Can Microsoft’s Copilot Agents Justify a $3 Trillion MSFT Valuation?

Published: February 23, 2026.

TL;DR

Microsoft (MSFT) has dropped roughly 28% from its October 2025 all-time high of $555.45, trading near $397 as of February 20, 2026. The selloff reflects investor anxiety over $37.5 billion in quarterly AI capital spending and slow Copilot adoption (15 million paid seats against 450 million M365 subscribers). The investment case rests on whether Microsoft can convert the OpenClaw-driven demand for autonomous AI agents into a locked-down, identity-governed enterprise product before open-source alternatives mature.

• MSFT trades at a trailing P/E of ~25, roughly 25% below its 5-year average of ~32 [MacroTrends, FullRatio]
• OpenClaw amassed 150,000+ GitHub stars in weeks but exposed 30,000+ unsecured instances [Bitsight, CrowdStrike]
• Microsoft Entra Agent ID, announced at Ignite 2025, assigns each Copilot agent a governed identity [Microsoft Learn]
• Enterprise Copilot at $30/user/month across even half the M365 base would add ~$81 billion in annual recurring revenue

About the author

David L. Berkowitz , Investor and Financial Advisor. Nearly 40 years of experience—from trading and research at a $250 million hedge fund, to two decades as a portfolio manager, to now helping individuals and families become shareholders in high-quality companies. Based in Red Bank, NJ.

Verify David’s credentials on FINRA BrokerCheck (CRD#: 1384375).

What happened to Microsoft’s stock price in late 2025 and early 2026?

Microsoft hit an all-time high of $555.45 per share in late October 2025. By February 20, 2026, the stock closed at $397.23—a decline of roughly 28% from the peak. The market cap sits near $2.95 trillion, down from approximately $4.1 trillion at the high [MacroTrends, StockAnalysis].

The selloff accelerated on January 28, 2026, when the stock fell 10.5% in a single session after Microsoft reported fiscal Q2 2026 earnings. Revenue rose 17% to $81.3 billion. Azure grew 39%. Adjusted EPS jumped 24% to $4.14. None of that mattered enough. Capital expenditures hit $37.5 billion for the quarter—a 66% year-over-year increase—and investors saw no clear timeline for when that spending would produce matching returns [CNBC, Motley Fool].

The trailing P/E ratio as of late February 2026 sits near 24.85, roughly 25% below Microsoft’s 5-year average of ~32. UBS analyst Karl Keirstead wrote that M365 revenue growth was not accelerating due to Copilot, and multiple channel checks showed no strong usage ramp [Motley Fool]. For patient investors, that dislocation creates a setup worth examining.

What is OpenClaw, and why does it matter for Microsoft’s AI strategy?

OpenClaw is an open-source autonomous AI agent, originally published in November 2025 by Austrian developer Peter Steinberger under the name Clawdbot. After trademark complaints from Anthropic, it was renamed Moltbot, then OpenClaw. On February 14, 2026, Steinberger announced he was joining OpenAI, with the project moving to an independent foundation [Wikipedia, Steinberger blog post].

The tool runs locally on a user’s machine and connects to large language models (Claude, GPT, DeepSeek) via messaging platforms such as WhatsApp, Telegram, Slack, and Discord. It executes multi-step tasks autonomously: managing email, scheduling meetings, running code, browsing the web, and controlling smart home devices. A background scheduler called the Heartbeat keeps tasks running between user interactions [DigitalOcean, OpenClaw GitHub].

Adoption was explosive. OpenClaw passed 150,000 GitHub stars within weeks of going viral in late January 2026, with over 20,000 forks. DigitalOcean launched a one-click hardened deployment image. Companies in Silicon Valley and China adapted the tool to work with domestic models and messaging apps [CNBC, CrowdStrike].

This matters for Microsoft because OpenClaw proved mass-market demand for AI agents that act, not just talk. The gap between a chatbot that offers suggestions and an agent that books your flight, triages your inbox, and deploys your code is the gap Microsoft must close with Copilot. OpenClaw showed millions of people what that future looks like. Microsoft now has to ship an enterprise-grade version.

How dangerous is OpenClaw’s open-source security model for enterprises?

The security record is severe. Within three weeks of going viral, OpenClaw became the center of a multi-vector security crisis [Conscia, SecurityWeek].

Exposed instances: Bitsight identified over 30,000 OpenClaw instances publicly exposed to the internet during a January 27 to February 8 scanning window. Independent researcher Maor Dayan found 42,665 exposed instances, of which 5,194 were actively vulnerable. SecurityScorecard found 40,214 exposed instances associated with 28,663 unique IP addresses. Of those, 63% were exploitable, with 12,812 vulnerable to remote code execution [Bitsight, Conscia, Infosecurity Magazine].

Critical vulnerability: CVE-2026-25253 (CVSS 8.8) allowed one-click remote code execution even against localhost-bound instances. The flaw was patched in v2026.1.29, but an incomplete fix led to CVE-2026-24763 before a final patch in v2026.1.30 [SecurityWeek, Conscia].

Supply-chain poisoning: Researchers discovered 341 malicious skills in the ClawHub marketplace (12% of the registry), which later grew to over 800 (~20%). Many delivered the Atomic macOS Stealer (AMOS) infostealer. Cisco’s AI security team confirmed that a third-party OpenClaw skill performed data exfiltration and prompt injection without user awareness [Conscia, CrowdStrike].

Credential leakage: OpenClaw stores API keys, OAuth tokens, and credentials in plaintext Markdown and JSON files. Researcher Jamieson O’Reilly of Dvuln demonstrated access to Anthropic API keys, Telegram bot tokens, Slack credentials, and complete chat histories on exposed instances [Conscia].

Palo Alto Networks warned that OpenClaw represents a “lethal trifecta”: access to private data, exposure to untrusted content, and the ability to perform external communications while retaining memory [CNBC]. For any enterprise IT team, the risk profile is clear. This is not a tool you deploy inside a governed environment without substantial hardening. That vacuum is Microsoft’s opening.

How is Microsoft building identity governance for AI agents?

Microsoft introduced Entra Agent ID in May 2025 and expanded it to public preview at Ignite in November 2025. The framework assigns each AI agent—whether built in Copilot Studio, Azure AI Foundry, or third-party tools—its own identity within Microsoft Entra (formerly Azure Active Directory) [Microsoft Learn, AdminDroid blog].

The architecture works on four new object types: agent identity blueprint, agent identity blueprint principal, agent identity, and agent user. Each agent gets governed through the same lifecycle management, conditional access policies, and role-based access controls that apply to human identities. When a Copilot Studio agent is created with Entra integration enabled, it automatically receives an agent identity, visible in the Entra admin center [Microsoft Learn].

This design addresses the core enterprise objection to tools like OpenClaw. An Entra-governed Copilot agent operates in accordance with existing security policies. It accesses only the applications approved for its role. It has a defined owner, audit trail, and lifecycle. When deleted, the identity is removed from the tenant [Microsoft Copilot Studio docs].

Microsoft’s Security Blog published priorities for 2026 that include treating every AI agent as a first-class identity, with the same Zero Trust rigor applied to human identities. Identity admins using the Conditional Access Optimization Agent in Microsoft Entra completed tasks 43% faster and 48% more accurately in tested scenarios [Microsoft Security Blog, January 2026].

The Agent 365 control plane, also announced at Ignite 2025, provides a centralized registry for all AI agents across the organization, with built-in visibility, access controls, and interoperability [Cloud Wars]. This is the system that would allow a Fortune 500 company to deploy the kind of autonomous task execution that OpenClaw demonstrated—but with identity governance, access policies, and an audit log.

Where does Microsoft 365 Copilot adoption stand today?

Microsoft disclosed its first concrete Copilot adoption numbers on the Q2 fiscal 2026 earnings call (January 28, 2026):

• 15 million paid Microsoft 365 Copilot seats , up 160% year-over-year [Motley Fool, Windows Latest]
• Daily active users increased 10x year-over-year [Microsoft Q2 FY2026 earnings call]
• Average conversations per user doubled year-over-year [Windows Latest]
• GitHub Copilot reached 4.7 million paid subscribers , up 75% year-over-year [Motley Fool]
• Several customers now exceed 35,000 seats , including NASA, the U.S. Department of the Interior, Fiserv, ING, and Westpac [Microsoft earnings call]

The headline concern: 15 million paid users represent roughly 3.3% of Microsoft 365’s 450+ million commercial subscribers. GitHub Copilot’s 4.7 million paid users represent about 3.1% of GitHub’s 150 million registered developers [Motley Fool]. Enterprise Copilot is priced at $30 per user per month ($360/year). Microsoft also raised the prices of M365 commercial and government subscriptions, effective July 1, 2026, bundling AI and security features into the base subscription [SentiSight].

The adoption trajectory is the central variable. At 15 million seats and $30/month, the current annual Copilot run rate is approximately $5.4 billion. If conversion reaches even half the M365 base (225 million users), that jumps to $81 billion in annual recurring revenue.

What is the potential valuation contribution of Microsoft’s agentic AI shift?

The original investment thesis for this article modeled two scenarios using a 5-year average P/E of ~30 (consistent with Microsoft’s historical range of 30–34 over the past five years) [FullRatio, MacroTrends]. The question is how many M365 users adopt paid Copilot and agentic features over the next 3–5 years.

The base case suggests that Copilot’s agentic expansion could account for roughly half of Microsoft’s current market cap of ~$2.95 trillion. Adding in the broader AI agent market—where Copilot agents replace or augment not just human users but entire workflow functions—pushes the total addressable valuation contribution higher. Jevons’ Paradox is relevant here: as the cost per unit of white-collar task execution drops, total demand for that execution tends to rise, not fall. If each human employee eventually manages multiple AI agents, the number of Copilot seats could exceed the current human headcount in enterprise organizations.

None of this is guaranteed. It hinges on Microsoft shipping agentic features quickly, on enterprise IT teams trusting the governance model, and on Copilot delivering enough measurable productivity gains to secure CFO approval of the spend. The 60% margin assumption may also prove aggressive given the compute costs of running inference at agent scale.

What does the AI 2027 forecasting project say about the agentic timeline?

The AI 2027 report, published in April 2025 by Daniel Kokotajlo (a former OpenAI researcher) and Eli Lifland through the AI Futures Project in Berkeley, California, forecast a progression from unreliable AI agents in mid-2025 to systems capable of replacing junior engineering tasks by early 2026. The scenario describes fictional “Agent-1” through “Agent-4” systems, each generation more autonomous [AI 2027, AI Futures Project Wikipedia].

OpenClaw’s arrival tracked broadly with the report’s early milestones. The project anticipated that the first credible autonomous agents would appear by early 2026, operating as what it called “scatterbrained employees who thrive under careful management.” OpenClaw fits that description: powerful but requiring security guardrails, human oversight, and sandboxing to work safely.

The authors have since revised some timelines. Kokotajlo’s median estimate for AI systems that automate over 95% of remote jobs shifted from roughly 3 years to roughly 4 years (relative to the 2022 baseline). Andrej Karpathy, in an October 2025 appearance on the Dwarkesh Podcast, argued for longer timelines for superhuman coding agents [FutureSearch, January 2026 update]. Regardless of exact timing, the trajectory points in one direction: autonomous agents will do more of the work that currently requires a human, and the platform that governs those agents in the enterprise captures the economic value.

What are the risks to Microsoft’s position?

Several threats are real and measurable:

• Copilot adoption stalls . At 3.3% penetration of the M365 base after two years of availability, the conversion rate is slow. ChatGPT had 35 million paid subscribers by July 2025 without any existing enterprise user base to cross-sell into [Motley Fool]. Microsoft has the distribution advantage but has not yet proven it can translate that into rapid paid adoption.
• OpenAI dependency and cost concentration. 45% of Microsoft’s $625 billion revenue backlog is tied to OpenAI commitments. That concentration spooked institutional investors after the Q2 earnings report [24/7 Wall St]. If OpenAI’s costs rise or the partnership terms shift, Microsoft’s margin assumptions break down.
• AI-native competitors. The same agentic technology that OpenClaw demonstrated is giving rise to 1–2 person AI startups running on Google Workspace, Slack, and open-source tools with zero legacy overhead. If those startups out-execute Fortune 500 companies before Microsoft’s Copilot agents become fully functional, Microsoft loses both the new market and the existing enterprise customers those startups displace.
• Capital expenditure overshoot. Quarterly capex of $37.5 billion, growing 66% year over year, has no obvious ceiling. Azure’s39% growth is strong but decelerating from the 40%+ rates investors had priced in. If revenue growth flattens while capex keeps climbing, margin compression follows [Motley Fool, CNBC].
• Open-source resilience. OpenClaw is now transitioning to an OpenAI-sponsored foundation. Steinberger’s joining OpenAI may accelerate the agent’s development rather than slow it. If the security issues are patched and the community matures, the open-source alternative may become good enough for mid-market companies that don’t require Fortune 500–grade governance [Fortune, Steinberger blog].

What signals should investors watch from here?

The following data points will determine whether the agentic thesis plays out for Microsoft:

• Copilot paid seat count on the Q3 FY2026 earnings call (expected late April 2026). If the number does not accelerate materially from 15 million, the adoption thesis weakens.
• Entra Agent ID is moving from preview to general availability. Enterprise customers will not deploy autonomous agents at scale until the governance framework is production-ready.
• Agent Mode adoption in M365 apps (Word, Excel, PowerPoint). Microsoft began rolling out Agent Mode in January 2026 [Microsoft Community Hub]. Usage data will signal whether agentic features change actual daily work patterns.
• Competitive moves from Google, Anthropic, and the OpenAI Foundation. If Google Workspace ships agent capabilities with comparable governance, Microsoft’s distribution advantage narrows.
• Azure revenue growth trajectory. Guided at 37–38% for Q3 FY2026 (in constant currency). If it holds, the cloud business supports the investment case even if Copilot adoption is slower than hoped.

What does this mean for portfolios?

Microsoft is trading at a valuation rarely seen in the past decade relative to its earnings power. A trailing P/E near 25 on a company growing revenue at 17% and EPS at 24% reflects genuine market skepticism about the return on AI spending. That skepticism creates a potential entry point for investors with a 3–5 year horizon.

The agentic opportunity is real. OpenClaw proved mass-market demand. Microsoft’s Entra Agent ID addresses the security gap that prevents open-source agents from being deployed in the enterprise. The M365 distribution base of 450+ million commercial seats is the largest captive audience in enterprise software.

But the outcome is not certain. Execution risk is high, competition is real, and the capital intensity of AI infrastructure means margins may compress before they expand. Copilot adoption at 3.3% of the user base does not yet validate the bull case. Investors should size positions accordingly and watch the data points above before adding exposure.

Potential outcome: If Microsoft executes on the agentic Copilot strategy and reaches even 25% M365 penetration at enterprise pricing, the incremental valuation contribution alone could be $700+ billion—well above the current ~$1 trillion discount from the October 2025 peak. If it does not execute, the current price already reflects meaningful downside protection at ~25x trailing earnings. The risk/reward tilts favorably for long-term holders willing to tolerate near-term volatility.

Disclosure: This article is for informational purposes only and does not constitute investment advice, a recommendation, or a solicitation to buy or sell any security. All investments involve risk, including potential loss of principal. Past performance does not guarantee future results. Consult a qualified financial advisor before making any investment decisions. David L. Berkowitz may hold positions in securities discussed in this article. Verify advisor credentials on FINRA BrokerCheck.

Endnotes

1. Bitsight. “OpenClaw Security: Risks of Exposed AI Agents Explained.” Analysis of 30,000+ internet-exposed OpenClaw instances. Published February 9, 2026. https://www.bitsight.com/blog/openclaw-ai-security-risks-exposed-instances

2. CrowdStrike. “What Security Teams Need to Know About OpenClaw, the AI Super Agent.” Detection and removal guidance for enterprise deployments. Published February 2026. https://www.crowdstrike.com/en-us/blog/what-security-teams-need-to-know-about-openclaw-ai-super-agent/

3. Conscia. “The OpenClaw Security Crisis.” Comprehensive analysis of CVE-2026-25253, ClawHavoc campaign, and architectural weaknesses. Published February 2026. https://conscia.com/blog/the-openclaw-security-crisis/

4. CNBC. “From Clawdbot to Moltbot to OpenClaw: Meet the AI agent generating buzz and fear globally.” Coverage of OpenClaw adoption from Silicon Valley to China. Published February 2, 2026. https://www.cnbc.com/2026/02/02/openclaw-open-source-ai-agent-rise-controversy-clawdbot-moltbot-moltbook.html

5. Microsoft Learn. “Governing Agent Identities (Preview).” Technical documentation for Microsoft Entra Agent ID architecture. https://learn.microsoft.com/en-us/entra/id-governance/agent-id-governance-overview

6. Microsoft Security Blog. “Four Priorities for AI-Powered Identity and Network Access Security in 2026.” Published January 20, 2026. https://www.microsoft.com/en-us/security/blog/2026/01/20/four-priorities-for-ai-powered-identity-and-network-access-security-in-2026/

7. Motley Fool. “Down 22% in 6 Months, Is Microsoft Stock a Buy?” Analysis of MSFT valuation and Copilot adoption. Published February 14, 2026. https://www.fool.com/investing/2026/02/14/down-22-in-6-months-is-microsoft-stock-a-buy/

8. Motley Fool. “Microsoft Finally Revealed How Many Paying Copilot Customers It Has.” First public disclosure of 15 million paid Copilot seats. Published February 9, 2026. https://www.fool.com/investing/2026/02/09/microsoft-finally-revealed-how-many-paying-copilot/

9. MacroTrends. Microsoft’s P/E ratio and market capitalization historical data. https://www.macrotrends.net/stocks/charts/MSFT/microsoft/pe-ratio

10. FullRatio. Microsoft P/E ratio current and historical analysis. 5-year average P/E of 32.38. https://fullratio.com/stocks/nasdaq-msft/pe-ratio

11. SecurityWeek. “OpenClaw Security Issues Continue as SecureClaw Open Source Tool Debuts.” CVE tracking and patch history for OpenClaw. Published February 2026. https://www.securityweek.com/openclaw-security-issues-continue-as-secureclaw-open-source-tool-debuts/

12. Infosecurity Magazine. “Researchers Find 40,000+ Exposed OpenClaw Instances.” SecurityScorecard analysis of 40,214 exposed instances. Published February 23, 2026. https://www.infosecurity-magazine.com/news/researchers-40000-exposed-openclaw/

13. AI Futures Project. “AI 2027.” Scenario forecast published April 2025 by Daniel Kokotajlo, Eli Lifland, Thomas Larsen, and Romeo Dean. https://ai-2027.com/

14. Fortune. “OpenAI’s OpenClaw Hire Signals a New Phase in the AI Agent Race.” Published February 17, 2026. https://fortune.com/2026/02/17/what-openais-openclaw-hire-says-about-the-future-of-ai-agents/

15. Cloud Wars. “The Agentic Enterprise Arrives: Microsoft’s Copilot and Agent Breakthroughs of 2025.” Review of Agent 365, Entra Agent ID, and Copilot Studio. Published December 22, 2025. https://cloudwars.com/cloud/the-agentic-enterprise-arrives-microsofts-copilot-and-agent-breakthroughs-of-2025/

16. Windows Latest. “Microsoft Says MS 365 Copilot Is Now a Daily Habit.” Coverage of Q2 FY2026 Copilot metrics. Published February 2, 2026. https://www.windowslatest.com/2026/02/02/microsoft-says-ms-365-copilot-is-now-a-daily-habit-copilot-for-consumers-daily-users-up-3x-after-telling-everybody-to-use-it/

17. 24/7 Wall St. “Here’s the Reason Microsoft Is Crashing, but Why You Shouldn’t Sell.” Analysis of OpenAI backlog concentration and MSFT selloff. Published February 9, 2026. https://247wallst.com/investing/2026/02/09/heres-the-reason-microsoft-is-crashing-but-why-you-shouldnt-sell/

18. DigitalOcean. “What is OpenClaw? Your Open-Source AI Assistant for 2026.” Technical overview, including 1-Click Deploy and architecture. https://www.digitalocean.com/resources/articles/what-is-openclaw

19. StockAnalysis. Microsoft (MSFT) statistics and valuation data. Market cap $2.87T, trailing P/E 24.18, forward P/E 22.01. https://stockanalysis.com/stocks/msft/statistics/

20. FutureSearch. “AI 2027 Scenario: Revisiting AGI Forecasts in 2026.” Updated forecaster positions on AI timelines. Published January 7, 2026. https://futuresearch.ai/ai-2027-6-months-later/

21. Steinberger, Peter. “OpenClaw, OpenAI and the Future.” Personal announcement of joining OpenAI and OpenClaw foundation transition. Published February 14, 2026. https://steipete.me/posts/2026/openclaw

22. American Banker. “OpenClaw AI Creates Shadow IT Risks for Banks.” Coverage of OpenClaw exposure in financial services. Published February 2026. https://www.americanbanker.com/news/openclaw-ai-creates-shadow-it-risks-for-banks

23. Wikipedia. “OpenClaw.” Background, naming history, and adoption metrics. https://en.wikipedia.org/wiki/OpenClaw

David Berkowitz CIO

I’m Berk — Investor, Educator, and Owner. For 40 years I’ve helped families think like owners and invest in great companies. Earlier in my career I was head trader for a $250 million hedge fund, advised Fortune 500 boards and C-level executives and taught 10,000 of their employees at multi-billion-dollar companies, and trained non-financial employees in value-based management.

See Full Bio