Microsoft open-sources Conductor CLI

Microsoft published Conductor as an open-source command-line tool on May 14, adding a YAML-based option for teams that want to define and run multi-agent AI workflows without building orchestration logic in code. The project is hosted in Microsoft’s GitHub organization under an MIT license, according to the company’s open-source blog and repository page. Microsoft described the tool as a deterministic orchestrator, meaning workflow routing is fixed in advance rather than delegated to a language model. Three days earlier, Microsoft’s security division disclosed a separate multi-agent system called MDASH, short for Microsoft Security multi-model agentic scanning harness. Taesoo Kim, Microsoft’s vice president for agentic security, wrote that the system helped researchers identify 16 new vulnerabilities in Windows networking and authentication components, including four critical remote code execution flaws. Microsoft also said MDASH posted an 88.45% score on the public CyberGym benchmark. (opensource.microsoft.com) The two announcements came from different Microsoft groups, but both center on orchestrating multiple AI agents in a controlled way. Microsoft’s open-source post framed Conductor as a tool for “known structure” workflows, while the security post said MDASH coordinates more than 100 specialized agents across multiple models. (microsoft.com) ### What exactly did Microsoft release with Conductor? Conductor is a CLI that lets developers describe agents, prompts, models, inputs, outputs and routing logic in YAML files, Microsoft said. The company said those workflow files are intended to be version-controlled, diffable and reviewable in the same way teams handle infrastructure-as-code or CI/CD pipelines. (opensource.microsoft.com) The GitHub repository says Conductor works with the GitHub Copilot SDK and Anthropic Agents SDK. Microsoft’s repository description says the tool is designed for “defining and running multi-agent workflows,” and the README highlights patterns including evaluator-optimizer loops, parallel execution and human-in-the-loop gates. ### Why is Microsoft emphasizing “deterministic” orchestration? Microsoft’s May 14 post said many existing multi-agent frameworks rely on an LLM to decide which agent to call next, in what order and with which inputs. (opensource.microsoft.com) Jason Robert, a principal software engineer at Microsoft and author of the post, wrote that this dynamic approach can add cost, latency and unpredictability for workflows whose structure is already known. (github.com) The same post said Conductor’s routing is deterministic and that the orchestration layer “consumes zero tokens.” Microsoft said conditions and branching are handled through Jinja2 templates and expression evaluation, while context flow between agents is kept explicit rather than implicit. ### What did Microsoft say MDASH actually achieved? (opensource.microsoft.com) Microsoft said on May 12 that MDASH found 16 previously undisclosed vulnerabilities across the Windows networking and authentication stack. Taesoo Kim wrote that those findings included flaws in the Windows kernel TCP/IP stack and the IKEv2 service. (opensource.microsoft.com) The company’s security blog also listed benchmark results: 21 of 21 planted vulnerabilities found with zero false positives on a private test driver, 96% recall against five years of confirmed Microsoft Security Response Center cases in clfs.sys, 100% recall in tcpip.sys, and the 88.45% CyberGym score across 1,507 real-world vulnerabilities. Microsoft said MDASH is already being used by its security engineering teams and is being tested with a small group of customers. (microsoft.com) ### How do the two announcements connect? Microsoft itself drew the link through architecture rather than product branding. The open-source post says Conductor separates orchestration from execution and supports multiple providers and models, while the security post says MDASH uses an ensemble of frontier and distilled models coordinated by more than 100 specialized agents. (microsoft.com) Taesoo Kim wrote that the “durable advantage” in AI vulnerability discovery lies in the agentic system around the model, not in any single model alone. Jason Robert, in the Conductor post, made a parallel case for inspectable routing and explicit workflow control in production systems. ### Where can developers and security teams go next? (opensource.microsoft.com) Microsoft’s GitHub repository for Conductor was public as of May 15 and showed recent commits, examples and install scripts for the project. The repository also lists the code under an MIT license. Microsoft said in its May 12 security post that MDASH remains in a limited private preview and included a sign-up path for interested organizations. (opensource.microsoft.com) The company’s next public milestones are likely to come through the Conductor repository on GitHub and future Microsoft Security Blog updates tied to the MDASH preview. (github.com)