the published numbers, and Latent Space’s coverage flagged ‘implicit skepticism in the field about whether zero synth, zero distillation is the right long-term recipe for best agentic performance.’ Internal benchmarks from frontier labs have a long history of failing to survive contact with the Hugging Face leaderboard. The verification cycle will run through July.

On 3 June 2026 the European Commission unveiled its Tech Sovereignty Package: a Chips Act 2.0, an Open Source Strategy, an energy-AI roadmap, and the centrepiece — the Cloud & AI Development Act (CADA). CADA pursues two goals simultaneously. First, it aims to triple EU data-centre capacity within five to seven years via streamlined permitting and accelerated grid connections. Second, it codifies an EU-wide Sovereignty Effectiveness Assurance Level (SEAL) framework, ranking cloud and AI services from SEAL-0 (no sovereignty) to SEAL-4 (full EU supply chain, chips to software). Public-sector and regulated-industry buyers — banks, hospitals, energy operators — will be required to procure against SEAL tiers tied to workload sensitivity. The CCIA has already warned of severe market fragmentation; Bitkom is pushing back on rigid criteria. For DAX40 CIOs, sovereignty is no longer a slide in a keynote. It is a line item.

Henna Virkkunen, the Commission’s Executive Vice-President for Tech Sovereignty, walked into the Berlaymont press room on Wednesday morning with a phrase she had clearly rehearsed. ‘We want to be sure nobody has a kill switch on Europe,’ she told reporters, framing the package as protection against the scenario in which a foreign government could, in her telling, ‘simply cut off access to hospitals or fighter jets.’ It was the moment Brussels stopped treating sovereignty as discourse and started treating it as procurement law. The package itself is four documents stapled together. The Cloud & AI Development Act is the centrepiece. It mandates a tripling of EU data-centre capacity within five to seven years through harmonised permitting, faster grid connections, and a new pan-European designation for ‘strategic’ facilities. It introduces a single EU-wide Sovereignty Effectiveness Assurance Level — SEAL — graded across eight categories from legal jurisdiction to supply chain to environmental sustainability. SEAL-2 covers data sovereignty under EU law. SEAL-3 demands operational resilience independent of third-country interference. SEAL-4 requires a fully European stack from silicon upward — a tier Virkkunen acknowledged would be difficult for US companies to reach, because the 2018 US Cloud Act lets American law enforcement compel data from any US-owned provider regardless of where the bits sit. The Chips Act 2.0, the second pillar, scales the original 2023 ambition by mobilising a targeted €120 billion in public and private investment by 2035 — roughly a quadrupling of the €52 billion the first Act produced. It also introduces emergency powers letting the Commission requisition wafer capacity during a crisis. The Open Source Strategy and the energy-AI roadmap round out the bundle, the latter quietly important because Brussels has finally conceded that grid capacity, not GPU supply, is now the binding constraint on European AI build-out. The political follow-through matters. Only a week earlier, reporting confirmed that the Commission’s €20 billion AI gigafactory programme was slipping on funding and site selection. CADA is the legislative answer: if Brussels cannot build the compute fast enough, it can at least ensure that the compute Europeans buy is procured under rules Brussels writes. Ursula von der Leyen, in her own remarks, framed the package as protecting citizens ‘when hospitals, energy and government services depend on non-EU tech.’ The reaction was swift and split along familiar lines. The Computer & Communications Industry Association, the Washington-headquartered lobby representing AWS, Google and Microsoft, called CADA a direct recipe for fragmented discrimination across Europe in 27 different ways. Daniel Friedlaender, head of CCIA Europe, warned that Europe cannot move forward with one foot on the brake on AI. Bitkom, the German digital trade body, took a more diplomatic line, publishing a position paper urging risk-based and use-case-specific implementation rather than blanket exclusion — code for: do not lock our enterprise members out of hyperscaler tooling. French and German sovereign-cloud champions, by contrast, welcomed the package: OVHcloud, Scaleway, StackIT and the Franco-German Bleu/Delos consortium are the obvious commercial winners of a SEAL-3-and-above procurement regime.

To understand why CADA lands harder than previous sovereignty efforts, walk back the timeline. GAIA-X, launched in June 2020 by Peter Altmaier and Bruno Le Maire, promised a federated European cloud and produced, six years on, a membership list and a logo. Forrester analysts have written publicly about its drift ‘from unicorns and rainbows to storm clouds.’ The fatal compromise was admitting AWS, Microsoft and Google as members — sovereignty by inclusion, which turned out to be sovereignty by dilution. AION, the 2024 attempt at a pan-European AI compute consortium, never reached procurement scale. The €20 billion gigafactory plan, reported as slipping last week, is the latest reminder that industrial policy in Europe runs on slower clocks than Nvidia’s product cadence. What changes with CADA is the procurement vector. Previous initiatives tried to build European alternatives and hope buyers would migrate. CADA inverts the model: it defines what sovereign means, hands the definition to Member States as a procurement obligation, and lets the market sort out the supply. The Commission’s own October 2025 €180 million sovereign-cloud tender — awarded in April 2026 to Post Telecom, StackIT, Scaleway and the Proximus-led consortium — was the pilot. CADA scales the logic. The numbers behind the tripling target are sobering. Europe currently hosts roughly 15 per cent of global data-centre capacity against 40 per cent in the US. Bitkom’s own data shows 82 per cent of German companies want to reduce US cloud dependence, yet 78 per cent remain dependent in practice. The Commission has separately cited that 90 per cent of European digital infrastructure is controlled by non-European, predominantly American, providers. Closing that gap in five to seven years implies the kind of grid build-out, water-rights negotiation and zoning reform that has not historically been Europe’s comparative advantage. The DACH read is concrete. SAP’s announced €20 billion sovereign-cloud build-out over the decade, Deutsche Telekom’s NVIDIA Blackwell-powered Industrial AI Cloud going live in Q1 2026, and Siemens’ simulation stack are the three pillars of what insiders call the Deutschland Stack — a SEAL-3-capable alternative for regulated industry. For a DAX40 CIO running SAP on Azure with Microsoft Copilot tenancy and a Databricks lakehouse, CADA does not yet ban that architecture. It does, however, make it untenable for the workloads that touch BaFin-supervised data, KRITIS-classified energy assets, or Bundeswehr adjacency. Compliance budgets for sovereignty classification, dual-stack engineering and contractual re-papering will need to land in 2027 capex plans now. The CCIA fragmentation warning is not wrong — 27 Member States will interpret SEAL workload mapping differently — but for procurement teams that is a feature, not a bug. National regulators have always been where the real friction lives.

On August 2, 2026, Article 50 of the EU AI Act becomes directly applicable across the Union. Four duties bite at once: chatbots must tell humans they are not human; generative outputs (text, image, audio, video) must carry machine-readable provenance marks; deepfakes must be visibly flagged; emotion-recognition and biometric-categorisation systems must disclose themselves to the people they classify. In Germany, the federal cabinet has approved the KI-Marktüberwachungs- und Innovationsförderungsgesetz (KI-MIG), naming the Bundesnetzagentur as central market-surveillance authority, with BaFin policing financial AI and the BSI covering cyber and KRITIS. Fines reach 15 million euros or 3% of worldwide turnover for transparency breaches — 35 million or 7% for the worst prohibited-use offences. For DAX40 compliance teams, the window from cabinet approval to enforcement is roughly eight weeks.

Klaus Müller, the former consumer-watchdog chief Robert Habeck installed atop the Bundesnetzagentur in 2022, walked into the Bonn headquarters this spring with a new portfolio nailed to his door. The Merz cabinet had, on February 10, 2026, adopted the official government draft of the KI-MIG — Germany’s national implementing law for the EU AI Act — and handed his agency the role nobody else wanted: central market-surveillance authority for every AI system sold, deployed or pointed at a German user. ‘We are prepared to take on the central role,’ Müller told reporters, framing it as an effort to deliver ‘reliable, Europe-wide legal enforcement for an innovation-friendly and simultaneously secure environment.’ In Berlin, the political theatre was muted; in DAX40 legal departments, calendars went red. The trigger date is August 2, 2026. From that morning, Article 50 transparency duties apply directly, no transposition required. A customer-service chatbot on a Deutsche Bank landing page must announce it is a machine. A Siemens marketing video synthesised by a generative model must carry a machine-readable watermark. A Bayer HR screening tool that simulates a candidate conversation must label the synthetic voice. A Lufthansa social campaign featuring a fabricated CEO clip — deepfake territory — must visibly flag the manipulation. The European Commission’s draft Article 50 guidelines, circulated for consultation in May, run to roughly 60 pages and lean heavily on the new voluntary Code of Practice on AI-generated content marking, which providers can sign as a presumption of conformity. The German federal cabinet’s framework adds national plumbing. The Bundesnetzagentur gets a Koordinierungs- und Kompetenzzentrum für KI-Aufsicht (KoKIVO) to harmonise interpretation across Länder authorities, a mandate to operate at least one regulatory sandbox (KI-Reallabor), and the legal authority to demand technical documentation, audit logs and incident reports. BaFin retains lex-specialis jurisdiction over AI in regulated financial services — credit-scoring, actuarial models, market-abuse detection — and is publishing its own cybersecurity testing guidelines in agreement with BNetzA. The BSI covers the cyber-resilience interface and KRITIS-relevant systems on a transitional basis until the Cyber Resilience Act surveillance authority is formally stood up. State media authorities police AI in editorial content. The Bundestag’s Digitalausschuss held its expert hearing on March 23. Witnesses, including representatives of Bitkom and the German Bar Association, told MPs that the draft’s penalty schedule, evidentiary burdens and complaint-channel design remained underspecified — the exact details that DAX40 compliance officers need to wire into ticketing systems, vendor contracts and incident-response runbooks. As of early June, the bill is in committee. The clock is unforgiving.

The comparison every Vorstand keeps making is GDPR. In May 2018, the General Data Protection Regulation went live after a two-year transition almost everyone treated as theoretical until Q1 2018. The Datenschutzkonferenz issued substantive guidance late, ICO and CNIL diverged on interpretation, and DAX30 (as it then was) general counsels spent the first 18 months retrofitting cookie banners, processor registers and Article 30 records under the threat of 4-percent-of-turnover fines that mostly did not materialise — until they did. The AI Act’s Article 50 is GDPR-lite in tone but GDPR-plus in scope: the obligations are arguably narrower, but the substantive fine ceiling is higher (up to 7%) and the technical infrastructure required — provenance watermarking, machine-readable content labels, audit trails for chatbot disclosures — has no off-the-shelf equivalent. The regulatory choreography around August 2 has grown messier. On May 7, 2026, the Council presidency and European Parliament reached a provisional political agreement on the Digital Omnibus VII package, deferring core high-risk obligations under Annex III to December 2, 2027 and Annex I product-embedded systems to August 2, 2028. The Omnibus also bought generative AI systems already on the market before August 2026 an extra four months — to December 2, 2026 — to retrofit machine-readable provenance marks under Article 50(2). Crucially, the Omnibus did not push Article 50’s base transparency duties. Chatbot disclosure, deepfake labelling and emotion-recognition notice all still go live on schedule. The political signal: Brussels will negotiate on heavyweight conformity assessments but not on basic user-facing honesty. The oversight gap is real. Industry trackers reported in April that only 8 of 27 member states had formally designated national contact points, the Commission missed its February deadline for substantive Article 6 guidance on high-risk classification, and conformity assessments empirically take three to six months. Bird & Bird, Hogan Lovells and Gleiss Lutz client alerts converge on the same advice: anyone who has not begun a transparency-readiness exercise by Q2 2026 will not be operationally ready when Müller’s agency, BaFin and the BSI start asking questions in August. The fine architecture from Article 99 — 35 million euros or 7% of worldwide turnover for Article 5 prohibited-use violations, 15 million or 3% for transparency and other operator breaches, 7.5 million or 1% for misleading information to authorities — sits behind every conversation. For a 60-billion-euro-revenue DAX40 issuer, the top-tier ceiling clears 4 billion euros. The mid-tier still clears 1.8 billion. The pivot, then, is not whether Article 50 takes effect. It does. The pivot is how aggressively the Bundesnetzagentur will use its first six months — and whether Müller, an agency veteran who built consumer-protection muscle at vzbv before running BNetzA, treats enforcement as deterrence theatre or quiet portfolio-building. GDPR’s opening years suggest the latter, with a handful of headline cases. The AI Act’s political salience suggests the former.

On 3 June 2026 Fei-Fei Li and the World Labs team published ‘A Functional Taxonomy of World Models,’ co-released through a16z, her Substack and the World Labs blog. The essay does something the industry had been quietly avoiding: it forces a vocabulary on a term that vendors from Google, NVIDIA, Meta-alumnus AMI Labs, Tesla and a dozen robotics startups had been using to mean very different things. Li splits ‘world model’ into three functional roles — renderer, simulator, planner — and argues the simulator, the piece that outputs geometry, physics and dynamics rather than pixels or actions, is the load-bearing one. For enterprise buyers running embodied-AI procurement, the taxonomy is less an essay than a spec sheet.

The post lands with a Wittgenstein epigraph and a flat declarative: ‘The world is not made of words.’ From there Li, with co-authors from the World Labs research team led by co-founder Justin Johnson, walks the reader back to the partially observable Markov decision process — the diagram Sutton and Barto have used for decades — and to Kenneth Craik’s 1943 proposal that minds reason by running small-scale models of reality. The historical detour is not decoration. It is the move that lets Li reclaim the term ‘world model’ from the video-generation crowd and re-anchor it in robotics and reinforcement learning, where it originated. The taxonomy itself is brisk. A renderer outputs observations — pixels meant for human eyes — and is judged on visual fidelity. Google’s Genie 3, OpenAI’s Sora lineage and World Labs’ own RTFM real-time frame model all sit here. A simulator outputs state: geometry, physics and dynamics that humans and programs can both compute on. A planner outputs actions, closing the perception-action loop — the territory of vision-language-action models and the new ‘World Action Model’ label being pushed by several robotics labs. Li is candid that the three are projections of the same underlying knowledge and that the most interesting research deliberately blurs them. The sharp claim arrives a third of the way down. ‘Of the three categories, the simulator gets the least public attention, and is the most consequential of the three.’ Renderers, she concedes, are commercially mature — Google’s Nano Banana has put renderer-quality generation in front of hundreds of millions of users — but they optimise for visual plausibility, not physical accuracy: ‘Their outputs are beautiful, but they cannot be trusted to design a building or train a robot.’ Planners are the most nascent; she warns bluntly that nearly all current robotic demos remain confined to heavily constrained laboratory setups, with narrow object sets and short task horizons. Simulation, in her telling, is the bridge. ‘If language is an abstraction of the world and pixels are a projection of it, then geometry, physics, and dynamics are the world itself.’ World Labs’ Marble — launched in November 2025 and updated to 1.1 in February 2026 — is positioned as the company’s opening move: a model that takes multimodal prompts and outputs both Gaussian splats for visual exploration and collision meshes a physics engine can ingest. The implicit critique of pure-diffusion video models is unmistakable: pretty frames are not a foundation. Code-native, geometry-first generation is. The essay closes with what amounts to a strategic flag: the endpoint is a unified world model that switches output modality — pixels, geometry, actions — by demand. That framing puts World Labs into direct collision with three other camps. NVIDIA, with Cosmos 3 and Omniverse, sells the simulation-first stack as infrastructure. Google DeepMind’s Genie 3, now running at 720p and 24fps for Ultra subscribers and powering Waymo’s edge-case training, is the renderer-as-world-model bet. Yann LeCun, having left Meta in November 2025 and raised over a billion dollars for AMI Labs at a $3.5bn pre, is pushing JEPA, which refuses to generate pixels at all. Li has written the map by which all four will now be compared.

The procurement-relevant question hidden in the taxonomy is whether ‘world’ is encoded as pixels, latents or code. Diffusion-pixel approaches — Sora, Veo, Genie, Runway — learn the joint distribution of video frames and optionally condition on actions. They scale beautifully on internet video, but the state lives implicitly in the weights; you cannot ask the model for the coordinates of the cup. LeCun’s JEPA learns latent-space predictions and explicitly refuses to render pixels, on the argument that pixel reconstruction wastes capacity on irrelevant detail. Marcus, in a January 2026 Substack reply, sided cautiously with LeCun on the LLM critique but landed a sharp counter on JEPA: ‘There is no geometry in JEPA. No structure. No physics. No causal map. JEPA does not understand anything about space.’ World Labs’ wager is the third option: code-native generation. Marble emits Gaussian splats for view synthesis alongside collider meshes and high-fidelity meshes that drop straight into Unity, Unreal, Blender and Houdini. The lineage is visible — from PTAM and ORB-SLAM through NeRF (Mildenhall et al., 2020) to 3D Gaussian Splatting (Kerbl et al., 2023), the structural-representation tradition has been waiting for a generative front end. Marble is the first attempt at one that lay users can drive. NVIDIA’s own Isaac Sim team published a workflow last month for ingesting Marble worlds into Cosmos-trained robot policies, which tells you which camp NVIDIA is hedging toward at the bottom of the stack. The consequence for buyers is concrete. A renderer-only world model gives marketing teams a 30-second video; it gives a robot team nothing that a controller can act on. A simulator that emits geometry and physics gives the robot team a digital twin that an MPC planner, an RL policy or a classical inverse-kinematics stack can all consume. BMW’s Virtual Factory, presented at NVIDIA GTC Paris this spring with a claimed 30 percent reduction in production-planning costs, runs on exactly that contract: OpenUSD geometry, Omniverse physics, real factory data. Mercedes-Benz is simulating Apptronik’s Apollo humanoids in the same stack. Siemens’ Teamcenter Digital Reality Viewer, the first Xcelerator app on Omniverse libraries, is the channel by which this reaches every DAX industrial customer that already runs NX or Plant Simulation. The historical comparison Li does not make, but which her essay invites, is to the SLAM-versus-deep-learning debate of the early 2010s. SLAM won robotics by being structural; deep learning won perception by being statistical. World models force the merger, and whichever architecture wins the simulator slot — code-native geometry, neural radiance fields with physics priors, or video-model latents — becomes the foundation layer for the next decade of industrial AI. The taxonomy’s real function is to make that bet legible enough to be priced.