New AI Agents from Microsoft Designed to Assist Security Professionals in Tackling Emerging Threats

ByDeepMind

Introduction to Microsoft Security Copilot and AI Agents

Microsoft has recently introduced a range of AI agents as part of its Security Copilot initiative, aimed at enhancing organizational security against the growing number of digital threats. Unveiled in March 2025, this innovative approach combines Microsoft’s own technology with contributions from various third-party partners. The agents are set to be available for preview in April, offering businesses an exciting way to manage security risks more efficiently.

Overview of AI Agents in Microsoft Security Copilot

The new AI agents are designed to integrate seamlessly with existing Microsoft security solutions, enhancing their capabilities. Drawing inspiration from Microsoft’s Zero Trust framework, these agents not only streamline security processes but also adapt to user feedback, ensuring alignment with internal workflows. Microsoft has developed six proprietary agents, while five others come from trusted partners.

Details of Microsoft-Created Agents

  1. Phishing Triage Agent in Microsoft Defender

    • This agent helps in managing phishing alerts effectively by prioritizing them based on real threats. It offers clear explanations for its categorization, enhancing the decision-making process. Additionally, it can refine its threat detection abilities through user feedback, gradually improving its performance.

  2. Alert Triage Agent in Microsoft Purview

    • Focusing on alerts related to data loss and insider threats, this agent assists organizations in managing risks by analyzing potential dangers and offering insights for mitigation.

  3. Conditional Access Optimization Agent in Microsoft Entra

    • This agent identifies new users and applications lacking proper security policies. By recommending necessary updates and providing quick fixes, it helps to close security gaps.

  4. Vulnerability Remediation Agent in Microsoft Intune

    • Aiming to address security vulnerabilities, this agent highlights potential issues within applications, configuration settings, and recommends critical Windows patches.
  5. Threat Intelligence Briefing Agent in Security Copilot
    • Collaborating with Security Copilot, this agent delivers timely threat intelligence specific to an organization’s frameworks and vulnerabilities, allowing for a more informed security approach.

Third-Party Agents Available in Security Copilot

In addition to Microsoft’s own agents, five third-party developed agents will also be incorporated into the Security Copilot framework:

  1. Privacy Breach Response Agent by OneTrust

    • This agent assesses data breaches, guiding organizations on how to comply with relevant regulations and minimize legal risks.

  2. Network Supervisor Agent by Aviatrix

    • This tool examines security risks related to network connections, identifying potential issues with VPN, gateways, or other connection failures.

  3. SecOps Tooling Agent by BlueVoyant

    • By reviewing the functioning of security operations centers, this agent offers advice on enhancements and optimizations to improve security measures.

  4. Alert Triage Agent by Tanium

    • This agent contextualizes security alerts, helping users determine appropriate responses based on varying scenarios and alerts.
  5. Task Optimizer Agent by Fletch
    • It prioritizes the most critical security alerts within an organization, allowing security teams to focus their efforts effectively.

Functionality and Cost of Microsoft Security Copilot

Officially launched a year ago, Microsoft Security Copilot utilizes artificial intelligence to monitor and analyze security threats. The main aim is to automate routine tasks, allowing IT and security experts to concentrate on more high-priority issues. This initiative is also geared toward enhancing response times and ensuring threats are resolved efficiently.

Organizations are billed on a pay-as-you-go basis, where costs are calculated through Security Compute Units (SCUs). Each SCU, which runs for 24 hours, is priced at $4, leading to an estimated monthly cost of about $2,920 for continuous use.

Validity of AI Agents in Threat Management

Security experts recognize the potential of AI agents in improving response effectiveness; however, they also caution about the current technology’s limitations. AI can sometimes miss out on actual threats or mistakenly identify benign situations as threats, making human oversight crucial. As organizations weigh adopting these tools, many still seek clarity on aspects such as data management and licensing.

Overall, while Microsoft’s Security Copilot and its team of AI agents offer innovative solutions for modern security challenges, careful implementation and human involvement remain paramount for achieving desired outcomes.

Please follow and like us:
error
fb-share-icon
Tweet
fb-share-icon

Related