Microsoft introduces additional AI safeguards and Microsoft Security Copilot agents.
Every organisation must secure AI and use it to increase security in this era of technology. With AI-first, end-to-end security platform,at Microsoft are committed to assisting businesses in safeguarding their future.
Microsoft introduced Microsoft Security Copilot a year ago to enable defenders to quickly and accurately identify, look into, and address security events. Microsoft are now thrilled to present Security Copilot’s latest development, which includes AI agents that will help with crucial tasks like identity management, data security, and phishing on their own. Artificial intelligence (AI) agents are required for current security since the unrelenting speed and complexity of cyberattacks have outpaced human capabilities.
Phishing assaults, for instance, continue to rank among the most prevalent and destructive cyberthreats. Microsoft discovered almost 30 billion customer-targeting phishing emails between January and December 2024.Security teams that rely on manual procedures and disjointed defences are overwhelmed by the number of these intrusions, which makes it challenging to quickly identify harmful messages and use data-driven insights for more comprehensive cyber risk management.
By managing basic phishing warnings and cyberattacks, the phishing triage agent in Microsoft Security Copilot, which was announced today, frees up human defenders to concentrate on more intricate cyberthreats and preventative security measures. This is only one example of how agents may revolutionise security.
Furthermore, organisations continue to place a high premium on protecting and regulating AI, and it are thrilled to introduce new developments in Microsoft Defender, Microsoft Entra, and Microsoft Purview to further of purpose-built solutions.
Adding AI agentic capabilities to Microsoft Security Copilot
With 84 trillion signals processed daily, Microsoft Threat Intelligence has shown an exponential increase in cyberattacks, including 7,000 password attacks every second. It is now essential to scale cyber defences using AI agents in order to stay up with this threat scenario. With six security agents developed by Microsoft and five by the partners that will be available for preview in April 2025,it are growing Security Copilot.
Microsoft Security’s six new agentic solutions
The six Microsoft Security Copilot agents expand on Security Copilot’s revolutionary capabilities by allowing teams to manage high-volume security and IT tasks independently while interacting with Microsoft Security products. Designed with security in mind, agents function safely in accordance with Microsoft’s Zero Trust foundation, adjust to workflows, and learn from feedback. When security teams are completely in charge, agents prioritise hazards, speed up responses, and increase productivity to enable proactive protection and fortify an organization’s security posture.
Designed for the following, Security Copilot agents will be accessible throughout the Microsoft end-to-end security platform:
- Microsoft Defender’s Phishing Triage Agent accurately classifies phishing alerts in order to distinguish between genuine cyberthreats and false alarms. Based on admin input, it enhances detection and offers clear justifications for its choices.
- In Microsoft Purview, alert triage agents prioritise significant issues, triage data loss prevention and insider risk warnings, and constantly improve accuracy based on admin comments.
- Microsoft Entra’s Conditional Access Optimisation Agent keeps an eye out for new users or apps that aren’t protected by current policies, finds the upgrades that are required to close security flaws, and suggests easy changes that identity teams can implement with just one click.
- With administrator clearance, Microsoft Intune’s Vulnerability repair Agent expedites Windows OS patches and prioritises repair activities and vulnerabilities to address app and policy configuration concerns.
- Security Agent for Threat Intelligence Briefing Based on an organization’s distinct characteristics and vulnerability to cyberthreats, Copilot automatically selects pertinent and timely threat intelligence.
Safety it continue to innovate by utilising the decades of AI research, as seen by Copilot’s agentic capabilities.
Microsoft Security partners have released five new agentic solutions
Microsoft is dedicated to enabling microsoft security ecosystem with an open platform that partners can build upon to provide value to consumers since security is a team sport. In keeping with this, Security Copilot will offer the following five AI agents from the partners:
- OneTrust’s Privacy Breach Response Agent examines data breaches to provide the privacy team with recommendations on how to comply with legal standards.
- The Network Supervisor Agent from Aviatrix summarises problems pertaining to VPN, gateway, or Site2Cloud connection failures and outages and does root cause analysis.
- To help optimise security operations and enhance controls, efficacy, and compliance, BlueVoyant’s SecOps Tooling Agent evaluates a security operations centre (SOC) and the state of controls.
- Tanium’s Alert Triage Agent gives analysts the background information they need to make choices on each alert with confidence and speed.
- To lessen alert fatigue and enhance security, Fletch’s Task Optimiser Agent assists businesses in anticipating and ranking the most important cyberthreat notifications.
New data security analysis and investigation tools driven by AI
In order to assist data security teams in promptly comprehending and reducing the dangers connected with the exposure of sensitive data,it are also announcing Microsoft Purview data security investigations. Deep content analysis driven by AI is introduced by data security investigations, revealing sensitive information and additional hazards associated with incidents. By using these insights, incident investigators may work safely with partner teams and streamline difficult and time-consuming activities, which will improve mitigation.This system, which will be offered for preview starting in April 2025, connects data security investigations to Defender incidents and Purview insider risk cases.
Additional developments in generative AI security and regulation
A solid cybersecurity foundation is necessary for a successful AI revolution. The need to safeguard and regulate the development, uptake, and application of AI in the workplace is becoming more pressing as businesses quickly embrace generative AI. 57% of organisations report an increase in security issues due to the use of AI, according to the recent report, “Secure employee access in the age of AI.” 60% of organisations have not yet implemented AI controls, despite the fact that the majority acknowledge their necessity.
Although securing AI is still a relatively new topic, executives have certain common concerns: how to minimise new AI risks and vulnerabilities; how to prevent data leaks and oversharing; and how to adhere to changing regulatory compliance requirements. Microsoft Security products are designed with AI in mind to assist all organisations in addressing these issues. Microsoft revealing new, cutting-edge features to help businesses protect their investments in AI, including Microsoft AI.
Management of AI security posture in multimodel and multicloud settings
The security posture for AI that is sourced from different models and operates on numerous AI platforms and clouds will need to be strengthened by organisations creating their own custom AI solutions. Microsoft Defender has expanded AI security posture management to include Google VertexAI and every model in the Azure AI Foundry model catalogue in order to meet this need, going beyond Microsoft Azure and Amazon Web Services.
This coverage, which includes Gemini, Gemma, Meta Llama, Mistral, and bespoke models, will be available for preview in May 2025. Organisations will have greater visibility into the code-to-runtime AI security posture across Google Cloud, Amazon Web Services, and Microsoft Azure to new multicloud interoperability. Businesses can get a head start on protecting their AI posture in multimodel and multicloud environments with Microsoft Defender.
New safeguards against new dangers from AI
AI presents additional risks, such as undiscovered vulnerabilities and new attacking surfaces. The top dangers and defences for generative AI applications are determined by the Open Worldwide Application Security Project (OWASP). Beginning in May 2025, Microsoft Defender will offer new and enhanced AI detections for a number of OWASP-identified threats, including wallet abuse, sensitive data exposure, and indirect prompt injection attacks. SOC analysts may better secure and defend custom-built AI apps with these new detections, which include models from the Azure AI Foundry catalogue and new safeguards for Azure OpenAI Service.
New safeguards against dangerous access and data leaks into shadow AI applications
Many organisations are discovering broad use of AI apps that have not yet received approval from IT or security teams due to the rapid user adoption of generative AI. The “shadow AI” situation brought about by this unapproved, unprotected use of AI has significantly raised the possibility of sensitive data leaks. In order to help implement granular access controls that can reduce the danger of shadow AI by implementing policies limiting which individuals and groups have access to certain types of AI applications,microsoft are introducing the broad availability of an AI web category filter in Microsoft Entra internet access.
The next line of defence is to stop users from leaking private information into AI apps, once policy enforcement has been established to control authorised access to these apps. Microsoft are addressing this by releasing a preview of the data loss prevention (DLP) features included into Microsoft Edge for Business’s Purview browser. In order to stop sensitive data from being entered into generative AI apps such as ChatGPT, Copilot Chat, DeepSeek, and Google Gemini security departments can use this to implement DLP policies.
Microsoft Teams now has phishing protection for safer teamwork
Collaboration software has been a popular target for phishing attacks, even if email remains the main cyberthreat channel. Microsoft Defender for Office 365 will defend users against phishing and other sophisticated cyberthreats within Teams when it becomes generally available in April 2025. Teams will be better protected against dangerous URLs with inline protection, which also allows attachments and links to explode in real time. Additionally, data and alarms will be accessible in Microsoft Defender to provide SOC teams with complete visibility into connected attempts and incidents.
Using agile innovation to create a safer environment
Applying the tenets of the safeguard Future Initiative, Microsoft is continuing to develop throughout the Microsoft Security portfolio to provide defenders with industry-leading AI and to equip every organisation with the means to safeguard and manage AI.
