Connect with us

Hi, what are you looking for?


Incident Response

Microsoft Puts ChatGPT to Work on Automating Cybersecurity

Microsoft has rolled out a preview version of Security Copilot, a ChatGPT-powered tool to help organizations automate cybersecurity tasks.

The world’s largest software maker is putting ChatGPT to work in the cybersecurity trenches.

Microsoft on Wednesday rolled out an AI-powered security analysis tool to automate incident response and threat hunting tasks, showcasing a security use-case for the popular chatbot developed by OpenAI.

The new tool, called Microsoft Security Copilot, is powered by OpenAI’s newest GPT-4 model and will be trained on data from Redmond’s massive trove of telemetry signals from enterprise deployments and Windows endpoints.

Cybersecurity experts are already using generative AI chatbots to simplify and enhance software development, reverse engineering and malware analysis tasks and Microsoft’s latest move adds several new use-cases for defenders.

Microsoft is already raking in about $20 billion a year from the sale of cybersecurity protection products and industry watchers expect the push into AI automation will create new revenue streams and drive new levels of innovation among cybersecurity startups.

SecurityWeek sources expect to see similar offerings from the likes of Cisco, Palo Alto Networks and Google as rivals rush to embrace the use of generative AI to automate complex and time-consuming security tasks.

Advertisement. Scroll to continue reading.

Microsoft is positing the Security Copilot chatbot as a tool that works seamlessly with security teams to allow defenders to see what is happening in their environment, learn from existing intelligence, correlate threat activity, and make better decisions at machine speed.

From Microsoft’s documentation:

“Security Copilot will simplify complexity and amplify the capabilities of security teams by summarizing and making sense of threat intelligence, helping defenders see through the noise of web traffic and identify malicious activity.

It will also help security teams catch what others miss by correlating and summarizing data on attacks, prioritizing incidents and recommending the best course of action to swiftly remediate diverse threats, in time.

For incident response teams, Microsoft says the chatbot can be used to identify an ongoing attack, assess its scale, and get instructions to begin remediation based on proven tactics from real-world security incidents.

For threat hunting practitioners, the company says Security Copilot can help determine whether an organization is susceptible to known vulnerabilities and exploits by using AI to examine the environment one asset at a time for evidence of a breach.

The tool can also be used to summarize any event, incident, or threat in minutes and prepare information in a ready-to-share, customizable report.

The company said the tool will integrate natively with products like Microsoft Sentinel, Microsoft Defender and Microsoft Intune to provide an “end-to-end experience across their entire security program.”

Related: ChatGPT and the Growing Threat of Bring Your Own AI to the SOC

Related: Microsoft to Acquire Threat Intelligence Vendor RiskIQ

Related: Microsoft Flexes Security Vendor Muscles With Managed Services

Related: For Microsoft, Security is a $10 Billion Business 

Written By

Ryan Naraine is Editor-at-Large at SecurityWeek and host of the popular Security Conversations podcast series. He is a security community engagement expert who has built programs at major global brands, including Intel Corp., Bishop Fox and GReAT. Ryan is a founding-director of the Security Tinkerers non-profit, an advisor to early-stage entrepreneurs, and a regular speaker at security conferences around the world.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Data Breaches

LastPass DevOp engineer's home computer hacked and implanted with keylogging malware as part of a sustained cyberattack that exfiltrated corporate data from the cloud...

Application Security

GitHub this week announced the revocation of three certificates used for the GitHub Desktop and Atom applications.

Data Breaches

GoTo said an unidentified threat actor stole encrypted backups and an encryption key for a portion of that data during a 2022 breach.

Incident Response

Meta has developed a ten-phase cyber kill chain model that it believes will be more inclusive and more effective than the existing range of...

Artificial Intelligence

Two new surveys stress the need for automation and AI – but one survey raises the additional specter of the growing use of bring...

Incident Response

Cygnvs emerges from stealth mode with an incident response platform and $55 million in Series A funding.

Application Security

Password management firm LastPass says the hackers behind an August data breach stole a massive stash of customer data, including password vault data that...