On this age of AI, securing AI and utilizing it to spice up safety are essential for each group. At Microsoft, we’re devoted to serving to organizations safe their future with our AI-first, end-to-end safety platform.
One yr in the past, we launched Microsoft Safety Copilot to empower defenders to detect, examine, and reply to safety incidents swiftly and precisely. Now, we’re excited to announce the subsequent evolution of Safety Copilot with AI brokers designed to autonomously help with vital areas reminiscent of phishing, information safety, and id administration. The relentless tempo and complexity of cyberattacks have surpassed human capability and establishing AI brokers is a necessity for contemporary safety.
For instance, phishing assaults stay one of the vital frequent and damaging cyberthreats. Between January and December 2024, Microsoft detected greater than 30 billion phishing emails concentrating on clients.1 The quantity of those cyberattacks overwhelms safety groups counting on handbook processes and fragmented defenses, making it troublesome to each triage malicious messages promptly and leverage data-driven insights for broader cyber danger administration.
The phishing triage agent in Microsoft Safety Copilot being unveiled immediately can deal with routine phishing alerts and cyberattacks, releasing up human defenders to deal with extra advanced cyberthreats and proactive safety measures. This is only one method brokers can rework safety.
Moreover, securing and governing AI continues to be the highest precedence for organizations, and we’re excited to advance our purpose-built options with new improvements throughout Microsoft Defender, Microsoft Entra, and Microsoft Purview.
Learn on to find out about different brokers we’re introducing to Safety Copilot and necessary developments in securing AI.
Increasing Microsoft Safety Copilot with AI agentic capabilities
Microsoft Menace Intelligence now processes 84 trillion indicators per day, revealing the exponential progress in cyberattacks, together with 7,000 password assaults per second.1 Scaling cyber defenses by way of AI brokers is now an crucial to maintain tempo with this risk panorama. We’re increasing Safety Copilot with six safety brokers constructed by Microsoft and 5 safety brokers constructed by our companions—accessible for preview in April 2025.
Six new agentic options from Microsoft Safety
Constructing on the transformative capabilities of Safety Copilot, the six Microsoft Safety Copilot brokers allow groups to autonomously deal with high-volume safety and IT duties whereas seamlessly integrating with Microsoft Safety options. Goal-built for safety, brokers be taught from suggestions, adapt to workflows, and function securely—aligned to Microsoft’s Zero Belief framework. With safety groups totally in management, brokers speed up responses, prioritize dangers, and drive effectivity to allow proactive safety and strengthen a corporation’s safety posture.
Safety Copilot brokers might be accessible throughout the Microsoft end-to-end safety platform, designed for the next:
- Phishing Triage Agent in Microsoft Defender triages phishing alerts with accuracy to establish actual cyberthreats and false alarms. It supplies easy-to-understand explanations for its choices and improves detection primarily based on admin suggestions.
- Alert Triage Brokers in Microsoft Purview triage information loss prevention and insider danger alerts, prioritize vital incidents, and repeatedly enhance accuracy primarily based on admin suggestions.
- Conditional Entry Optimization Agent in Microsoft Entra screens for brand new customers or apps not lined by current insurance policies, identifies mandatory updates to shut safety gaps, and recommends fast fixes for id groups to use with a single click on.
- Vulnerability Remediation Agent in Microsoft Intune screens and prioritizes vulnerabilities and remediation duties to deal with app and coverage configuration points and expedites Home windows OS patches with admin approval.
- Menace Intelligence Briefing Agent in Safety Copilot routinely curates related and well timed risk intelligence primarily based on a corporation’s distinctive attributes and cyberthreat publicity.
Safety Copilot’s agentic capabilities are an instance of how we proceed to ship innovation leveraging our many years of AI analysis. See how brokers work.
“That is just the start; our safety AI analysis is pushing the boundaries of innovation, and we’re desirous to repeatedly convey even higher worth to our clients on the velocity of AI.”
—Alexander Stojanovic, Vice President of Microsoft Safety AI Utilized Analysis
5 new agentic options from Microsoft Safety companions
Safety is a crew sport and Microsoft is dedicated to empowering our safety ecosystem with an open platform upon which companions can construct to ship worth to clients. On this spirit, the next 5 AI brokers from our companions might be accessible in Safety Copilot:
- Privateness Breach Response Agent by OneTrust analyzes information breaches to generate steering for the privateness crew on meet regulatory necessities.
- Community Supervisor Agent by Aviatrix performs root trigger evaluation and summarizes points associated to VPN, gateway, or Site2Cloud connection outages and failures.
- SecOps Tooling Agent by BlueVoyant assesses a safety operations heart (SOC) and state of controls to make suggestions that assist optimize safety operations and enhance controls, efficacy, and compliance.
- Alert Triage Agent by Tanium supplies analysts with the required context to shortly and confidently make choices on every alert.
- Activity Optimizer Agent by Fletch helps organizations forecast and prioritize probably the most vital cyberthreat alerts to cut back alert fatigue and enhance safety.
“An agentic method to privateness might be game-changing for the {industry}. Autonomous AI brokers will assist our clients scale, increase, and improve the effectiveness of their privateness operations. Constructed utilizing Microsoft Safety Copilot, the OneTrust Privateness Breach Response Agent demonstrates how privateness groups can analyze and meet more and more advanced regulatory necessities in a fraction of the time required traditionally.”
—Blake Brannon, Chief Product and Technique Officer, OneTrust
Be taught extra about Safety Copilot brokers and get began with Safety Copilot. Present Safety Copilot clients can be part of our Buyer Connection Program for the newest updates.
New AI-powered information safety investigations and evaluation
We’re additionally saying Microsoft Purview information safety investigations to assist information safety groups shortly perceive and mitigate dangers related to delicate information publicity. Knowledge safety investigations introduce AI-powered deep content material evaluation, which identifies delicate information and different dangers linked to incidents. Incident investigators can use these insights to collaborate securely with companion groups and simplify advanced and time-consuming duties, thus enhancing mitigation. This resolution hyperlinks information safety investigations to Defender incidents and Purview insider danger circumstances—accessible for preview beginning April 2025.
Additional advances in securing and governing generative AI
Profitable AI transformation requires a powerful cybersecurity basis. As organizations quickly undertake generative AI, there may be rising urgency to safe and govern the creation, adoption, and use of AI within the office. In response to our new report, “Safe worker entry within the age of AI,” 57% of organizations report a rise in safety incidents from AI utilization. And whereas most organizations acknowledge the necessity for AI controls, 60% haven’t but began.
Securing AI remains to be a comparatively new problem, and leaders share some particular issues: stop information oversharing and leakage; decrease new AI threats and vulnerabilities; and adjust to shifting regulatory compliance necessities. Microsoft Safety options are purpose-built for AI to assist each group deal with these issues. We’re saying new superior capabilities in order that organizations can safe their AI investments—each Microsoft AI and different AI.
AI safety posture administration for multimodel and multicloud environments
Organizations creating their very own {custom} AI options might want to strengthen the safety posture for AI that they supply from a number of fashions, working in a number of AI platforms and clouds. To handle this want, Microsoft Defender has prolonged AI safety posture administration past Microsoft Azure and Amazon Internet Companies to incorporate Google VertexAI and all fashions within the Azure AI Foundry mannequin catalog. Out there for preview in Could 2025, this protection contains Gemini, Gemma, Meta Llama, Mistral, and {custom} fashions. With new multicloud interoperability, organizations will achieve broader code-to-runtime AI safety posture visibility throughout Microsoft Azure, Amazon Internet Companies, and Google Cloud. Microsoft Defender can provide organizations a jumpstart to securing AI posture throughout multimodel and multicloud environments.
New detection and safety for rising AI threats
With AI comes new dangers, together with new cyberattack surfaces and unknown vulnerabilities. The Open Worldwide Utility Safety Undertaking (OWASP) identifies the very best precedence dangers and mitigations for generative AI apps. Beginning in Could 2025, new and enriched AI detections for a number of dangers recognized by OWASP reminiscent of oblique immediate injection assaults, delicate information publicity, and pockets abuse might be typically accessible in Microsoft Defender. With these new detections, SOC analysts can higher shield and defend custom-built AI apps with new safeguards for Azure OpenAI Service and fashions discovered within the Azure AI Foundry catalog.
New controls to stop dangerous entry and information leaks into shadow AI apps
With the fast person adoption of generative AI, many organizations are uncovering widespread use of AI apps that haven’t but been accredited by IT or safety groups. This unsanctioned, unprotected use of AI has created a “shadow AI” phenomenon, which has drastically elevated the danger of delicate information leakage. We’re saying normal availability of AI net class filter in Microsoft Entra web entry to assist implement granular entry controls that may curb the danger of shadow AI by imposing insurance policies governing which customers and teams have entry to various kinds of AI functions.
With coverage enforcement in place to manipulate licensed entry to AI apps, the subsequent layer of protection is to stop customers from leaking delicate information into AI apps. To handle this, we’re saying the preview of Microsoft Purview browser information loss prevention (DLP) controls constructed into Microsoft Edge for Enterprise. This helps safety groups implement DLP insurance policies to stop delicate information from being typed into generative AI apps, beginning with ChatGPT, Copilot Chat, DeepSeek, and Google Gemini.
Be taught extra about our new improvements in Safety for AI.
New phishing safety in Microsoft Groups for safer collaboration
Whereas electronic mail continues to be the first cyberthreat vector for phishing, collaboration software program has change into a typical goal. Usually accessible in April 2025, Microsoft Defender for Workplace 365 will shield customers towards phishing and different superior cyberthreats inside Groups. With inline safety, Groups could have higher safety towards malicious URLs, together with real-time detonation of attachments and hyperlinks. And to present SOC groups full visibility into associated makes an attempt and incidents, alerts and information might be accessible in Microsoft Defender.
Agile innovation to construct a safer world
We proceed to innovate throughout the Microsoft Safety portfolio, making use of the rules of our Safe Future Initiative, to ship highly effective, end-to-end safety to present defenders industry-leading AI, and to empower each group with the instruments to safe and govern AI. We’re grateful for our clients and companions and collectively, with them, we stay up for constructing a safer world for all.
Microsoft Safe
To see these improvements in motion, be part of us on April 9, 2025 for Microsoft Safe, a digital occasion targeted on safety within the age of AI.
Be taught with Microsoft Safety
To be taught extra about Microsoft Safety options, go to our web site. Bookmark the Safety weblog to maintain up with our skilled protection on safety issues. Additionally, comply with us on LinkedIn (Microsoft Safety) and X (@MSFTSecurity) for the newest information and updates on cybersecurity.
1Based mostly on Microsoft inner information.