Sonnet Code
← Volver a todos los artículos
AI Development11 de junio de 2026·10 min read

Microsoft Just Closed the Last Procurement Gap Holding Regulated Industries Off Agentic Coding — VS Code Agents Hit Stable in 1.120, Air-Gapped BYOK Shipped in 1.122, and GitHub Copilot's April FedRAMP Moderate Authorization Pairs With Both to Make the Compliance Story Defensible for the First Time at the Engineering-Org Scale Regulated Buyers Actually Need.

Sonnet Code Editorial Team

What Microsoft actually shipped across the four releases

The VS Code 1.120 release on May 13, 2026 moved the Agents window from experimental to Stable preview, giving Microsoft's IDE-incumbent surface a first-class agentic workspace rather than a side-panel experience grafted onto the conventional editor. The 1.122 release on May 28 is the structurally important one for the regulated-industry buyer: it removed the GitHub OAuth dependency for bring-your-own-key (BYOK) model configurations, so an enterprise can configure a BYOK endpoint through the Command Palette and the IDE stops prompting for the GitHub sign-in that was previously the floor of the integration. Set COPILOT_OFFLINE=1 in the environment and the CLI additionally disables telemetry, so no outbound traffic — not the model call, not the analytics ping, not the auth check — leaves the customer's perimeter. The IDE talks to Ollama, vLLM, or Microsoft's Foundry Local as the local inference endpoint; everything that used to live in Microsoft's cloud now lives inside the customer's VPC or on the engineer's workstation.

The pairing that matters is GitHub Copilot's FedRAMP Moderate authorization, granted in April 2026. FedRAMP Moderate is the compliance posture that lets a federal agency or a regulated commercial buyer deploy a SaaS surface against workloads classified at the Moderate impact level — the floor for most agency engineering work and the de facto procurement gate for regulated commercial buyers (financial services, healthcare, defense contractors, large utilities) whose security review aligns to the federal standard. Combined with the air-gapped BYOK path the IDE now exposes natively, the regulated buyer has two configurations they can defend simultaneously: a cloud-hosted SaaS path with the compliance attestation the security review needs, and an air-gapped on-prem path where the workload requires it. Both run through the same IDE surface and the same agent workflow; the choice is configured per workload class, not per engineering team.

The operationally important specifications, summarized from the consolidated release notes and the early-rollout write-ups:

  • Agents window in Stable preview (1.120, May 13): a dedicated surface for agent-driven development, with the conventional editor still available for the workflows that don't need it.
  • BYOK without GitHub OAuth (1.122, May 28): configure a model endpoint via the Command Palette; the GitHub sign-in is no longer the floor of the integration.
  • COPILOT_OFFLINE environment variable (1.122, May 28): disables telemetry and analytics; the CLI runs with no outbound traffic.
  • Native local inference targets: Ollama, vLLM, Foundry Local — all three are first-class endpoints the IDE recognizes without a third-party adapter.
  • Enterprise policy layer: a GitHub Copilot Business or Enterprise customer can deploy VS Code under a policy layer (set at the GitHub organization level + VS Code enterprise policies) that controls which agents are available, which models they route to, and which tools the agents can invoke.
  • FedRAMP Moderate (April 2026): the cloud-hosted Copilot surface is now usable for federal Moderate-impact workloads and for the regulated commercial buyers whose security review aligns to that standard.

Worth flagging clearly: the four releases are not, individually, a procurement revolution. Air-gapped IDE coding has been technically possible inside the broader ecosystem for the last year — through self-hosted Cursor alternatives, through Cursor's own enterprise air-gap configuration, through Claude Code's self-hosted sandbox tier, through the broader OpenCode + local-inference path. What's new in the Microsoft rollout is that the IDE-incumbent finally shipped the regulated-industry path natively, against the compliance attestation the regulated buyer's security review needs, with the organization-scale policy layer the enterprise admin has to author. The combination — IDE incumbency + air-gapped BYOK + FedRAMP Moderate + enterprise policy layer — is the procurement object the regulated buyer has been waiting for, and it is now on the table at the scale the engineering org actually deploys.

Why the engineering-org scale matters more than the pilot scale

Through 2024 and 2025 the regulated-industry rollout of agentic coding had a predictable shape. A small cohort of engineers — usually inside a CTO's office or a designated AI center of excellence — would stand up a pilot against the cloud-hosted Copilot tier or against Claude Code, run a productivity measurement, demonstrate the business case, and then collide with the security and compliance review when they tried to scale beyond the cohort. The pilot would survive; the rollout to the full engineering organization would stall for two, three, four quarters while the compliance posture caught up. The bottleneck was never the developer experience or the model capability; it was the gap between the cloud-hosted SaaS posture the IDE assumed and the in-perimeter compliance posture the regulated buyer required.

Three honest reads on why the gap closing at the IDE-incumbent layer matters more than the gap closing at the developer-tool challenger layer.

The IDE-incumbent position carries the procurement inertia that the challenger position does not. A regulated buyer that has standardized on VS Code as the engineering org's editor of record — and the share of regulated-industry engineering orgs that have done so is substantial — has a procurement object that already cleared security review at the editor layer. Extending that procurement to cover the agentic surface, on the same editor, against the same enterprise policy layer, is a meaningfully smaller motion than standing up a separate tool with its own security review, its own license terms, its own integration surface. The cost of the rollout is the cost of the policy extension and the eval discipline; it is not the cost of a fresh procurement.

The FedRAMP Moderate attestation is the compliance posture the security review actually grades against. Most regulated buyers do not run their own security review against a SaaS surface from scratch. The review references the federal compliance standard (FedRAMP Moderate for most engineering workloads, FedRAMP High for the sensitive tail), and the vendor's attestation against that standard is the floor of the conversation. A vendor without the attestation has to defend the security posture against the bespoke questionnaire that the customer's security team authors; a vendor with the attestation references the standard and the conversation moves to the workload-specific configuration. The difference is the difference between a six-month review cycle and a six-week one.

The 81% of enterprises planning more complex agent use cases this year is the demand-side curve the regulated buyer has been on the wrong end of. The recent industry surveys put the share of enterprises planning to scale up agentic use cases through 2026 at roughly 81%, with the heaviest growth in the verticals — financial services, healthcare, manufacturing, government — where the compliance posture has been the binding constraint. The IDE-incumbent layer closing the compliance gap is the supply-side answer for that demand. The teams that walk into Q3 with the rollout structured against the new posture will catch the rest of the agentic-coding wave at the engineering-org scale. The teams that defer the rollout will discover, at the next budget cycle, that the productivity delta their non-regulated peers booked through 2026 is the deliverable the CFO will ask them to explain.

What changes about the regulated-buyer procurement conversation

Four shifts that follow when the IDE-incumbent ships the air-gapped path natively, the FedRAMP attestation is in place, and the enterprise policy layer is the organization-scale primitive.

The deployment topology becomes a per-workload-class routing decision, not a per-team policy decision. The conventional regulated-buyer rollout has split the engineering org into teams that can use the cloud-hosted tier and teams that can't, with the split running roughly along workload sensitivity and the senior-engineering team owning both halves. The new topology splits the work, not the teams: the same engineer routes a workload to the cloud-hosted path when the workload is non-sensitive, to the air-gapped path when the workload touches the regulated surface, and to the heavier-effort tier when the workload requires the capability the lighter tier doesn't reach. The policy layer encodes the routing; the engineer doesn't have to make the call workload-by-workload.

The in-perimeter inference path becomes a first-class endpoint with the same observability surface as the cloud-hosted path. A regulated buyer that has deployed a Foundry Local or vLLM instance inside the perimeter, against an open-weights model the engineering org standardized on, now has the IDE talking to that endpoint as a peer of the cloud-hosted Copilot tier. The observability surface — the agent-action audit log, the cost attribution, the eval results — has to extend to the in-perimeter path with the same fidelity as the cloud path. The buyer who treats the air-gapped configuration as the auxiliary path we use for the sensitive workloads, with the audit surface to be figured out later will discover, at the next security review, that the audit gap is what the review actually grades against.

The policy-layer authoring becomes the differentiating procurement skill. The enterprise policy layer the IDE exposes is configured against the organization's compliance posture, the workload-class taxonomy, the eval-rubric set, and the routing matrix. Authoring it correctly is the engineering work that turns we deployed VS Code with the agents window into the agentic surface is configured against the workload distribution the engineering org actually runs. The buyers who have an in-house team capable of authoring the policy layer against the workload-specific requirements are the buyers who get the rollout right. The buyers who deploy the default policy template and call the rollout finished are the buyers whose audit log surfaces the misrouted workloads four months later.

The eval discipline extends to grade both configurations honestly side by side. The cloud-hosted path is running a frontier-class model with a meaningful capability ceiling; the air-gapped path is running an open-weights model with a different capability profile. The eval matrix has to grade both — on the workload-specific gold sets the buyer authors — so the routing decisions can be made from data rather than from the engineer's preference. The buyer whose eval discipline grades only one configuration will route the wrong workloads to the wrong endpoint, will pay the capability cost on the air-gapped side and the compliance risk on the cloud side, and will discover the mistake in the quarterly audit rather than in the eval dashboard.

What this does not change

Three honest caveats, because the temptation reading the four-release rollout is to assume the regulated-industry coding conversation got easy.

It does not eliminate the workload-specific compliance review. FedRAMP Moderate is the floor of the conversation; the workload-specific review still has to happen against the customer's specific data classification, the specific systems-of-record the agent reaches, the specific egress controls the perimeter requires. The attestation closes the procurement door; it does not close the operational door. The buyer who reads the FedRAMP authorization as the security review is now solved will discover the workload-specific review still has to happen and still takes time.

It does not collapse the multi-vendor reality. A regulated buyer running VS Code with the agents window does not, by that act, commit to the Microsoft model catalog for the durable workload. The BYOK path runs against whichever model the buyer chose — Llama 4, Qwen 3.7 Plus, DeepSeek V4 Pro, an in-house-fine-tuned variant — and the routing matrix still spans the platform-tier vendors, the open-weights tier, and the in-house surface. The IDE is the substrate; the model catalog is still a separate procurement object.

It does not eliminate the senior-review queue. An agent surface running against the regulated workload is a surface whose hardest failure modes have to be caught by humans whose judgment is calibrated to the specific compliance posture. The senior-review queue's existence is not contingent on the deployment topology; its calibration has to be tuned to the air-gapped path's specific failure-mode shape. The buyer who reads the air-gapped configuration as the agent is now safe to run unsupervised will get the audit log of incidents the queue should have caught.

Where Sonnet Code fits

A regulated-industry AI coding rollout against an IDE-incumbent surface, an air-gapped BYOK path, and a FedRAMP-grade compliance posture is the easy half of the procurement conversation. The hard half is the engineering and human-judgment work that turns we deployed VS Code with the agents window against our Foundry Local instance into the policy layer is authored against the organization's workload-class taxonomy, the in-perimeter inference path is observable at the same fidelity as the cloud path, the routing matrix decides which workload goes to which endpoint from data rather than from preference, and the senior-review queue is calibrated for the air-gapped agent's specific failure-mode shape. AI development at Sonnet Code is the engineering half: standing up the in-perimeter inference path on the GPU substrate the platform team already operates; configuring the IDE's BYOK endpoint and the enterprise policy layer against the organization's compliance posture; extending the agent-action audit log and the cost-per-successful-task attribution across both the cloud-hosted and the air-gapped configurations; instrumenting the eval harness to grade both honestly on the workload-specific gold sets; and wiring the routing matrix so the engineer doesn't have to make the per-workload call.

AI training is the human-judgment half: senior engineers and domain experts with regulated-industry context who author the gold sets that grade each configuration honestly, calibrate the senior-review queue for the air-gapped agent's failure-mode shape, build the workload-classification rubrics the policy layer encodes, and serve as the senior-judge pool whose calibrated decisions feed the alignment loop that turns the rollout into compounding capability.

The last operational gap holding regulated industries off the agentic coding surface just closed at the IDE-incumbent layer. The teams that walk into Q3 with the rollout structured against the workload-class taxonomy, the policy layer authored against the compliance posture, the in-perimeter inference path observed at the cloud-path fidelity, and the eval discipline grading both configurations honestly are the teams that turn the four-release rollout into a compounding engineering-org-scale capability through the rest of 2026. The teams that read the rollout as Microsoft shipped an agents window and run the pilot the cohort already had through the previous compliance posture will discover, at the next renewal, that the buyer down the road took the engineering-org-scale rollout for itself.

Sigue leyendo.

JPMorgan Chase Just Reclassified $2B of Annual AI Spend as Core Infrastructure on Par With Fraud Detection and Cybersecurity Inside Its $19.8B 2026 Technology Budget — AI Stopped Being a Discretionary R&D Line and Became the Bank's Floor, and the Procurement Signal Will Move Through Every Tier-1 Financial Institution Inside Two Renewal Cycles, Resetting the FY27 Budget Shape Across the Sector.
AI Development10 min read

JPMorgan Chase Just Reclassified $2B of Annual AI Spend as Core Infrastructure on Par With Fraud Detection and Cybersecurity Inside Its $19.8B 2026 Technology Budget — AI Stopped Being a Discretionary R&D Line and Became the Bank's Floor, and the Procurement Signal Will Move Through Every Tier-1 Financial Institution Inside Two Renewal Cycles, Resetting the FY27 Budget Shape Across the Sector.

JPMorgan Chase formally reclassified its AI investment from experimental R&D to core infrastructure this cycle, placing the $2B annual AI line alongside data centers, payment systems, and core risk controls inside its $19.8B 2026 technology budget — with CEO Jamie Dimon stating the investment has self-funded through $2B in operational savings across more than 150,000 employees and a 10-11% productivity gain in engineering, operations, and fraud detection. The structural read isn't 'JPMorgan increased its AI spend.' It's that the bank at the top of the tier-1 financial-services cohort just moved AI from the discretionary R&D bucket (where the CFO can defer the line in a soft quarter) to the non-discretionary core-infrastructure bucket (where the line is as defensible as the fraud-detection floor or the cybersecurity baseline), that the procurement signal will move through every tier-1 financial institution inside two renewal cycles, that the FY27 budget shape across the sector resets against the new floor, and that the supply-side curve on the senior engineering pipeline that ships these workloads is the binding constraint the procurement conversation will collide with next. Here's what that does to the financial-services AI procurement posture, the build-vs-buy boundary on the operational engineering layer, the in-house team hiring profile, and the AI training discipline that turns the spending re-classification into compounding capability rather than a deferred cost.

Sonnet Code Editorial Team · 11 de junio de 2026
DeepSeek V4 Pro's 75% Promotional Discount Expired May 31 and the Permanent Rate Card Settled at $0.435/$0.87 per 1M Tokens — the Open-Weight Frontier Coding Tier Now Has a Permanent Floor One Order of Magnitude Below the Western Closed Flagships, and the Routing Portfolio That Wasn't Carrying an Open-Weight Tier Through Q2 Is About to Pay for the Omission in the Q3 Cost-Per-Successful-Task Line.
AI Development10 min read

DeepSeek V4 Pro's 75% Promotional Discount Expired May 31 and the Permanent Rate Card Settled at $0.435/$0.87 per 1M Tokens — the Open-Weight Frontier Coding Tier Now Has a Permanent Floor One Order of Magnitude Below the Western Closed Flagships, and the Routing Portfolio That Wasn't Carrying an Open-Weight Tier Through Q2 Is About to Pay for the Omission in the Q3 Cost-Per-Successful-Task Line.

DeepSeek V4 Pro's 75% promotional discount that ran from April 24 through May 31, 2026 expired, and the permanent rate card settled at $0.435/$0.87 per 1M input/output tokens (cache-hit $0.003625/M) — a price floor roughly one order of magnitude below Claude Opus 4.8 ($5/$25), GPT-5.5 (broadly comparable), and Gemini 3.1 Pro for the equivalent capability tier. Kimi K2.6 sits at $0.95/$4.00 for the 1T-parameter MoE, 32B-active, 256K-context model released April 20 under a Modified MIT license; DeepSeek V4 weights are MIT-licensed, with V4-Pro at 1.6T total / ~49B active and V4-Flash at 284B / ~13B active released April 24. The structural read isn't 'two open-weight models got cheaper.' It's that the open-weight frontier coding tier now has a permanent price floor that's structurally below the closed Western flagships, that the routing portfolio that was running 100% closed-flagship through Q2 is about to discover the cost-per-successful-task line carries the omission as the cohort that did the multi-vendor routing work catches the bill arbitrage, and that the eval discipline that hasn't graded the open-weight tier on the customer's specific codebase is the discipline that has to do the work this quarter before the FY27 budget conversation resolves on the wrong axis. Here's what that does to the multi-vendor routing matrix at the model layer, the in-perimeter self-hosted deployment path the MIT/Modified-MIT licenses open up, the cost-per-successful-task attribution discipline, and the gold-set authoring work that grades a non-Western-trained model honestly.

Sonnet Code Editorial Team · 11 de junio de 2026