Microsoft Introduces New AI Security Copilot Features and Safeguards

Microsoft Expands AI-Powered Security Capabilities

Microsoft has unveiled a major enhancement to its AI-driven security features, introducing new autonomous agents aimed at bolstering defenses against rising cyber threats. As cyberattacks escalate, with a staggering 30 billion phishing emails detected and around 7,000 password attacks occurring every second, these advancements mark a critical step in cybersecurity.

New AI Agents Revolutionize Security Operations

Set to debut in April 2025, Microsoft is enhancing its Security Copilot with a total of 11 agents—six developed in-house and five created by partners. These autonomous agents are engineered to perform high-volume security tasks and integrate seamlessly with existing Microsoft security platforms.

Key Microsoft-Built Agents

1. Phishing Triage Agent: This agent works within Microsoft Defender to autonomously assess phishing alerts, distinguishing real threats from false alarms.
2. Alert Triage Agents: Located in Microsoft Purview, these agents focus on prioritizing incidents related to data loss prevention and insider risks.
3. Conditional Access Optimization Agent: Found in Microsoft Entra, this agent identifies vulnerabilities in identity protection protocols.
4. Vulnerability Remediation Agent: Integrated into Microsoft Intune, it focuses on effectively managing and prioritizing patch updates.
5. Threat Intelligence Briefing Agent: This tool curates threat information tailored to an organization’s specific security profile.

Partner-Built Agents

In addition to the agents developed by Microsoft, the company has partnered with several organizations to create additional tools:

• Privacy Breach Response Agent (OneTrust): Analyzes data breaches and provides regulatory compliance advice.
• Network Supervisor Agent (Aviatrix): Aids in the management of network security.
• SecOps Tooling Agent (BlueVoyant): Enhances security operations.
• Alert Triage Agent (Tanium): Helps streamline assessing alerts.
• Task Optimizer Agent (Fletch): Optimizes response actions for security teams.

Addressing Emerging AI Threats

With 57% of businesses reporting an uptick in security incidents related to AI technologies, Microsoft is taking additional steps to secure AI investments. Recently, Microsoft Defender has broadened its AI security management capabilities to encompass more platforms, including Google VertexAI alongside existing services like Azure and AWS.

New Detection Features

Starting in May 2025, Microsoft Defender will offer new detection capabilities against AI-related risks identified by OWASP. This includes protection against:

• Indirect prompt injection attacks
• Exposure of sensitive data
• Wallet abuse

These features are designed to safeguard custom AI applications utilizing Azure OpenAI Service and various models cataloged in Azure AI Foundry, such as Gemini and Meta Llama.

Combatting “Shadow AI”

In response to the growing use of unregulated AI applications, Microsoft has introduced AI web filters as part of Microsoft Entra’s internet access security measures. Additionally, Microsoft Purview has implemented data loss prevention controls for browser activities, particularly within Edge for Business. These tools prevent sensitive information from being entered into unauthorized AI applications, such as ChatGPT and Google Gemini.

Microsoft’s Secure Future Initiative

These new advancements are part of Microsoft’s Secure Future Initiative, emphasizing the importance of providing comprehensive tools for organizations to secure and govern their AI tools effectively. By strengthening overall cybersecurity defenses in a turbulent threat environment, Microsoft aims to provide organizations with the support they need to navigate the complexities of modern cybersecurity challenges.

Through these enhancements, Microsoft is committed to helping organizations adapt to the rapidly evolving landscape of cyber threats.

Please follow and like us: