Microsoft Enhances Security Copilot with AI Agents

News

Microsoft Introduces New AI Security Copilot Agents

Microsoft recently revealed its plans to enhance Microsoft Security by adding AI-powered Copilot agents. This initiative aims to strengthen defenses against the growing number of cyber threats organizations are facing today.

This announcement coincides with updates to Microsoft Defender, Entra, and Purview, all aimed at improving safeguards for generative AI systems. Notably, it marks the one-year anniversary of the Microsoft Security Copilot service.

“In this AI-driven era, it’s essential for organizations to protect their AI systems while using AI to enhance their security protocols,” stated Vasu Jakkal, corporate vice president of Microsoft Security, in a recent blog post. “At Microsoft, our goal is to help institutions build a secure future with our AI-first approach to security.”

New AI Agents for Enhanced Security

Microsoft is expanding its security platform with the addition of six new AI agents developed in-house, along with five agents from various partners. These agents are designed to automate numerous high-volume security tasks, such as managing phishing incidents, fixing vulnerabilities, preventing data loss, and securing identities.

Microsoft’s Built-in Agents

The built-in agents cover the following areas:

• Alert Triage Agents in Microsoft Purview: Focused on prioritizing alerts regarding insider risks.
• Conditional Access Optimization Agent in Entra: Identifies weaknesses in identity policies.
• Vulnerability Remediation Agent in Intune: Aims to streamline the management of patches.
• Threat Intelligence Briefing Agent: Generates customized threat summaries based on an organization’s specific threat landscape.

These agents are set to be available for public preview starting in April and are designed to improve over time through user feedback. They will also operate within Microsoft’s Zero Trust security framework, ensuring maximum protection.

Partner Contributions

In addition to Microsoft’s internal developments, five partner organizations are contributing their own AI-driven tools to enhance the Security Copilot ecosystem:

• OneTrust: Introduces the Privacy Breach Response Agent, which helps navigate regulatory requirements.
• Aviatrix: Provides a Network Supervisor Agent that resolves VPN and gateway issues.
• BlueVoyant: Offers a SecOps Tooling Agent that enhances Security Operations Center (SOC) effectiveness and compliance.
• Tanium: Presents an Alert Triage Agent designed to give incident analysts deeper insights.
• Fletch: Creates a Task Optimizer Agent to help reduce alert overload by prioritizing threats.

According to Blake Brannon, Chief Product and Strategy Officer at OneTrust, “Implementing an agent-based approach to privacy will revolutionize the industry. Autonomous AI agents will allow our clients to scale and enhance their privacy processes more efficiently.”

Additional Tools and Features

Besides the agents, Microsoft has also introduced several AI tools aimed at improving AI governance and data safety:

• AI Security Posture Management: Expands to Google Vertex AI and models available in Azure AI Foundry, with a preview set for May.
• Enhanced Threat Detection in Defender: Targets risks such as prompt injection, wallet abuses, and other vulnerabilities in AI applications identified by OWASP.
• AI Web Category Filters in Microsoft Entra: Designed to block unauthorized access to unapproved “shadow AI” applications.
• Browser-Based Data Loss Prevention in Microsoft Purview: Aims to prevent unauthorized data entry into generative AI tools like ChatGPT and Gemini via Edge for Business.

Starting in April 2025, Microsoft Defender for Office 365 will provide enhanced security for Teams, offering protection against phishing and various advanced threats. Updates will include real-time URL screening and suspicious attachment analysis, ensuring security teams have improved visibility through alerts and integrated incident data.