Super Investors Be Like
John Armitage·MICROSOFT CORP
MSFT

Microsoft — Key Risks

AI Overview
Activity & BusinessResultsFinancialsRisks

Active Nation-State Cyberattacks Have Already Breached Microsoft's Systems

In late 2023, a nation-state actor used a simple "password spray" technique to break into Microsoft email accounts and then accessed some of Microsoft's own source code repositories. The filing explicitly warns this threat actor "could continue to utilize this and other information to attempt to gain access" to systems going forward. Because Microsoft's infrastructure underpins so many businesses worldwide, a breach of Microsoft is effectively a breach of its customers too — and the reputational and legal fallout could be severe.

The IRS Is Seeking $28.9 Billion in Back Taxes

The IRS has issued proposed adjustments targeting Microsoft's intercompany transfer pricing (how it allocates profit between its global subsidiaries) for the tax years 2004–2013, seeking $28.9 billion plus penalties and interest. While Microsoft disputes this, an adverse outcome would be one of the largest corporate tax settlements in history. Even a partial loss could materially dent earnings and force changes to how Microsoft structures its international business.

AI Investment Is Massive and Unproven at Scale

Microsoft is pouring enormous capital into AI infrastructure — datacenters, chips, and development — but the filing openly acknowledges it "may not grow revenue in line with the infrastructure and development investments." The company also relies heavily on its OpenAI partnership, a third party it does not fully control. If AI products don't generate sufficient customer adoption or if the partnership hits turbulence, the returns on this spending may disappoint.

Antitrust and Market Regulation Could Force Business Model Changes

Regulators in the U.S., EU, UK, and China are actively scrutinizing Microsoft under competition laws, and new digital market regulations are being enacted. Past enforcement actions have been used as precedent for new ones. Fines, behavioral restrictions, or forced changes to how Microsoft bundles products could reduce the attractiveness of its ecosystem and the revenue it generates.

AI-Related Legal Liability Is Growing and Poorly Defined

Microsoft is facing copyright infringement claims related to how AI systems are trained and what they output. The regulatory landscape — including the EU's AI Act — is still forming, meaning compliance costs are uncertain. If courts or regulators rule against Microsoft's AI training practices, it could be forced to redesign products, pay royalties, or limit what its AI can do.

Datacenter Infrastructure Has Real Physical Constraints

Microsoft's cloud and AI growth depends on building more datacenters, but the filing flags genuine bottlenecks: availability of land, power, water, and graphics processing units (GPUs) — the specialized chips that power AI workloads. Competitors use the same suppliers. If these inputs become scarce or expensive, Microsoft could face capacity shortfalls right when customer demand is accelerating.

Trade Controls and Tariffs Could Limit Where Microsoft Can Sell AI

U.S. export controls, including the so-called AI Diffusion Rule, restrict which countries and entities can access certain Microsoft AI products and services. Shifting U.S. trade policy creates uncertainty for both hardware supply chains (devices assembled in Asia) and cloud service delivery globally. If restrictions tighten further, Microsoft could lose access to significant international markets for its highest-growth products.