Katie Moussouris built the program that pays hackers to tell Microsoft the truth. In the mid-2000s she argued the company should stop calling vulnerability disclosure "responsible" and start calling it "coordinated," because the word responsible put the blame on the researchers doing Microsoft's security work for free. The industry came around to her, and for twenty years coordinated disclosure was how it worked. Then in late May she watched Microsoft reach for the old language again, and she called it the first strike.
The Microsoft that Nadella inherited in 2014 had already moved on from the company Moussouris fought a decade earlier, and he spent his first years pushing it further. A slide went up at a conference reading "Microsoft loves Linux," and an analyst said hell must have frozen over. He bought GitHub for $7.5 billion and told the developers who lived there he would keep it theirs. The defining trait got renamed: the old Microsoft was a house of know-it-alls, the new one a house of learn-it-alls. The word he reached for, again and again across his own book, was empathy.
It worked. The turnaround was real: a company worth about $300 billion the day he took over is worth more than $3 trillion now. The market followed the culture, and so did something the market doesn't price: trust.
On June 14, 2026, in a post on X, Nadella laid out his vision for the firm in an AI economy: build a frontier ecosystem, not just a frontier model, so value flows broadly across every company and country rather than pooling in the few models that can absorb everything they see. The warning underneath it was sharp: "There is," he wrote, "no societal permission for an AI future that hollows out entire industries."
Satya is right about where to go, but he should first look at what his own company has been doing on the way there.
Starting in April, a researcher publishing as Nightmare Eclipse dropped working exploit code for six unpatched Windows flaws, the kind that live inside Defender and BitLocker, without warning Microsoft first. Three were weaponized in real attacks within days and added to the federal catalog of bugs known to be exploited. This was not a clean case, and the security world did not treat it as one: several firms called the researcher a malicious actor for handing live exploits to the criminal ecosystem. The grievance underneath was specific. The researcher said Microsoft had deleted the account they used to file bug reports, stripped their credit, and refused bounties they believed they were owed, then accused them of irresponsible disclosure after cutting off every way to disclose. Microsoft's reply was a blog post condemning the researcher and pointing toward its Digital Crimes Unit, the team it uses to take cybercriminals to court. The company that wrote the rulebook on coordinated disclosure was now invoking the police.
The company that taught the industry to pay researchers threatened to prosecute one.
Grant all of it. Say the researcher was reckless, even malicious. Moussouris, who built the bug bounty and spent years teaching Microsoft that a researcher is a gift and not a threat, still landed on the company. Whatever the researcher did, reaching for the Digital Crimes Unit was the unforced error, the move that teaches every other researcher watching to take their next bug somewhere Microsoft can't see it. The company walked the threat back within days, clarifying it had no intention of pursuing good-faith research. But the first instinct was prosecution, and the first instinct is what the rest of the field remembers.
GitHub is where Nadella made his clearest promise. Buy the place developers live, and leave it theirs. For a while he kept it.
In December the Zig language left for Codeberg, after a bug in GitHub Actions hung its build servers for months and the fix never came. In April Mitchell Hashimoto moved Ghostty the same way. He had been on GitHub for eighteen years, almost since the beginning, and he said the platform was no longer a place for serious work. Neither of them left in protest. They left because the tools stopped working and no one at Microsoft seemed to be listening — which is the older grievance, the one Nadella was supposed to have fixed.
What is driving them out should worry him more than the fact that they left. Maintainers now report that a third to half of the pull requests landing in their projects are AI-generated and worthless: plausible code that falls apart under review, submitted by people who cannot answer a question about what they sent. The cURL project, whose code runs on nearly every connected device on earth, shut its bug bounty in January because the volunteer hours were going to machine-written noise. The slop comes from every model on the market. What singles Microsoft out is GitHub's answer when maintainers asked for a way to keep it out: no. A repository owner cannot block Copilot from filing on their project, and a Copilot-generated submission arrives under a human's name with nothing to mark it as machine-made. The platform that promised to stay theirs took away their ability to defend it.
A platform sold developers a home and then filled the yard with the output of its best-selling product.
So the steward became the thing the commons needed stewarding from. That is not a betrayal anyone sat down and planned. It is what happens when the roadmap and the responsibility point in opposite directions, and only one of them has the budget.
The trust did not only leak at the edges, among researchers and maintainers. It reached the people who wanted their computer to work.
In December Nadella published a post asking the industry to move past the argument over whether AI output was slop or something better. He meant it as a call to maturity. People read it as a company telling them to stop noticing that the products were broken. Within hours the word he tried to retire became the word everyone reached for. They called it Microslop, and it spread because it named something they had felt without yet having a word for it: Copilot wedged into every corner of Windows and Office, hard to remove, often broken, shipped because the roadmap needed it there and not because anyone asked.
Then Microsoft proved the point for them. When "Microslop" turned up blacklisted on the company's own Copilot Discord, users flooded the channel with the word misspelled and the word in symbols, until Microsoft paused invites and locked the server down. A company sure of its product laughs off a nickname. A company that silences the nickname has heard the criticism and chosen to muffle it rather than answer it.
None of this proves bad intent. Microsoft has not become Darth Vader. The honest inference is that scale did to the culture what scale always does. Empathy is cheap to declare across a company of a few thousand and expensive to hold across one bleeding employees and managers while it scrambles to stay relevant in a new reality, where AI is eating industries and washing away the moats that used to protect them.
Read the frontier-ecosystem post against the year Microsoft has had, and the cracks begin to surface. The post describes a company that turns its people's judgment into systems whose benefits flow to the communities around them. The year shows a company reaching for control with the researcher, flooding the commons it promised to keep, and silencing the users it told to grow up. The post is not a description of the present. It is a description of the thing the 2014 company was reaching for, written by the man who built that company, about a company that has drifted from the values he gave it.
Nadella already wrote the answer to this. The premise of his own book is that renewal is not a one-time event. You hit refresh, and the page loads with new problems, and you hit it again. The 2014 refresh bought Microsoft a decade of trust, and trust is the actual capital an AI ecosystem runs on, more than any model or any token. Right now the company is spending it faster than it is earning it back.
Before he can ask every company and country to trust the ecosystem he wants to build, he has to run the company they would trust to build it. The refresh worked once. It is time to run it again.