In this age of AI, securing AI and utilizing it to spice up safety are essential for each group. At Microsoft, we’re devoted to serving to organizations safe their future with our AI-first, end-to-end safety platform.
One yr in the past, we launched Microsoft Security Copilot to empower defenders to detect, examine, and reply to safety incidents swiftly and precisely. Now, we’re excited to announce the subsequent evolution of Security Copilot with AI brokers designed to autonomously help with essential areas comparable to phishing, information safety, and identification administration. The relentless tempo and complexity of cyberattacks have surpassed human capability and establishing AI brokers is a necessity for contemporary safety.
For instance, phishing assaults stay one of the crucial frequent and damaging cyberthreats. Between January and December 2024, Microsoft detected greater than 30 billion phishing emails concentrating on prospects.1 The quantity of those cyberattacks overwhelms safety groups counting on guide processes and fragmented defenses, making it troublesome to each triage malicious messages promptly and leverage data-driven insights for broader cyber danger administration.
The phishing triage agent in Microsoft Security Copilot being unveiled at this time can deal with routine phishing alerts and cyberattacks, releasing up human defenders to deal with extra complicated cyberthreats and proactive safety measures. This is only one method brokers can remodel safety.
Additionally, securing and governing AI continues to be the highest precedence for organizations, and we’re excited to advance our purpose-built options with new improvements throughout Microsoft Defender, Microsoft Entra, and Microsoft Purview.
Read on to find out about different brokers we’re introducing to Security Copilot and essential developments in securing AI.
Expanding Microsoft Security Copilot with AI agentic capabilities
Microsoft Threat Intelligence now processes 84 trillion indicators per day, revealing the exponential progress in cyberattacks, together with 7,000 password assaults per second.1 Scaling cyber defenses by AI brokers is now an crucial to maintain tempo with this menace panorama. We are increasing Security Copilot with six safety brokers constructed by Microsoft and 5 safety brokers constructed by our companions—out there for preview in April 2025.
Six new agentic options from Microsoft Security
Building on the transformative capabilities of Security Copilot, the six Microsoft Security Copilot brokers allow groups to autonomously deal with high-volume safety and IT duties whereas seamlessly integrating with Microsoft Security options. Purpose-built for safety, brokers be taught from suggestions, adapt to workflows, and function securely—aligned to Microsoft’s Zero Trust framework. With safety groups absolutely in management, brokers speed up responses, prioritize dangers, and drive effectivity to allow proactive safety and strengthen a corporation’s safety posture.
Security Copilot brokers can be out there throughout the Microsoft end-to-end safety platform, designed for the next:
- Phishing Triage Agent in Microsoft Defender triages phishing alerts with accuracy to determine actual cyberthreats and false alarms. It offers easy-to-understand explanations for its selections and improves detection primarily based on admin suggestions.
- Alert Triage Agents in Microsoft Purview triage information loss prevention and insider danger alerts, prioritize essential incidents, and constantly enhance accuracy primarily based on admin suggestions.
- Conditional Access Optimization Agent in Microsoft Entra screens for brand spanking new customers or apps not coated by current insurance policies, identifies obligatory updates to shut safety gaps, and recommends fast fixes for identification groups to use with a single click on.
- Vulnerability Remediation Agent in Microsoft Intune screens and prioritizes vulnerabilities and remediation duties to handle app and coverage configuration points and expedites Windows OS patches with admin approval.
- Threat Intelligence Briefing Agent in Security Copilot routinely curates related and well timed menace intelligence primarily based on a corporation’s distinctive attributes and cyberthreat publicity.
Security Copilot’s agentic capabilities are an instance of how we proceed to ship innovation leveraging our many years of AI analysis. See how brokers work.
“This is just the beginning; our security AI research is pushing the boundaries of innovation, and we are eager to continuously bring even greater value to our customers at the speed of AI.”
—Alexander Stojanovic, Vice President of Microsoft Security AI Applied Research
Five new agentic options from Microsoft Security companions
Security is a staff sport and Microsoft is dedicated to empowering our safety ecosystem with an open platform upon which companions can construct to ship worth to prospects. In this spirit, the next 5 AI brokers from our companions can be out there in Security Copilot:
- Privacy Breach Response Agent by OneTrust analyzes information breaches to generate steering for the privateness staff on methods to meet regulatory necessities.
- Network Supervisor Agent by Aviatrix performs root trigger evaluation and summarizes points associated to VPN, gateway, or Site2Cloud connection outages and failures.
- SecOps Tooling Agent by BlueVoyant assesses a safety operations heart (SOC) and state of controls to make suggestions that assist optimize safety operations and enhance controls, efficacy, and compliance.
- Alert Triage Agent by Tanium offers analysts with the mandatory context to shortly and confidently make selections on every alert.
- Task Optimizer Agent by Fletch helps organizations forecast and prioritize probably the most essential cyberthreat alerts to cut back alert fatigue and enhance safety.
“An agentic approach to privacy will be game-changing for the industry. Autonomous AI agents will help our customers scale, augment, and increase the effectiveness of their privacy operations. Built using Microsoft Security Copilot, the OneTrust Privacy Breach Response Agent demonstrates how privacy teams can analyze and meet increasingly complex regulatory requirements in a fraction of the time required historically.”
—Blake Brannon, Chief Product and Strategy Officer, OneTrust
Learn extra about Security Copilot brokers and get began with Security Copilot. Current Security Copilot prospects can be a part of our Customer Connection Program for the most recent updates.
New AI-powered information safety investigations and evaluation
We are additionally asserting Microsoft Purview information safety investigations to assist information safety groups shortly perceive and mitigate dangers related to delicate information publicity. Data safety investigations introduce AI-powered deep content material evaluation, which identifies delicate information and different dangers linked to incidents. Incident investigators can use these insights to collaborate securely with associate groups and simplify complicated and time-consuming duties, thus enhancing mitigation. This resolution hyperlinks information safety investigations to Defender incidents and Purview insider danger instances—out there for preview beginning April 2025.
Further advances in securing and governing generative AI
Successful AI transformation requires a powerful cybersecurity basis. As organizations quickly undertake generative AI, there may be rising urgency to safe and govern the creation, adoption, and use of AI within the office. According to our new report, “Secure employee access in the age of AI,” 57% of organizations report a rise in safety incidents from AI utilization. And whereas most organizations acknowledge the necessity for AI controls, 60% haven’t but began.
Securing AI continues to be a comparatively new problem, and leaders share some particular considerations: methods to stop information oversharing and leakage; methods to reduce new AI threats and vulnerabilities; and methods to adjust to shifting regulatory compliance necessities. Microsoft Security options are purpose-built for AI to assist each group handle these considerations. We’re asserting new superior capabilities in order that organizations can safe their AI investments—each Microsoft AI and different AI.
AI safety posture administration for multimodel and multicloud environments
Organizations growing their very own {custom} AI options might want to strengthen the safety posture for AI that they supply from a number of fashions, working in a number of AI platforms and clouds. To handle this want, Microsoft Defender has prolonged AI safety posture administration past Microsoft Azure and Amazon Web Services to incorporate Google VertexAI and all fashions within the Azure AI Foundry mannequin catalog. Available for preview in May 2025, this protection consists of Gemini, Gemma, Meta Llama, Mistral, and {custom} fashions. With new multicloud interoperability, organizations will achieve broader code-to-runtime AI safety posture visibility throughout Microsoft Azure, Amazon Web Services, and Google Cloud. Microsoft Defender can provide organizations a jumpstart to securing AI posture throughout multimodel and multicloud environments.
New detection and safety for rising AI threats
With AI comes new dangers, together with new cyberattack surfaces and unknown vulnerabilities. The Open Worldwide Application Security Project (OWASP) identifies the best precedence dangers and mitigations for generative AI apps. Starting in May 2025, new and enriched AI detections for a number of dangers recognized by OWASP comparable to oblique immediate injection assaults, delicate information publicity, and pockets abuse can be usually out there in Microsoft Defender. With these new detections, SOC analysts can higher defend and defend custom-built AI apps with new safeguards for Azure OpenAI Service and fashions discovered within the Azure AI Foundry catalog.
New controls to stop dangerous entry and information leaks into shadow AI apps
With the fast person adoption of generative AI, many organizations are uncovering widespread use of AI apps that haven’t but been authorized by IT or safety groups. This unsanctioned, unprotected use of AI has created a “shadow AI” phenomenon, which has drastically elevated the danger of delicate information leakage. We are asserting common availability of AI net class filter in Microsoft Entra web entry to assist implement granular entry controls that may curb the danger of shadow AI by implementing insurance policies governing which customers and teams have entry to several types of AI purposes.
With coverage enforcement in place to manipulate licensed entry to AI apps, the subsequent layer of protection is to stop customers from leaking delicate information into AI apps. To handle this, we’re asserting the preview of Microsoft Purview browser information loss prevention (DLP) controls constructed into Microsoft Edge for Business. This helps safety groups implement DLP insurance policies to stop delicate information from being typed into generative AI apps, beginning with ChatGPT, Copilot Chat, DeepSeeokay, and Google Gemini.
Learn extra about our new improvements in Security for AI.
New phishing safety in Microsoft Teams for safer collaboration
While electronic mail continues to be the first cyberthreat vector for phishing, collaboration software program has turn out to be a standard goal. Generally out there in April 2025, Microsoft Defender for Office 365 will defend customers towards phishing and different superior cyberthreats inside Teams. With inline safety, Teams could have higher safety towards malicious URLs, together with real-time detonation of attachments and hyperlinks. And to present SOC groups full visibility into associated makes an attempt and incidents, alerts and information can be out there in Microsoft Defender.
Agile innovation to construct a safer world
We proceed to innovate throughout the Microsoft Security portfolio, making use of the rules of our Secure Future Initiative, to ship highly effective, end-to-end safety to present defenders industry-leading AI, and to empower each group with the instruments to safe and govern AI. We are grateful for our prospects and companions and collectively, with them, we stay up for constructing a safer world for all.
Microsoft Secure
To see these improvements in motion, be a part of us on April 9, 2025 for Microsoft Secure, a digital occasion centered on safety within the age of AI.
Learn with Microsoft Security
To be taught extra about Microsoft Security options, go to our web site. Bookmark the Security weblog to maintain up with our skilled protection on safety issues. Also, observe us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the most recent information and updates on cybersecurity.
1Based on Microsoft inside information.