Microsoft Unveils Security Copilot Agents to Counter Rising AI Attacks

Published 26 Mar 2026
Microsoft Unveils Security Copilot Agents to Counter Rising AI Attacks

Today, organizations must secure AI to strengthen their defenses. At Microsoft, we help protect the future with our AI-first end-to-end security platform.  

A year ago, we launched Microsoft Security Co-Pilot to help defenders quickly detect, investigate, and respond to cybersecurity threats. Now we are introducing the next step: AI agents capable of handling key tasks. For example, phishing, data security, and identity management are distinct. As cyberattacks become more frequent and complex, using AI agents is now vital for modern security.  

Phishing attacks remain among the most common and harmful cyber threats. From January to December 2024, Microsoft found over 30 billion phishing emails targeting customers. This huge volume can overwhelm security teams that rely on manual work and separate tools, making it hard to quickly assess threats and use data to manage risks.  

The new phishing triage agent in Microsoft Security Copilot can handle routine phishing alerts and attacks. This lets human defenders focus on more serious threats and preemptive security measures. This is one example of how agents can change security.   

Securing and managing AI is still a top priority for organizations. We are moving forward with new solutions and updates in Microsoft Defender, Microsoft Intune, and Microsoft Purview.  

Keep reading to discover more about these new agents in Security Copilot, as well as the latest updates in AI security, as we expand on the next capabilities of our platform.  

Expanding Microsoft Security Co-Pilot With New AI Agent Capabilities 

Microsoft Threat Intelligence now processes 84 trillion signals per day, underscoring how quickly cyberattacks are growing, including 7,000 password attacks per second. To keep up, scaling defenses with AI agents is a must. Next, we are adding 6 new security agents from Microsoft and 5 from our partners, all available for preview in April 2025.  

Six New AI Agent Solutions From Microsoft Security 

These six new security Copilot agents help teams handle substantial volumes of security and IT risks independently and work seamlessly with Microsoft security tools. Built for security, the agents learn from feedback, integrate with existing workflows, and follow Microsoft’s Zero Trust framework, with teams in control. Agents speed up responses, focus on the most important tasks, and help organizations protect themselves more efficiently.  

The security Copilot agents will be available throughout the Microsoft Security platform and are designed for these users.  

  • The Phishing Triage Agent in Microsoft Defender sorts phishing alerts to identify real threats, explains its actions, and improves with admin feedback. It aids triage and data loss prevention, and manages critical incidents across Microsoft Purview, with continuous improvement based on feedback.  
  • The Conditional Access Optimization Agent in Microsoft Entra watches for new users or apps that aren’t covered by current policies, identifies needed updates to close security gaps, and suggests quick fixes that identity teams can apply with a single click.  
  • The vulnerability remediation agent in Microsoft Intune tracks security vulnerabilities and proposed fixes, assists with application and policy problems, and rapidly deploys Windows OS updates once administrators approve them.  
  • The threat intelligence briefing agent in Security Co-Pilot automatically compiles and distributes tailored intelligence reports for each organization, factoring in their specific needs and risk profiles. Security Co-Pilots’ new agent features show how we keep innovating by building on years of AI research. Explore these agents to empower your security team and take the next step toward stronger protection.  

5 New AI Agent Solutions From Microsoft Security Partners 

Security is a team effort, and Microsoft is committed to supporting our security ecosystem through an open platform that enables partners to build on and deliver value to customers. Partners with this in mind, these five partner AI agents will be available in Security Co-pilot.  

  • The Privacy Breach Response Agent by OneTrust reviews data breaches and provides the Data Privacy Team with guidance on meeting regulatory requirements, responding to cloud connection outages, and handling failures.  
  • The SecOps by BlueVoyant evaluates security operations centers, controls, and workflows, and then suggests targeted improvements to enhance operational effectiveness and compliance.  
  • The alert triage agent from Tanium provides analysts with relevant context, enabling them to quickly and confidently make decisions about each security alert. This reduces response times and helps analysts focus on high-priority risks, increasing their overall impact.  
  • The task-optimizer agent from Fletch helps organizations predict and rank the most important cyber threat alerts, reducing alert fatigue and improving security.  

Learn more about Security Co‑Pilot agents and learn how to get started today. If you already use Security Co‑Pilot, join our Customer Connection Program now to receive the latest updates and be part of our ongoing improvement efforts.  

New AI-Powered Data Security Investigations And Analysis 

We are introducing Microsoft Purview data security investigations to help security teams quickly identify and address risks related to sensitive data exposure. These investigations use AI-powered deep content analysis to identify sensitive data and other risks associated with incidents. Investigators can use these understandings to work securely with partner teams and make more complex tasks easier and faster, thereby supporting mitigation. This solution connects data security investigations to Defender incidents and Purview insider risk cases and will be available for preview starting April 2025.  

Further Advances in Securing and Governing Generative AI 

A strong cybersecurity foundation is vital for successful AI transformation. As organizations adopt generative AI, it becomes urgent to secure and manage its use in the workplace. Our new report, Secure Employee Access in the Age of AI, shows that 57% of organizations have experienced more security incidents due to AI use. Yet 60% have not started putting controls in place, even though most know they need them.  

Securing AI remains a new challenge, and leaders have specific concerns. They want to prevent data oversharing and leaks, reduce new AI threats and vulnerabilities, and keep up with changing compliance rules. Microsoft Security Solutions are designed for AI to help organizations tackle these issues. We are announcing new advanced features to help organizations protect their AI investments, whether they use Microsoft AI or other AI tools. tools.  

AI Security Posture Management for Multi-Model and Multi-Cloud Environments 

Organizations building their own AI solutions need to strengthen security for AI models running on different platforms and clouds. To help with this, Microsoft Defender now offers AI Security Posture Management not just for Microsoft Azure and Amazon Web Services but also for Google Vertex AI and all models in the Azure AI Foundry Catalog. Starting in May 2025, this coverage will include Gemini, Gamma, Meta Llama, Mistral, and custom models. With new multi-cloud support, organizations will have better visibility into AI security from code to runtime across Azure, AWS, and Google Cloud. Microsoft Defender helps organizations get started with AI security across different models and clouds.  

New Detection and Protection for Emerging AI Threats 

AI introduces new risks, including more avenues for cyber attacks and unidentified vulnerabilities. The open worldwide application security project OWASP presents the top risks and solutions for generative AI apps. Starting in May 2025, Microsoft Defender will offer new and improved AI detections for several OWASP-identified risks, including direct prompt injection attacks, sensitive data exposure, and wallet abuse. These new detections will help SOC analysts better protect custom AI apps with added safeguards for the Azure OpenAI service and models in the Azure AI Foundry Catalog.  

New controls to prevent risky access and data leaks into covert AI apps 

As more people use generative AI, many organizations are finding that employees are using AI apps that have not been approved by IT or security teams. This unapproved use, known as shadow AI, has greatly increased the risk of sensitive data leaks. To help manage this, we are announcing the general availability (GA) of an AI web category filter in Microsoft Intune Internet Access. This feature lets organizations set detailed access controls to prevent shadow AI by deciding which users and groups can access different types of AI apps. 

Once AI app access policies are in place, the next step is to prevent sensitive data from entering these apps. To help, we’re launching a preview of Microsoft Purview Browser Data Loss Prevention (DLP) Controls in Microsoft Edge for Business. This feature helps security teams enforce DLP rules to prevent sensitive data from being entered into generative AI apps, including ChatGPT, Copilot Chat, DeepSeek, and Google Gemini.  

For a broader view, learn more about our latest innovations in AI security.  

New Phishing Protection In Microsoft Teams For Safer Collaboration 

Email is still the main way phishing attacks happen, but collaboration tools are now common targets too. Starting in April 2025, Microsoft Defender for Office 365 will protect users in Teams against phishing and other advanced threats. With built-in protection, Teams will be better guarded against harmful links and attachments, including instant scanning. SOC teams will also have full visibility into related attempts and incidents through alerts and data in Microsoft Defender.  

Agile Innovation To Build A Safer World 

We are always working to improve Microsoft’s security portfolio by following the principles of our secure future initiative. Our goal is to provide strong, complete protection and give defenders the best AI tools so every organization can secure and manage AI. We appreciate our customers and partners, and together we look forward to creating a safer world for everyone.

Source: Microsoft unveils Microsoft Security Copilot agents and new protections for AI 

Amazon
Harish Shenoy

Harish Shenoy

Total Post: 804

Harish Shenoy | Technology Journalist Harish Shenoy is a veteran technology journalist at Xthe with over 21 years of experience spanning tech, health, finance, and future technology. Specializing in semiconductor roadmaps, enterprise AI infrastructure, and consumer hardware, his reporting is driven by primary-source verification and official corporate disclosures. With more than a decade of focused writing across the US, UK, Australia, Canada, and India, Harish maintains a strict commitment to factual, non-sensationalized reporting on the economic and logistical shifts within the global tech sector. His current work centers on the technical evolution of "agentic AI" and next-generation silicon.

Related Article

News
How NPUs Are Transforming Consumer AI Performance

News
Cloud Cost Optimization Strategies For US Businesses (2026)

Leave a Reply

Your email address will not be published. Required fields are marked *