Moonshot AI launched Kimi Work, a downloadable desktop application that runs an AI agent on your own machine rather than in a browser tab. It targets knowledge workers by doing the things a hosted agent usually cannot: it reads your local files, mounts your folders, runs Python scripts, drives a real browser through your already-logged-in sessions, and executes work on a schedule. According to the report it runs on Kimi K2.6, the open-weight Mixture-of-Experts model that activates roughly 32 billion parameters per token, carries a 256K-token context, and is documented to support up to 4,000 coordinated steps, though the article is careful to say reportedly, because Moonshot did not officially confirm the model.

The headline capability is a swarm. Kimi Work splits a task into parallel sub-tasks and runs as many as 300 sub-agents at once, one per file in a document-triage job, for example, then coordinates and merges the results. Around that sit three more building blocks: WebBridge, a browser extension that fills forms, scrolls, and extracts data using your logged-in sessions; a cron engine for daily, hourly, or conditional triggers, with a keep-computer-awake toggle; and local file and code access that mounts folders and preserves originals unless you approve a change. The pitched use cases are the unglamorous core of office work, summarizing quarterly PDFs, pulling historical prices, generating a 7 a.m. market briefing, building a PowerPoint deck, with A-shares, Hong Kong, and US market data pre-integrated.

The whole framing is local agent versus cloud agent, and the product spells out the table: execution on your desktop instead of vendor servers, your mounted folders instead of uploads, your real authenticated browser instead of a hosted sandbox, built-in scheduling instead of an external add-on. The line in that same comparison worth not skipping is the last one: security responsibility shifts from the vendor to you. This is where the week's security thread comes home. A local agent that holds your files, drives your authenticated browser, and can take real actions is the lethal trifecta from the OWASP report, access to private data, exposure to untrusted web content, and the ability to act, except now it is running inside your actual accounts on your actual machine. And Kimi Work ships a YOLO mode that removes the approval gate entirely. Powerful, and exactly the shape security researchers spent this week warning about.

Two threads cross here. One is the agent unit-of-work going plural: a 300-way fan-out is the consumer-desktop version of the multi-agent orchestration the frontier labs keep shipping. The other is local-first agents, and Kimi Work pairs directly with Nous Hermes from yesterday, the same bet that the agent you can trust most is the one running on your own hardware with your own keys, not in someone else's cloud. The honest caveats are real and worth repeating: the K2.6 model is reported, not confirmed; there are no benchmarks, no pricing, and no mention of MCP support, so how it interoperates with the rest of the tool ecosystem is unclear. But Moonshot is a lab worth watching, and it just made the local-agent bet concrete for non-developers. For builders the things to actually test are whether the 300-way fan-out is genuine parallel capability or mostly a headline number, and whether the approval gate, not YOLO mode, is disciplined enough to let an agent live inside your logged-in sessions.