On this age of AI, securing AI and utilizing it to spice up safety are essential for each group. At Microsoft, we’re devoted to serving to organizations safe their future with our AI-first, end-to-end safety platform.
One 12 months in the past, we launched Microsoft Safety Copilot to empower defenders to detect, examine, and reply to safety incidents swiftly and precisely. Now, we’re excited to announce the following evolution of Safety Copilot with AI brokers designed to autonomously help with essential areas corresponding to phishing, information safety, and identification administration. The relentless tempo and complexity of cyberattacks have surpassed human capability and establishing AI brokers is a necessity for contemporary safety.
For instance, phishing assaults stay probably the most frequent and damaging cyberthreats. Between January and December 2024, Microsoft detected greater than 30 billion phishing emails concentrating on clients.1 The amount of those cyberattacks overwhelms safety groups counting on handbook processes and fragmented defenses, making it troublesome to each triage malicious messages promptly and leverage data-driven insights for broader cyber danger administration.
The phishing triage agent in Microsoft Safety Copilot being unveiled at present can deal with routine phishing alerts and cyberattacks, liberating up human defenders to give attention to extra complicated cyberthreats and proactive safety measures. This is only one manner brokers can remodel safety.
Moreover, securing and governing AI continues to be the highest precedence for organizations, and we’re excited to advance our purpose-built options with new improvements throughout Microsoft Defender, Microsoft Entra, and Microsoft Purview.
Learn on to find out about different brokers we’re introducing to Safety Copilot and necessary developments in securing AI.
Increasing Microsoft Safety Copilot with AI agentic capabilities
Microsoft Menace Intelligence now processes 84 trillion indicators per day, revealing the exponential development in cyberattacks, together with 7,000 password assaults per second.1 Scaling cyber defenses by means of AI brokers is now an crucial to maintain tempo with this risk panorama. We’re increasing Safety Copilot with six safety brokers constructed by Microsoft and 5 safety brokers constructed by our companions—obtainable for preview in April 2025.
Six new agentic options from Microsoft Safety
Constructing on the transformative capabilities of Safety Copilot, the six Microsoft Safety Copilot brokers allow groups to autonomously deal with high-volume safety and IT duties whereas seamlessly integrating with Microsoft Safety options. Function-built for safety, brokers study from suggestions, adapt to workflows, and function securely—aligned to Microsoft’s Zero Belief framework. With safety groups absolutely in management, brokers speed up responses, prioritize dangers, and drive effectivity to allow proactive safety and strengthen a corporation’s safety posture.
Safety Copilot brokers will probably be obtainable throughout the Microsoft end-to-end safety platform, designed for the next:
- Phishing Triage Agent in Microsoft Defender triages phishing alerts with accuracy to determine actual cyberthreats and false alarms. It supplies easy-to-understand explanations for its choices and improves detection primarily based on admin suggestions.
- Alert Triage Brokers in Microsoft Purview triage information loss prevention and insider danger alerts, prioritize essential incidents, and constantly enhance accuracy primarily based on admin suggestions.
- Conditional Entry Optimization Agent in Microsoft Entra screens for brand new customers or apps not coated by current insurance policies, identifies essential updates to shut safety gaps, and recommends fast fixes for identification groups to use with a single click on.
- Vulnerability Remediation Agent in Microsoft Intune screens and prioritizes vulnerabilities and remediation duties to handle app and coverage configuration points and expedites Home windows OS patches with admin approval.
- Menace Intelligence Briefing Agent in Safety Copilot routinely curates related and well timed risk intelligence primarily based on a corporation’s distinctive attributes and cyberthreat publicity.
Safety Copilot’s agentic capabilities are an instance of how we proceed to ship innovation leveraging our many years of AI analysis. See how brokers work.
“That is only the start; our safety AI analysis is pushing the boundaries of innovation, and we’re wanting to constantly convey even better worth to our clients on the pace of AI.”
—Alexander Stojanovic, Vice President of Microsoft Safety AI Utilized Analysis
5 new agentic options from Microsoft Safety companions
Safety is a group sport and Microsoft is dedicated to empowering our safety ecosystem with an open platform upon which companions can construct to ship worth to clients. On this spirit, the next 5 AI brokers from our companions will probably be obtainable in Safety Copilot:
- Privateness Breach Response Agent by OneTrust analyzes information breaches to generate steering for the privateness group on methods to meet regulatory necessities.
- Community Supervisor Agent by Aviatrix performs root trigger evaluation and summarizes points associated to VPN, gateway, or Site2Cloud connection outages and failures.
- SecOps Tooling Agent by BlueVoyant assesses a safety operations heart (SOC) and state of controls to make suggestions that assist optimize safety operations and enhance controls, efficacy, and compliance.
- Alert Triage Agent by Tanium supplies analysts with the required context to rapidly and confidently make choices on every alert.
- Activity Optimizer Agent by Fletch helps organizations forecast and prioritize essentially the most essential cyberthreat alerts to cut back alert fatigue and enhance safety.
“An agentic strategy to privateness will probably be game-changing for the {industry}. Autonomous AI brokers will assist our clients scale, increase, and improve the effectiveness of their privateness operations. Constructed utilizing Microsoft Safety Copilot, the OneTrust Privateness Breach Response Agent demonstrates how privateness groups can analyze and meet more and more complicated regulatory necessities in a fraction of the time required traditionally.”
—Blake Brannon, Chief Product and Technique Officer, OneTrust
Study extra about Safety Copilot brokers and get began with Safety Copilot. Present Safety Copilot clients can be part of our Buyer Connection Program for the most recent updates.
New AI-powered information safety investigations and evaluation
We’re additionally asserting Microsoft Purview information safety investigations to assist information safety groups rapidly perceive and mitigate dangers related to delicate information publicity. Information safety investigations introduce AI-powered deep content material evaluation, which identifies delicate information and different dangers linked to incidents. Incident investigators can use these insights to collaborate securely with companion groups and simplify complicated and time-consuming duties, thus bettering mitigation. This resolution hyperlinks information safety investigations to Defender incidents and Purview insider danger circumstances—obtainable for preview beginning April 2025.
Additional advances in securing and governing generative AI
Profitable AI transformation requires a robust cybersecurity basis. As organizations quickly undertake generative AI, there’s rising urgency to safe and govern the creation, adoption, and use of AI within the office. In line with our new report, “Safe worker entry within the age of AI,” 57% of organizations report a rise in safety incidents from AI utilization. And whereas most organizations acknowledge the necessity for AI controls, 60% haven’t but began.
Securing AI remains to be a comparatively new problem, and leaders share some particular considerations: methods to forestall information oversharing and leakage; methods to decrease new AI threats and vulnerabilities; and methods to adjust to shifting regulatory compliance necessities. Microsoft Safety options are purpose-built for AI to assist each group tackle these considerations. We’re asserting new superior capabilities in order that organizations can safe their AI investments—each Microsoft AI and different AI.
AI safety posture administration for multimodel and multicloud environments
Organizations growing their very own {custom} AI options might want to strengthen the safety posture for AI that they supply from a number of fashions, operating in a number of AI platforms and clouds. To deal with this want, Microsoft Defender has prolonged AI safety posture administration past Microsoft Azure and Amazon Internet Companies to incorporate Google VertexAI and all fashions within the Azure AI Foundry mannequin catalog. Out there for preview in Might 2025, this protection contains Gemini, Gemma, Meta Llama, Mistral, and {custom} fashions. With new multicloud interoperability, organizations will achieve broader code-to-runtime AI safety posture visibility throughout Microsoft Azure, Amazon Internet Companies, and Google Cloud. Microsoft Defender can provide organizations a jumpstart to securing AI posture throughout multimodel and multicloud environments.
New detection and safety for rising AI threats
With AI comes new dangers, together with new cyberattack surfaces and unknown vulnerabilities. The Open Worldwide Software Safety Venture (OWASP) identifies the best precedence dangers and mitigations for generative AI apps. Beginning in Might 2025, new and enriched AI detections for a number of dangers recognized by OWASP corresponding to oblique immediate injection assaults, delicate information publicity, and pockets abuse will probably be typically obtainable in Microsoft Defender. With these new detections, SOC analysts can higher defend and defend custom-built AI apps with new safeguards for Azure OpenAI Service and fashions discovered within the Azure AI Foundry catalog.
New controls to forestall dangerous entry and information leaks into shadow AI apps
With the fast person adoption of generative AI, many organizations are uncovering widespread use of AI apps that haven’t but been authorised by IT or safety groups. This unsanctioned, unprotected use of AI has created a “shadow AI” phenomenon, which has drastically elevated the chance of delicate information leakage. We’re asserting normal availability of AI internet class filter in Microsoft Entra web entry to assist implement granular entry controls that may curb the chance of shadow AI by imposing insurance policies governing which customers and teams have entry to several types of AI functions.
With coverage enforcement in place to manipulate approved entry to AI apps, the following layer of protection is to forestall customers from leaking delicate information into AI apps. To deal with this, we’re asserting the preview of Microsoft Purview browser information loss prevention (DLP) controls constructed into Microsoft Edge for Enterprise. This helps safety groups implement DLP insurance policies to forestall delicate information from being typed into generative AI apps, beginning with ChatGPT, Copilot Chat, DeepSeek, and Google Gemini.
Study extra about our new improvements in Safety for AI.
New phishing safety in Microsoft Groups for safer collaboration
Whereas e-mail continues to be the first cyberthreat vector for phishing, collaboration software program has develop into a standard goal. Typically obtainable in April 2025, Microsoft Defender for Workplace 365 will defend customers towards phishing and different superior cyberthreats inside Groups. With inline safety, Groups could have higher safety towards malicious URLs, together with real-time detonation of attachments and hyperlinks. And to present SOC groups full visibility into associated makes an attempt and incidents, alerts and information will probably be obtainable in Microsoft Defender.
Agile innovation to construct a safer world
We proceed to innovate throughout the Microsoft Safety portfolio, making use of the rules of our Safe Future Initiative, to ship highly effective, end-to-end safety to present defenders industry-leading AI, and to empower each group with the instruments to safe and govern AI. We’re grateful for our clients and companions and collectively, with them, we sit up for constructing a safer world for all.
Microsoft Safe
To see these improvements in motion, be part of us on April 9, 2025 for Microsoft Safe, a digital occasion centered on safety within the age of AI.
Study with Microsoft Safety
To study extra about Microsoft Safety options, go to our web site. Bookmark the Safety weblog to maintain up with our knowledgeable protection on safety issues. Additionally, comply with us on LinkedIn (Microsoft Safety) and X (@MSFTSecurity) for the most recent information and updates on cybersecurity.
1Primarily based on Microsoft inner information.
