Software giant Microsoft has announced expanded Security Copilot capabilities with new AI agents tackling phishing, data security, and identity management.
The Redmond, Wash. vendor says it is processing 84 trillion signals per day, including 7,000 password attacks each second, and believes that the introduction of AI agents is needed to scale modern security programs.
The company introduced six new Security Copilot agentic products to help corporate defenders autonomously handle a high volume of tasks, accelerate response, and improve efficiency, along with several other security improvements across its products.
Microsoft Defender has been fitted with a phishing triage agent designed to distinguish real cyberthreats from false alarms, while Microsoft Purview now contains alert triage agents for sorting potential data and user risk notifications, and prioritizing critical incidents.
A conditional access optimization agent in Microsoft Entra identifies users and apps not covered by policies, finds necessary updates, and recommends fixes; a vulnerability remediation agent in Microsoft Intune monitors and prioritizes security defects and patching; and a threat intelligence briefing agent in Security Copilot curates threat intelligence based on an organization’s needs.
Additionally, Microsoft announced five new agents for its security partners, including a OneTrust agent for privacy breach response, an Aviatrix network supervisor agent, a BlueVoyant agent for assessing SecOps and state of controls, a Tanium agent for alert triage, and a Fletch agent for cyberthreat alert prioritization.
The company also announced Purview data security investigations, to assist teams in assessing and mitigating risks associated with sensitive data exposure. Available in preview starting April 2025, the solution will link data security investigations to Defender and Purview intelligence.
To help organizations better secure AI, Microsoft extended AI security posture management in Defender to include Google VertexAI and models in the Azure AI Foundry catalog, including Gemma, Gemini, Llama, Meta, Mistral, and custom models. It will be available in preview in May 2025.
Also in May, Microsoft will make enriched AI detections for several OWASP-identified risks to gen-AI, such as indirect prompt injections, sensitive data exposure, and wallet abuse, generally available in Defender.
An AI web category filter in Entra Internet Access is now generally available, to help address the risk of shadow AI through enforced policies, while Microsoft Edge for Business gets built-in Purview browser data loss prevention controls, in preview, to prevent sensitive data from being typed into gen-AI apps such as ChatGPT, Copilot, DeepSeek, and Gemini.
Beginning April 2025, Teams will have Defender for Office 365 inline protection against phishing and other advanced cyberthreats, such as real-time detonation of attachments and links. SOC teams will have access to these alerts in Defender.
Related: Microsoft Flags Six Active Zero-Days, Patches 57 Flaws: Patch Tuesday
Related: Quantum Wars: Google, Microsoft, and Amazon’s Competing Paths to Fault-Tolerant Qubits
Related: Microsoft Expands Copilot Bug Bounty Program, Increases Payouts
Related: AI Won’t Take This Job: Microsoft Says Human Ingenuity Crucial to Red-Teaming
