Tuesday, March 25, 2025
Latest:
Microsoft Secure

Microsoft unveils Microsoft Security Copilot agents and new protections for AI

TH Author

In this age of AI, securing AI and using it to boost security are crucial for every organization. At Microsoft, we are dedicated to helping organizations secure their future with our AI-first, end-to-end security platform.

Circular diagram showcasing Microsoft’s end-to-end security across AI, clouds, apps, data, devices, and identities.

One year ago, we launched Microsoft Security Copilot to empower defenders to detect, investigate, and respond to security incidents swiftly and accurately. Now, we are excited to announce the next evolution of Security Copilot with AI agents designed to autonomously assist with critical areas such as phishing, data security, and identity management. The relentless pace and complexity of cyberattacks have surpassed human capacity and establishing AI agents is a necessity for modern security.

For example, phishing attacks remain one of the most common and damaging cyberthreats. Between January and December 2024, Microsoft detected more than 30 billion phishing emails targeting customers.1 The volume of these cyberattacks overwhelms security teams relying on manual processes and fragmented defenses, making it difficult to both triage malicious messages promptly and leverage data-driven insights for broader cyber risk management.

The phishing triage agent in Microsoft Security Copilot being unveiled today can handle routine phishing alerts and cyberattacks, freeing up human defenders to focus on more complex cyberthreats and proactive security measures. This is just one way agents can transform security.

Additionally, securing and governing AI continues to be the top priority for organizations, and we are excited to advance our purpose-built solutions with new innovations across Microsoft Defender, Microsoft Entra, and Microsoft Purview. 

Read on to learn about other agents we are introducing to Security Copilot and important developments in securing AI. 

Expanding Microsoft Security Copilot with AI agentic capabilities

Microsoft Threat Intelligence now processes 84 trillion signals per day, revealing the exponential growth in cyberattacks, including 7,000 password attacks per second.1 Scaling cyber defenses through AI agents is now an imperative to keep pace with this threat landscape. We are expanding Security Copilot with six security agents built by Microsoft and five security agents built by our partners—available for preview in April 2025.

Six new agentic solutions from Microsoft Security

Building on the transformative capabilities of Security Copilot, the six Microsoft Security Copilot agents enable teams to autonomously handle high-volume security and IT tasks while seamlessly integrating with Microsoft Security solutions. Purpose-built for security, agents learn from feedback, adapt to workflows, and operate securely—aligned to Microsoft’s Zero Trust framework. With security teams fully in control, agents accelerate responses, prioritize risks, and drive efficiency to enable proactive protection and strengthen an organization’s security posture.

Circular images with arrows that drive to Security Copilot logo with designed image list of the agents available.

Security Copilot agents will be available across the Microsoft end-to-end security platform, designed for the following:

  • Phishing Triage Agent in Microsoft Defender triages phishing alerts with accuracy to identify real cyberthreats and false alarms. It provides easy-to-understand explanations for its decisions and improves detection based on admin feedback.
  • Alert Triage Agents in Microsoft Purview triage data loss prevention and insider risk alerts, prioritize critical incidents, and continuously improve accuracy based on admin feedback.
  • Conditional Access Optimization Agent in Microsoft Entra monitors for new users or apps not covered by existing policies, identifies necessary updates to close security gaps, and recommends quick fixes for identity teams to apply with a single click.
  • Vulnerability Remediation Agent in Microsoft Intune monitors and prioritizes vulnerabilities and remediation tasks to address app and policy configuration issues and expedites Windows OS patches with admin approval.
  • Threat Intelligence Briefing Agent in Security Copilot automatically curates relevant and timely threat intelligence based on an organization’s unique attributes and cyberthreat exposure.

Security Copilot’s agentic capabilities are an example of how we continue to deliver innovation leveraging our decades of AI research. See how agents work.

“This is just the beginning; our security AI research is pushing the boundaries of innovation, and we are eager to continuously bring even greater value to our customers at the speed of AI.”  

—Alexander Stojanovic, Vice President of Microsoft Security AI Applied Research

Five new agentic solutions from Microsoft Security partners

Security is a team sport and Microsoft is committed to empowering our security ecosystem with an open platform upon which partners can build to deliver value to customers. In this spirit, the following five AI agents from our partners will be available in Security Copilot:

  • Privacy Breach Response Agent by OneTrust analyzes data breaches to generate guidance for the privacy team on how to meet regulatory requirements.
  • Network Supervisor Agent by Aviatrix performs root cause analysis and summarizes issues related to VPN, gateway, or Site2Cloud connection outages and failures.
  • SecOps Tooling Agent by BlueVoyant assesses a security operations center (SOC) and state of controls to make recommendations that help optimize security operations and improve controls, efficacy, and compliance.
  • Alert Triage Agent by Tanium provides analysts with the necessary context to quickly and confidently make decisions on each alert.
  • Task Optimizer Agent by Fletch helps organizations forecast and prioritize the most critical cyberthreat alerts to reduce alert fatigue and improve security.

“An agentic approach to privacy will be game-changing for the industry. Autonomous AI agents will help our customers scale, augment, and increase the effectiveness of their privacy operations. Built using Microsoft Security Copilot, the OneTrust Privacy Breach Response Agent demonstrates how privacy teams can analyze and meet increasingly complex regulatory requirements in a fraction of the time required historically.”

—Blake Brannon, Chief Product and Strategy Officer, OneTrust

Learn more about Security Copilot agents and get started with Security Copilot. Current Security Copilot customers can join our Customer Connection Program for the latest updates.

New AI-powered data security investigations and analysis   

We are also announcing Microsoft Purview data security investigations to help data security teams quickly understand and mitigate risks associated with sensitive data exposure. Data security investigations introduce AI-powered deep content analysis, which identifies sensitive data and other risks linked to incidents. Incident investigators can use these insights to collaborate securely with partner teams and simplify complex and time-consuming tasks, thus improving mitigation. This solution links data security investigations to Defender incidents and Purview insider risk cases—available for preview starting April 2025.  

Further advances in securing and governing generative AI

Successful AI transformation requires a strong cybersecurity foundation. As organizations rapidly adopt generative AI, there is growing urgency to secure and govern the creation, adoption, and use of AI in the workplace. According to our new report, “Secure employee access in the age of AI,” 57% of organizations report an increase in security incidents from AI usage. And while most organizations recognize the need for AI controls, 60% have not yet started.

Securing AI is still a relatively new challenge, and leaders share some specific concerns: how to prevent data oversharing and leakage; how to minimize new AI threats and vulnerabilities; and how to comply with shifting regulatory compliance requirements. Microsoft Security solutions are purpose-built for AI to help every organization address these concerns. We’re announcing new advanced capabilities so that organizations can secure their AI investments—both Microsoft AI and other AI.

AI security posture management for multimodel and multicloud environments

Organizations developing their own custom AI solutions will need to strengthen the security posture for AI that they source from multiple models, running in multiple AI platforms and clouds. To address this need, Microsoft Defender has extended AI security posture management beyond Microsoft Azure and Amazon Web Services to include Google VertexAI and all models in the Azure AI Foundry model catalog. Available for preview in May 2025, this coverage includes Gemini, Gemma, Meta Llama, Mistral, and custom models. With new multicloud interoperability, organizations will gain broader code-to-runtime AI security posture visibility across Microsoft Azure, Amazon Web Services, and Google Cloud. Microsoft Defender can give organizations a jumpstart to securing AI posture across multimodel and multicloud environments.

New detection and protection for emerging AI threats

With AI comes new risks, including new cyberattack surfaces and unknown vulnerabilities. The Open Worldwide Application Security Project (OWASP) identifies the highest priority risks and mitigations for generative AI apps. Starting in May 2025, new and enriched AI detections for several risks identified by OWASP such as indirect prompt injection attacks, sensitive data exposure, and wallet abuse will be generally available in Microsoft Defender. With these new detections, SOC analysts can better protect and defend custom-built AI apps with new safeguards for Azure OpenAI Service and models found in the Azure AI Foundry catalog.

New controls to prevent risky access and data leaks into shadow AI apps

With the rapid user adoption of generative AI, many organizations are uncovering widespread use of AI apps that have not yet been approved by IT or security teams. This unsanctioned, unprotected use of AI has created a “shadow AI” phenomenon, which has drastically increased the risk of sensitive data leakage. We are announcing general availability of AI web category filter in Microsoft Entra internet access to help enforce granular access controls that can curb the risk of shadow AI by enforcing policies governing which users and groups have access to different types of AI applications.

With policy enforcement in place to govern authorized access to AI apps, the next layer of defense is to prevent users from leaking sensitive data into AI apps. To address this, we are announcing the preview of Microsoft Purview browser data loss prevention (DLP) controls built into Microsoft Edge for Business. This helps security teams enforce DLP policies to prevent sensitive data from being typed into generative AI apps, starting with ChatGPT, Copilot Chat, DeepSeek, and Google Gemini.

Learn more about our new innovations in Security for AI.

New phishing protection in Microsoft Teams for safer collaboration

While email continues to be the primary cyberthreat vector for phishing, collaboration software has become a common target. Generally available in April 2025, Microsoft Defender for Office 365 will protect users against phishing and other advanced cyberthreats within Teams. With inline protection, Teams will have better protection against malicious URLs, including real-time detonation of attachments and links. And to give SOC teams full visibility into related attempts and incidents, alerts and data will be available in Microsoft Defender. 

Agile innovation to build a safer world

We continue to innovate across the Microsoft Security portfolio, applying the principles of our Secure Future Initiative, to deliver powerful, end-to-end protection to give defenders industry-leading AI, and to empower every organization with the tools to secure and govern AI. We are grateful for our customers and partners and together, with them, we look forward to building a more secure world for all.

Microsoft Secure

To see these innovations in action, join us on April 9, 2025 for Microsoft Secure, a digital event focused on security in the age of AI. 

A woman in black dress

Learn with Microsoft Security

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity.

1Based on Microsoft internal data.

READ MORE HERE