Moonshot AI, the lab behind the Kimi models, released Kimi Work, a downloadable desktop application for macOS on Apple silicon and for Windows that runs AI agents locally on your own machine rather than in the cloud. You hand it a goal in plain language and it acts autonomously on your local files and browser sessions to carry it out. It runs on Kimi K2.6, the lab's open-weight Mixture-of-Experts model, roughly 32 billion active parameters per token, a 256K-token context, and documented coordination across as many as 4,000 steps.

The headline feature is the swarm. Kimi Work can run up to 300 sub-agents in parallel on your own hardware, splitting a task into pieces and coordinating their results, which is multi-agent orchestration of the kind that until now lived in cloud workflow engines, running instead on a laptop. The plumbing around it is built for unattended work. A browser extension called WebBridge drives your real browser, searching, scrolling, extracting, and filling forms, and it inherits your existing logins and cookies, so the agent is acting as you. A built-in cron scheduler takes standard five-field expressions with daily, hourly, and conditional triggers, includes a Keep Computer Awake toggle for overnight runs, and can execute Python and shell scripts. The agent reads mounted local folders and runs Python in the background, preserving original files unless you approve a change, and it ships with pre-integrated market data for A-shares, Hong Kong, and US equities and can turn research into PowerPoint decks and Excel sheets.

This is the local-first agent posture again, the same one Nous Research's profile builder took the day before: your machine, your data, your keys, no cloud round-trip. Moonshot states the tradeoff cleanly, local execution keeps data on your device and reaches real files, while cloud execution trades that control for zero-setup convenience and managed safety. It is also the agent-runtime contest landing squarely on the desktop, from a Chinese lab, with the local swarm as the differentiator. The thing that used to require a hosted orchestration platform now installs on consumer hardware and runs while you sleep.

The capability and the risk are the same surface, and it is worth naming plainly the day after an OWASP report put prompt injection at the top of agentic failures. A 300-agent swarm that holds your logins through the browser, reads untrusted web pages, runs shell and Python, and touches your files is, in security terms, the lethal trifecta on your own desktop: access to private data, exposure to untrusted content, and the power to act. Running locally is a genuine win for data privacy, nothing leaves the machine, but it does not change the injection math; an agent that reads a malicious page while holding your cookies and a shell is the same risk whether it sits in a data center or beside your photos, and overnight autonomy widens the window in which a bad instruction can run unwatched. Kimi Work itself is proprietary even though K2.6 is open-weight. For builders the read is concrete: this is the most capable local desktop swarm shipped so far, and the setting to get right before you trust it overnight is the boundary, which folders, which credentials, and which commands those 300 agents are actually allowed to touch.