Update 24th December: Galen Hunt, Microsoft’s Distinguished Engineer, has backtracked on his original statement about eliminating C and C++. His LinkedIn post attracted more attention than he expected, prompting him to clarify what Microsoft’s actually doing.
Hunt now says Windows won’t get a complete AI-powered rewrite to Rust. Instead, his team’s building technology to make language transitions easier. He’s calling this a “research” initiative.
Fair enough, but his original post made some pretty bold claims. They were easy to interpret exactly the way we did. Even without a wholesale refactor, Hunt and his colleagues are likely still aiming to eventually remove C and C++ from Microsoft’s codebases. That includes Windows’ core components. And yes, it probably involves automated tooling that could reasonably be called AI. Rust’s still in the picture too.
TLDR: Microsoft is building a dedicated team to eliminate C and C++ code across its products by 2030, using AI-powered translation tools to convert legacy codebases to Rust. The company claims a single engineer can process one million lines of code monthly using these AI agents. This ambitious plan targets Windows’ core components and raises questions about automated code translation security.
Table of Contents
Microsoft Targets Complete C and C++ Elimination from Windows Using AI-Assisted Translation
Microsoft has announced plans that sound almost absurd. The tech giant wants to remove every line of C and C++ code from its products by 2030. That includes Windows, which is primarily built on these languages.
Galen Hunt, a Distinguished Engineer who’s been at Microsoft for 30 years, is spearheading this effort. His team posted a job listing for an IC5 Principal Software Engineer role. The listing revealed something quite extraordinary: they’re using AI to rewrite Microsoft’s largest codebases.
“Our goal is to eliminate every line of C and C++ from Microsoft by 2030,” Hunt stated. The strategy combines AI and algorithms to translate code at scale.
One Engineer, One Month, One Million Lines: Microsoft’s AI Translation Targets
Here’s where things get interesting. Microsoft believes a single engineer can translate a million lines of code in one month using AI. That’s their “North Star” metric.
The company has built what they call a “code processing infrastructure.” This system uses AI agents to modify code at massive scale. Think of it as an automated translation service, but for programming languages instead of human ones.
This isn’t just theoretical talk. Microsoft CEO Satya Nadella previously mentioned that AI writes up to 30% of the company’s code. Windows is likely included in that figure.
William Fieldhouse, Director of Aardwolf Security Ltd, offers this perspective: “The security benefits of Rust are undeniable, but translating millions of lines of legacy code using AI agents introduces significant risks. Code translation isn’t just about syntax conversion; it’s about preserving the intent and security context of the original implementation. Organisations considering similar migrations should ensure a secure code review covers both the legacy and translated codebases.”
Why Rust Instead of C and C++ for Windows Security
Rust offers memory safety guarantees that C and C++ simply can’t match. Unless you explicitly use the “unsafe” keyword, Rust prevents memory-related vulnerabilities.
Microsoft’s been advocating for Rust since 2019. They’ve already created Windows API bindings for Rust developers through their “windows-rs” GitHub project. The company’s also exploring Rust for driver development.
These weren’t just experimental projects. Microsoft was laying groundwork for this massive transition.
The memory safety angle matters for security. Memory corruption bugs cause loads of Windows vulnerabilities. Rust’s compiler catches these issues before code ships.
Can AI Agents Properly Translate Complex Windows Code?
Here’s the tricky bit. AI can translate syntax between languages fairly well. But can it understand programmer intent?
Windows updates have broken Task Manager and triggered BitLocker recovery screens recently. If humans struggle with Windows code complexity, how will AI fare?
The concern isn’t about Rust itself. Rust is brilliant for security. The worry is trusting AI to translate critical system code accurately.
Think about Windows’ kernel and low-level components. These run millions of systems worldwide. A translation error could affect countless users.
For organisations evaluating the best penetration testing company to assess their applications, understanding language-specific vulnerabilities becomes crucial during this transition period.
Microsoft’s Broader Shift Away from Native Languages Raises Performance Questions
Microsoft’s been moving away from native technologies for years. WinUI, XAML, and C++ are gradually being replaced.
The result? Popular Windows applications have become RAM-consuming monsters. Discord and Teams are prime examples. They use web technologies that demand more system resources.
Windows UI is shifting to web-based components too. The Start menu now uses React. The Notifications Centre triggers WebView2 instances for calendar views. That’s a new Edge process every time you check notifications.
This broader pattern suggests Microsoft’s willing to trade performance for developer convenience. The Rust migration fits this trend, though Rust itself performs well.
What This Means for Windows Security and Stability
Microsoft’s CoreAI team within the EngHorizons organisation is leading this effort. They’re recruiting engineers who can work with their code processing infrastructure.
The timeline is aggressive. Five years to translate Windows’ entire codebase sounds optimistic. Windows has millions upon millions of lines of code.
But Microsoft seems confident. They’ve got AI agents, a solid infrastructure, and a clear target.
Time will tell whether this ambitious plan succeeds. The security benefits could be massive if done right. But the risks of automated translation at this scale shouldn’t be ignored.
Organisations concerned about their own application security should consider getting a penetration test quote to identify vulnerabilities before migrating to new languages or frameworks.
For now, Windows developers should prepare for a Rust-dominated future. Microsoft’s made its intentions clear. The question isn’t whether they’ll attempt this migration, but how smoothly they can pull it off.
