NAVER expands AI infrastructure 🏗️, Microsoft's free agent runtime 🤖, Pink steal 🥷

South Korea just decided it wants its own AI stack. Microsoft decided to give away the agent plumbing for free. A new extortion crew called Pink is using vishing and fake help-desk calls to walk out of Microsoft 365 environments with whatever they want. Three different stories about who owns the layer underneath the model.

What You Need to Know: NAVER and NVIDIA announced a 55MW sovereign AI cloud for South Korea on June 8, 2026, with plans to scale to gigawatt levels using NVIDIA's DSX platform. Microsoft made Microsoft Foundry Agent Service's hosted agents and Voice Live generally available at Build 2026 (June 2). Unit 42 and Google Threat Intelligence both published on Pink, a new vishing-driven extortion group that compromises Microsoft 365 accounts and exfiltrates SharePoint and OneDrive data.

Why It Matters

• Sovereign AI is no longer a buzzword — it's a procurement signal. NAVER is committing 1 trillion won (~$750M USD) and starting with 55MW, scaling to gigawatts. If you're a Korean enterprise or government buyer, the question of "do we run on a US hyperscaler or on a domestic platform" is now answerable with real numbers.
• Microsoft making the agent runtime free is a deliberate land grab. Per Forrester's analysis, "Joule Studio 2.0 is free, agent runtime is free through December 31, 2026, and A2A interoperability is free with no cap." Wait — that was SAP, not Microsoft. Microsoft's move is similar in shape: free hosted agents in Foundry Agent Service through 2026, with no per-seat cap. The play is to make Microsoft the operational layer for everyone, even the teams running on AWS or GCP.
• Pink is the clearest sign yet that vishing works on enterprise help desks. Pink's leak site went live May 31, 2026, and they already had multiple victims within days. The unit 42 indicator list shows passkey-themed phishing domains, residential proxy IPs, and scripted exfiltration using python-requests/2.33.1. This is the threat model your incident response plan needs.
• All three stories are about ownership of the layer between the model and the user. NAVER wants the hardware. Microsoft wants the runtime. Pink wants the identity. The model is the commodity — everything around it is contested.

What Actually Happened

NAVER and NVIDIA: 55MW today, gigawatts by 2030

NAVER and NVIDIA announced a partnership on June 8, 2026, to build a 55MW sovereign AI cloud in South Korea, with plans to scale to gigawatt levels. The infrastructure will be designed and built on NVIDIA's DSX platform and is framed as the foundation for the next generation of NAVER's HyperCLOVA X models. South Korea is committing roughly 1 trillion won (~$750M USD) for GPUs and AI infrastructure.

The technical scope: NAVER is building "AI factory infrastructure" — the term Jensen Huang has been pushing for what used to be called "data centers" — to serve Korean enterprises, developers, and government users. The first phase is 55MW. The full gigawatt target is multi-year. Chosun Biz's coverage notes the project targets "rapid global rollout from 55MW in 2027," meaning the 55MW is the first waypoint, not the destination.

The strategic significance: this is the first major sovereign-AI build where a non-US, non-Chinese company is taking the hardware layer seriously end-to-end. The European sovereign-AI projects (Mistral, Aleph Alpha, BFL) have mostly stayed at the model layer. NAVER is going all the way down to the rack.

• Source: Data Center Dynamics, "Naver to deploy 55MW of Nvidia hardware in South Korea" — https://www.datacenterdynamics.com/en/news/naver-to-deploy-55mw-of-nvidia-hardware-in-south-korea/
• Source: Chosun Biz, "Naver and Nvidia build GW-scale AI factory to lead global" — https://biz.chosun.com/en/en-it/2026/06/08/L5C535YJ5FECVE4MBNCRER2TT4/
• Source: The Tech Capital, "Naver, Nvidia to build 55MW sovereign AI cloud in South Korea" — https://thetechcapital.com/naver-nvidia-to-build-55mw-sovereign-ai-cloud-in-south-korea/

Microsoft makes hosted agents free in Foundry

At Build 2026 (June 2, 2026), Microsoft made the Microsoft Foundry Agent Service generally available with hosted agents, and made Voice Live GA for prompt agents. The pricing model is the headline: hosted agents in Foundry Agent Service are free through 2026, with no per-seat cap. The dev blog is explicit that this is a deliberate platform play — "build in GitHub, run in Foundry, reach users where they already are."

The architecture has three layers. Build: Microsoft Agent Framework, stable across Python and .NET, unifying Semantic Kernel's enterprise foundations with AutoGen's multi-agent orchestration. Skills, memory, and middleware are now first-class. Deploy: hosted agents in Foundry Agent Service, long-running agents and routines, publishing to Microsoft Teams and Microsoft 365 Copilot. Operate: tracing and evaluation for hosted agents, plus an "agent optimizer" that turns production failures into ranked, reviewable agent improvements. Toolboxes in Foundry give a single managed endpoint for every tool type, and any MCP client can point at one URL.

The bigger play is the agent harness. Microsoft treats it as a "flex point, not lock-in" — investments in LangGraph, GitHub Copilot SDK, or Claude Agent SDK carry forward. If you start fresh, Microsoft Agent Framework is the opinionated choice. Either way, you end up running on Foundry, and the agent runtime is the layer Microsoft wants to own.

• Source: Microsoft Dev Blogs, "Build and run agents at scale with Microsoft Foundry at Build 2026" — https://devblogs.microsoft.com/foundry/agent-service-build2026/
• Source: Microsoft Learn, "What is Microsoft Foundry Agent Service?" — https://learn.microsoft.com/en-us/azure/foundry/agents/overview
• Source: Microsoft Build 2026 news — https://news.microsoft.com/build-2026/

Pink: vishing, fake help-desk calls, and Microsoft 365 data theft

Unit 42 (Palo Alto Networks) tracks the activity as CL-CRI-1147, and Google Threat Intelligence Group confirmed to The Register that Pink may be a continuation or rebrand of earlier activity linked to BlackFile and Redact. The group is assessed as likely Com-affiliated. The leak site went live on May 31, 2026, and already listed multiple victims within days.

The playbook is the playbook that has been working for Scattered Spider, Lapsus$, and ShinyHunters: people, help desks, identity systems — not perimeter exploits. Pink's operators use vishing and IT impersonation to phish credentials and MFA codes, then move into Microsoft 365 environments via SharePoint and OneDrive. The exfiltration step is scripted (observed user agents include python-requests/2.28.1 and python-requests/2.33.1) and uses Microsoft Graph to pull files. The extortion email is then sent from the compromised account, and the in-Teams message is sent from the compromised account, which is the part that makes it so disruptive.

The phishing infrastructure is themed around passkeys — domains like passkeyadd[.]com, passkeydeploy[.]com, deploypasskey[.]com — to make the request sound like a legitimate authentication upgrade. Unit 42's full indicator list is on GitHub. Microsoft has been clear that passkeys and FIDO2 actually prevent this class of attack because the origin-bound public key can't be replayed on an attacker-controlled site, but most enterprises are still on SMS or TOTP.

• Source: VPN Central, "Pink Extortion Group Targets Enterprise Users With Vishing and Cloud Data Theft" — https://vpncentral.com/pink-extortion-group-targets-enterprise-users-with-vishing-and-cloud-data-theft/
• Source: Unit 42 threat intel (GitHub) — https://github.com/PaloAltoNetworks/Unit42-timely-threat-intel/blob/main/2026-06-03-Pink-Extortion-Brand-Activity.txt
• Source: Google Cloud, "BlackFile vishing extortion operation" — https://cloud.google.com/blog/topics/threat-intelligence/blackfile-vishing-extortion-operation

The Take

The pattern across all three: the layer between the model and the user is the new platform war. NAVER is staking the hardware. Microsoft is staking the runtime. Pink is staking the identity. The model is becoming a commodity — what you build around it is the value.

For builders, the practical moves are concrete. If you're a Korean enterprise or government buyer, the NAVER-NVIDIA deal is a real option now, not a slide deck. If you're shipping agents, the Microsoft Foundry hosted-agent free tier through 2026 is the cheapest serious option to get to production, and the Microsoft Agent Framework is worth learning even if you don't stay on it. And if you haven't moved your enterprise help desk to phishing-resistant MFA and strict caller verification, you are the next Pink target. That's not a guess — that's what their playbook is designed to find.

Quick Summary

NAVER is building a 55MW sovereign AI cloud with NVIDIA. Microsoft is giving away the agent runtime through 2026. Pink is using vishing to steal Microsoft 365 data. The layer under the model is the new platform war.

Sources

• Data Center Dynamics, "Naver to deploy 55MW of Nvidia hardware in South Korea" — https://www.datacenterdynamics.com/en/news/naver-to-deploy-55mw-of-nvidia-hardware-in-south-korea/
• Microsoft Dev Blogs, "Build and run agents at scale with Microsoft Foundry at Build 2026" — https://devblogs.microsoft.com/foundry/agent-service-build2026/
• VPN Central, "Pink Extortion Group Targets Enterprise Users With Vishing and Cloud Data Theft" — https://vpncentral.com/pink-extortion-group-targets-enterprise-users-with-vishing-and-cloud-data-theft/
• Unit 42, Pink Extortion Brand Activity (Jun 3, 2026) — https://github.com/PaloAltoNetworks/Unit42-timely-threat-intel/blob/main/2026-06-03-Pink-Extortion-Brand-Activity.txt
• Google Cloud, "BlackFile vishing extortion operation" — https://cloud.google.com/blog/topics/threat-intelligence/blackfile-vishing-extortion-operation