CrowdStrike AI Predicts Cyber Threats Before Attacks Begina

CrowdStrike AI Predicts Cyber Threats Before Attacks Begina

CrowdStrike will soon launch new AI-powered indicators of attack (IOA) models to fight advanced threats available later this year.  

  • AI-powered IOAs (indicators of attack) use machine intelligence (computer systems that can perform tasks that usually require human intelligence) to detect and predict malicious behavior as it happens. This helps prevent security breaches, regardless of the tools or types of malware attackers use.  

Since 2011, CrowdStrike has focused on harnessing AI and machine learning (ML) for cybersecurity in three main ways:  

  • AI allows us to counter complex attacks by detecting adversary behavior and patterns.  
  • AI helps us quickly analyze large amounts of data and track data.  
  • AI automates routine security tasks, addressing the skills gap and accelerating detection and response.  

CrowdStrike was the first to introduce AI-powered indicators of attack (IOAs). IOAs are sequences of events that indicate someone is trying to breach a system, such as code execution, persistence, or lateral movement. By looking at these events across an organization, IOAs help teams break down barriers between tools, study their environment as a whole, and their ability to predict and prevent suspicious activity.  

Last year, we improved how we generate iOS using AI, making multi-layered defense even more effective across devices and cloud systems. Cloud-based machine intelligence (AI analysis done by powerful computers) enables remote servers to detect new behavior faster and more accurately. We use a type of deep learning (a method where computers learn from data sets) called a convolutional neural network. This technology is inspired by how animal brains analyze images and helps us identify two types of adversary behavior.  

When we first launched, we introduced two models: one to detect malicious post-op exploitation payloads and another to detect malicious PowerShell scripts. We are now expanding our AI features to work across the cloud, and these protections will be available to CloudStrike customers worldwide later this year.  

The Arsenal Expands: New AI-Powered Indicators of Attack 

Attackers are always finding new ways to break in, such as writing new scripts, using legitimate tools, and avoiding detection. The CrowdStrike 2023 Global Threat Report found that 71% of attacks do not use malware and 80% involve stolen or compromised credentials.  

Attackers are getting faster at gaining access and moving inside networks, with an average breakout time now at 84 minutes. Our new AI-powered IOAs cover more of these attack methods, giving security teams the speed and accuracy they need to stop threats. Here are some of the latest innovations.  

Innovation: Multi-process Atomic Conduct Analysis in Windows 

An elementary behavior is a single action by a process (a program running on a computer) that might not be obviously malicious, but could indicate attacker activity. For example, a user could take a screenshot for work, or an attacker could take one to steal information. Falcon (CrowdStrike Security Platform) uses indicators of attack, compromise, and behavior, sending them to the cloud to search crowds for incidents (a system that scores threats) and detect threats based on a combination of these actions. Atomic behaviors (basic actions that can indicate attacks) are scored for detection. Machine learning (computer algorithms that improve by learning from data).  

Attackers frequently use several tools, file types, and processes to carry out attacks. Looking at just one tool or process may not provide enough information to determine whether something is safe or dangerous. By analyzing atomic behaviors across multiple processes, this model leverages the platform’s detailed context to provide more accurate detections.  

Benefit: proactively detect and prevent advanced threats  

Innovation: Detecting Malicious Command Lines or LOLbins 

Attackers are increasingly using Legend of the Land binaries (LOLbins) to hijack legitimate tools already on the system and carry out attacks. This helps them avoid traditional security tools that look for known malware, letting them stay hidden longer. Our new model will focus on LOLbins command-line activity and the sequence of related processes to better spot suspicious behavior.  

Benefit: detect and respond to fileless attacks faster  

Innovation: AI-Powered IOL Coverage for Malicious Linux Scripts 

Linux is a key operating system software that manages computer hardware and software resources for many important business applications. As more AI organizations adopt Linux and malware targeting Linux grows, this AI-powered indicator of attack will help Falcon detect malicious scripts written in languages such as Bash, JavaScript, Python, and Perl. It will also detect harmful Python and batch scripts on Windows and other operating systems, providing broader protection across major platforms.  

Benefit: gain coverage for malicious threats on Windows and Linux.  

Innovation: Detecting Malicious Windows Management Content 

Attackers frequently modify their scripts to avoid detection. This model will help us spot common attacker tactics using PowerShell (a scripting language for automated tasks), JavaScript, VBScript (both scripting languages for automating actions in Windows or web browsers), and VBA (Visual Basic for Applications, typically used within Microsoft Office programs). These kinds of scripts are supported by Windows Script Control, a tool that allows automation of scripting languages in Windows environments. The model is also designed to resist evasion tricks such as tampering, debugger registries (settings that change how scripts are debugged), and other methods attackers use to conceal their actions.  

Benefit: enhanced protection for Windows script threads  

Innovation: Detecting File-Less .NET Assemblies 

As more developers adopt .NET frameworks, we are launching our first machine learning model to detect threats in in-memory .NET assemblies. Hackers like these assemblies because they are harder for conventional antivirus tools to find, since those tools mainly watch files. This model helps us spot common attack methods, such as using reflective DLL injection to load .NET assemblies into memory or hiding traces of their activity by setting NTFS file attributes.  

Benefit: proactively detect fileless .NET attacks using AI  

Conclusion 

Machine learning and AI are powerful for finding new patterns in data and analyzing behavior to understand attacker goals. CrowdStrike is committed to using AI and the cloud together to strengthen defenses and disrupt attacker methods. We help our customers stay ahead to prevent breaches.  

Source: Introducing AI-Powered Indicators of Attack: Predict and Stop Threats Faster Than Ever 

Microsoft Targets Shadow AI Risks With New Security Update

Microsoft Targets Shadow AI Risks With New Security Update

Securing AI is now a fundamental pillar of Microsoft’s modern security. Our AI-first security platform empowers organizations to address today’s threats and safeguard their future.  

A year ago, we launched Microsoft Security Copilot to help defenders quickly detect, investigate, and respond to network incidents. We have now introduced the next step: column AI agents that help with phishing, data security, and identity management. As cyberattacks become more complex and numerous, AI agents are now vital to modern security.  

Phishing attacks remain among the most common and harmful cyber threats. From December to January 2024, Microsoft found over 30 billion phishing emails targeting customers. The volume of these attacks can overwhelm security teams. Teams relying only on manual work and disconnected tools may struggle to quickly sort threats and manage risk.  

The new phishing triage in Microsoft Security Copilot handles routine phishing alerts and attacks, letting human defenders focus on tougher threats and forward-looking security work. This shows how agents can change security.  

Securing and managing AI is still a top priority for organizations. We are excited to bring new features to Microsoft Defender, Microsoft Intra, and Microsoft Purview to help with this.  

Keep reading to discover more about the new agents in Security Copilot and the latest AI security updates, and see how these innovations can support your organization. Reach out to us today and take the next step in strengthening your security with AI.  

Expanding Microsoft Security Copilot With New AI Agent Capabilities 

Microsoft threat intelligence now processes 84,000,000,000,000 signals per day, underscoring how quickly cyberattacks are growing, including 7,000 password attacks per second. To keep up, scaling defenses with AI agents is a must. We’re adding six new security agents from Microsoft and five from our partners to Security Co‑Pilot, which will be available for preview in April 2025.  

Six New AI Agent Solutions From Microsoft Security 

The six new Microsoft Security Copilot agents help teams handle large volumes of security and IT tasks independently, and they work seamlessly with Microsoft security tools. These agents are built for security. Learn from feedback. Adapt to your workflows and follow Microsoft’s zero-trust framework with Teams in control. Agents speed up responses, focus on the biggest risks, and help organizations protect themselves more efficiently.  

Security co-pilot agents will be available throughout Microsoft’s security platform and are designed for the following tasks:  

  • The phishing triage agent in Microsoft Defender automatically classifies phishing alerts, distinguishing between genuine threats and false positives. It provides clear explanations for each decision and refines its detection processes using administrator feedback.  
  • Alert triage agents in Microsoft Purview identify the most important Data Loss Prevention and Insider Risk alerts. They improve their prioritization accuracy over time, using administrator input to refine results.  
  • The Conditional Access Optimization Agent in Microsoft Intra continuously monitors for new users or applications outside current access policies. It flags these gaps, recommends specific policy updates, and offers easy-to-apply fixes for identity teams.  
  • The vulnerability remediation agent in Microsoft Intune ranks vulnerabilities and recommends fixes for speeding up OS patching after admin approval.  
  • The threat intelligence briefing agent in Security Copilot gathers and summarizes the most relevant and timely threat intelligence based on organization-specific attributes and cyber threat exposure levels.  

Security co-pilots and agentic capabilities are examples of how we continue to deliver innovation, leveraging our decades of AI research. See how Agents work.  

Five New Agentic Solutions From Microsoft Security Partners 

Security works best when everyone is involved, and Microsoft is focused on supporting our security community with an open platform. This allows partners to create solutions that benefit customers. Here are five new AI agents from our partners coming to Security Copilot:  

  • The privacy breach response agent from OneTrust examines data breaches and offers tailored guidance to privacy teams on meeting specific regulatory requirements following an incident.  
  • The network supervisor agent from Aviatrix identifies root causes and summarizes issues with the VPN gateway or the site2cloud connection, including outages and failures.  
  • The SecOps tooling Agent from Blue Voyant reviews a Security Operations Center (a team that monitors and responds to security issues) and its controls, then suggests ways to improve security operations, controls, and complaints.  
  • The alert triage agent from Tanium provides analysts with the relevant context for each alert, enabling them to quickly and confidently determine the right response.  
  • The task optimizer agent from Fletch helps organizations predict and prioritize the most important cyber threat alerts, addressing alert fatigue and the challenge of impossible‑to‑prove security.  

New AI-Powered Data Security Investigations and Analysis 

We are also introducing Microsoft Purview Data Security Investigations to help security teams quickly find and address risks related to sensitive data exposure. These investigations use AI-powered content analysis to identify sensitive data and other risks associated with incidents. Investigators can use these understandings to work securely with partner teams and simplify complex tasks, enabling faster mitigation. This solution connects data security investigations to Defender incidents and Purview Insider Risk cases and will be available for preview in April 2025.  

Further Advances in Securing and Governing Generative AI 

A strong cybersecurity foundation drives successful AI transformation. As more organizations adapt generative AI, securing and managing how they create and use AI at work becomes even more important. Our new report, Secure Employee Access in the Age of AI, reveals that 57% of organizations report more security incidents due to AI use, although most recognize the need for AI controls. Sixty percent have not yet implemented them.  

Securing AI is a new challenge, and leaders are especially concerned about data oversharing, new threats and vulnerabilities, and compliance. Microsoft security solutions are designed for AI to help address these issues with new advanced features that protect AI investments, whether for organizations.  

AI Security Posture Management For Multimodal And Multi-Cloud Environments 

Organizations building their own AI solutions need to strengthen security for AI models running on different platforms and clouds. To help with this, Microsoft Defender now offers AI security posture management for Microsoft Azure and Amazon Web Services. It also supports Google Vertex AI and all models in the Azure AI Foundry catalog. Starting in May 2025, this will cover models like Gemini, Gamma, Meta, LLaMA, Mistral, and custom models. With this new multi-cloud support, organizations can see their AI security posture from code to runtime across Azure, AWS, and Google Cloud. Microsoft Defender Health organizations get started with AI security across multiple models and clouds.  

New Detection And Protection From Emerging AI Threats 

AI introduces new risks, such as more revenue for cyberattacks and undiscovered vulnerabilities. The Open Worldwide Application Security Project (OWASP) lists the top risks and solutions for generative AI apps. Starting in May 2025, Microsoft Defender will offer new and improved AI detections for several OWASP-identified risks, such as indirect prompt injection attacks, sensitive data exposure, and wallet abuse. These new detections will help SOC analysts better protect custom AI apps, with added safeguards for Azure OpenAI service and models in the Azure AI Foundry catalog.  

New Controls To Prevent Risky Access And Data Leaks Into Covert AI Apps 

As more people use generative AI (AI that can create text, images, and other content), many organizations are finding that employees are using AI apps that have not been approved by IT or security teams. This unapproved use, known as Shadow AI (the use of AI tools without company oversight), has greatly increased the risk of sensitive data leaks. To help with this, we are announcing the general availability of the NEI web category filter in Microsoft Intranet Internet Access (a service for managing secure internet connections). This feature lets organizations set detailed access permissions and enforce policies about which users and groups can use different AI applications.  

After setting access policies for AI apps, the next step is to stop users from entering sensitive data into them. To help, we are launching a preview of Microsoft Purview Browser Data Loss Prevention (DLP) controls in Microsoft Edge for business. Security teams can now enforce DLP policies and prevent sensitive data from being entered into generative AI apps. This starts with ChatGPT, Copilot Chat, DeepSeek, and Google Gemini. Learn more about our innovations in security for AI.  

New Phishing Protection In Microsoft Teams For Safer Collaboration 

Email is still the main way phishing attacks happen, but collaboration tools are now common targets too. Starting in April 2025, Microsoft Defender for Office 365 will provide built-in protection against phishing and other advanced threats in Teams. Teams will be safer from harmful links and attachments. Thanks to instant scanning, SOC teams will also get full visibility into related attempts and incidents, with alerts and data available in Microsoft Defender.  

Agile Innovation to Build a Safer World 

We continuously enhance Microsoft security by applying the principles of our Secure Future initiative, aiming to deliver strong, comprehensive protection through advanced AI tools. Thank you for joining us in building a safer world. 

Source: Microsoft unveils Microsoft Security Copilot agents and new protections for AI 

Microsoft Defender Adds Identity Risk Scoring for AI-Driven Security Decisions

Microsoft Defender Adds Identity Risk Scoring for AI-Driven Security Decisions

Next week, the RSAC conference celebrates its 35th anniversary as the security community’s pivotal event for meeting new challenges and discovering opportunities to make the world safer. As we reach this milestone, Agentic AI is quickly changing industries. 

Many customers are becoming frontier firms focusing on intelligence and trust and using agents to help people reach their goals and rethink how they do business. Our recent research shows that 80% of Fortune 500 companies are already using agents.  

At the same time, as these innovations expand, we are also seeing a rise in AI-powered attacks in which agents can act as double agents. CIOs, CISOs, and other security leaders now face important questions. How can they monitor, manage, and secure agents? How do they protect their core systems in this new era? And how can agentic AI help defend their organizations against both old and new threats?  

To address these challenges, the solution begins with trust, and security is the foundation of that trust. In this new era of agentic AI, security needs to be built into every part of the AI system. It should work in the background and on its own. Like the AI, it protects. This is our vision: making security the core of the AI stack.  

At RSAC 2026, we are bringing this vision to life with new tools that help organizations secure agents, protect core systems, and defend themselves with support from agents and experts. Microsoft Security processes over 100 trillion signals daily, protecting 1.6 million customers, 1 billion identities, and 24 billion Co-Pilot interactions. Keep reading to see how we can help you secure agentic AI.  

Secure Agents 

Agent 365, available May 1, centralizes agent management for IT, security, and business teams using existing infrastructure. It includes the new Defender Era and Purview features for secure access, data protection, and threat defense.  

Agent 365 is part of Microsoft 365 E7, the Frontier Suite, which also includes Copilot, Intra-Suite, and E5, offering advanced air security features for full protection.  

Secure Your Foundations 

In addition to securing agents, AI must also be protected at every level. Securing agent AI requires safeguarding its systems and the people who build and use it. At RSAC 2026, we are launching new features to help you spot organizational risks, secure identities and adaptive access controls, protect sensitive data in AI workflows, and defend against evolving threats.  

Gain Visibility Into Risks Across Your Enterprise 

As AI adoption accelerates, so does the need for comprehensive continuous visibility into AI risks across your environment. As more organizations adopt AI, it becomes even more important to have clear, ongoing visibility into AI risks across your environment—from agents to AI apps and services. We are meeting this need with new tools that show you where AI is being used, how it is used, and where your risks might be increasing. These new features are now generally available.  

  • Entra Internet Access Shadow AI Detection identifies unknown and unmanaged AI apps through network analysis. Available March 31.  
  • Enhanced Intune App Inventory provides rich visibility into the apps installed on your devices, including AI-enabled apps to support targeted remediation of high-risk software, generally available in May.  

Secure Identities With Continuous Adaptive Access 

Identity is the foundation of modern security, often the primary target in any system, and the first line of defense against threats. With Microsoft Entra, you can secure access and strengthen identity protection using new features that help you improve your identity setup, manage tenants better, update authentication methods, and make smarter access decisions.  

  • Entra backup and recovery strengthens resilience by automatically backing up Entra directory objects, enabling rapid recovery in the event of accidental data deletion or unauthorized changes. Now available in preview.  
  • Entra-Tenant Governance discovers and manages shadow tenants with consistent policies in preview.  
  • Entra passkey capabilities now include synced passkeys and other passkey profiles, enabling maximum flexibility for end users and making it easy to move between devices, while organizations seeking maximum control can still use device-bound passkeys. In addition, intra-passkeys are now natively integrated into Windows Hello, making phishing-resistant passkey authentication even more seamless across Windows services. Synced passkeys and passkey profiles are generally available. Passkey integration in Windows Hello is in preview.  
  • Entra External Multi-Factor Authentication allows organizations to connect external MFA providers directly to Microsoft Entra, enabling them to leverage pre-existing MFA investments or use highly specialized MFA methods that are now generally available.  
  • Entra Adaptive Risk Remediation helps users securely regain access without help desk friction by automatically self-remediating across authentication methods, adapting to where they are in their modern authentication journey. It will be generally available in April.  
  • Unified Identity Security offers complete protection across your identity systems, control center, and threat identification and response, all designed for quick action and instant decisions. The new identity security dashboard in Microsoft Defender displays the most important data for both human and non-human identities, helping you respond faster. The new Identity Risk Score combines risk signals from different accounts to provide a comprehensive view of user risk, supporting real-time access decisions and security investigations. Now available in preview.  

Secure Sensitive Data Across AI Workflows 

As AI becomes part of daily work, sensitive data now moves quickly through prompts, responses, and grounding flows, sometimes outpacing existing policies. Security teams need to see how AI uses data and be able to prevent oversharing or leaks. 

Microsoft now brings data security into the AI control pane, giving organizations a clear view of risks, real-time enforcement, and the confidence to use AI responsibly across the business. New Microsoft Purview features include.  

  • Expanded Purview Data Loss Prevention for Microsoft 365 Copilot helps block sensitive information such as PII, credit card numbers, and custom data types from being processed or used for web scraping. Generally available March 31.  
  • Purview embedded in the Copilot control system provides a unified view of AI-related data risk directly in the Microsoft 365 admin center. Generally available in April.  
  • Purview customizable data security reports enable tailored reporting and drilldowns to prioritized data risks. available in preview on March 31.  

Defend Against Threats Across Endpoints, Cloud, and AI Services 

Security teams need round-the-clock protection that can stop threats early and automatically contain them. Microsoft is expanding predictive shielding to limit risks and reduce exposure, improving container security, and adding network-level protection against harmful AI prompts.  

  • Entra, internet access, prompt injection protection helps block malicious AI prompts across apps and agents, enforcing universal network-level policies. Generally available March 31.  
  • Enhanced Defender for cloud container security includes binary drift and anti-malware protection to close gaps that attackers exploit in container enforcements, now available in preview.  
  • Defender for Cloud Posture Management adds broader coverage and supports Amazon Web Services and Google Cloud Platform, delivering security recommendations and compliance insights for newly discovered resources, now available in preview in April.  
  • Defender Predictive Shielding automatically adjusts identity and access policies during active attacks. Reducing Exposure and Limiting Impact is now available in preview.  

Defend With Agents And Experts 

To protect organizations in this new era, a defense approach designed for agents is needed. This includes deploying a defense platform and security agents embedded in daily workflows, all supported by expert knowledge and robust security services when required.  

Agents Are Built Into the Security Workflow 

Security teams work best when they get help, right where and when they need it. As alerts arise and investigations span identities, data, devices, and cloud networks, AI-powered tools should directly support defenders with Security Copilot. 

Now part of Microsoft 365 E5 and E7, we are giving defenders agents that are built into daily security and IT tasks. These agents help speed up responses and reduce manual work, so teams can focus on what matters most.  

New Agents Available Now Include 

  • Security Analyst Agent in Microsoft Defender helps accelerate threat investigations by providing contextual analysis and guided workflows. Available in preview on March 26th.  
  • The security alert triage agent in Microsoft Defender has the capabilities of the phishing triage agent and extends to cloud and identity, autonomously analyzing, classifying, prioritizing, and resolving repetitive low-value alerts at scale. Available in preview in April.   
  • Conditional Access Optimization Agent in Microsoft Intra Enhancements: Add context-aware recommendations, deeper analysis, and staged rollout to strengthen identity security. Agent is generally available, and enhancements are now available in preview.  
  • Data Security Posture Agent enhancement in Microsoft Purview includes a credential-scanning capability that can proactively detect credential exposure in your data. Now available in preview.  
  • Data Security, Tri-Age Agent Enhancements in Microsoft Purview include an advanced AI reasoning layer and improved interpretation of custom sensitive information types (SITs) to enhance agent outputs during alert triage. The agent is generally available, and enhancements are available in preview from March 31.  
  • Over 15 part-time built agents extend Security Copilot with additional capabilities, all available in the Security Store.  

Scale With an Agentic Defense Platform 

To help defenders and agents work together more smoothly and intelligently, Microsoft is expanding Sentinel as a defense platform. This update delivers context, automates workflows from start to finish, and standardizes access, governance, and deployment across security tools.  

  • Sentinel Data Federation, powered by Microsoft Fabric, investigates external security data in Databricks, Microsoft Fabric, Azure, and Azure Data Lake Storage while preserving governance. Now available in preview.  
  • The Sentinel Playbook Generator with natural-language orchestration helps accelerate investigations and automate sophisticated workflows. Now available in preview.  
  • Sentinel, Granule, Delegated Administrator privileges, and unified role-centric access control enable secure and scalable management for partners and enterprise customers, with cross-tenant collaboration now available in preview.  
  • Security store embedded in Purview and Entra makes it easier to discover and deploy agents directly within existing security experiences. Generally available March 31.  
  • Sentinel custom graphs powered by Microsoft Fabric enable views unique to your organization of relationships across your environment. Now available in preview.  
  • The Sentinel Model Context Protocol (MCP) Entity Analyzer helps automate faster with natural language and harnesses the flexibility of code to accelerate responses generally available in April.  

Strengthen with Experts 

Even the most experienced security teams sometimes need extra support, especially during complex attacks or investigations. The Microsoft Defender Experts suite offers expert-led services, including technical advice, managed external detection and response, MXDR, and full incident response. These services help you defend against advanced threats, build sustained resilience, and modernize your security operations with confidence.  

Apply Zero Trust for AI 

Zero Trust centers on three ideas: verify consistently, use the least privilege, and assume breaches as AI permeates the environment from models to agents. These principles are critical. At RSAC 2026, we are broadening our Zero Trust architecture to cover the full AI lifecycle. Our updated reference architecture workshop, assessment tools, and new articles make this practical for you. 

Source: Secure agentic AI end-to-end 

Google Cloud Launches AI Service to Detect Threats From Dark Web Activity

Google Cloud Launches AI Service to Detect Threats From Dark Web Activity

Our News Today From the RSA Conference 

  • We have completed the acquisition of Wiz, empowering cybersecurity teams across multiple cloud service providers in today’s AI-driven world.  
  • New research from Mandiant’s M-Trends 2026 and our AI Risk and Resilience Report helps organizations stay up to date on threats.  
  • We are adding new agents to the agent SOC, helping defenders automate tasks, respond faster, and focus on critical security events.  
  • Check out our latest security updates in Chrome Enterprise, Security Command Center, Network Management, and more.  

AI-driven defense is transforming cybersecurity in ways defenders have long wanted. Google Security is bringing its strongest tools yet to the RSA Conference, building on the Agentic Security Operations Center by leveraging Gemini models to automate reasoning. The agentic SOC equips defenders to detect, investigate, and respond to threats more effectively, giving them a significant operational advantage.  

Today, we are providing updates across our products, introducing new developments with Wiz. The release of M-Trends 2026, which contains insights from Mandiant’s investigations and important changes in how we use threat intelligence. Keep reading to see how Google Security can help you stay ahead.  

Welcoming Wiz to Google Cloud 

Google has officially acquired Waze. Together, we will offer an AI-ready cybersecurity platform for all environments.  

We believe that making multi-cloud security simpler lets you innovate with confidence, no matter where your data and apps are. We are excited to show you how Waze helps organizations quickly and safely deploy AI with their AI Application Protection Platform and AI App, and how security teams can work faster with their red, blue, and green security agents. Learn more about our common mission from Google Cloud CEO Thomas Kurian.  

M Trends 2026 – Useful Insights From 500k Plus Hours of Incident and Investigations 

M-Trends 2026 helps organizations understand the evolving threat landscape and defense strategies, highlighting the need to observe faster initial access and longer-term intrusions.  

Adversaries are no longer just stealing data. Cyber criminals are increasingly operating like highly efficient businesses, creating partnerships that have collapsed the window for defenders to intervene from hours to just 22 seconds. They want to completely dismantle an organization’s ability to restore operations while increasing their leverage in extortion. Download today for useful insights.  

We recently released a new Mandiant report on AI risk and resilience. This report, based on 2025 Mandiant Consulting and Google Threat Intelligence Group data, details how adversaries have quickly moved from testing AI to deploying adaptive tools and autonomous agents that leverage AI for real-time code rewrite. To address risks like shadow AI and incomplete asset visibility, organizations should move beyond passive oversight by adopting ongoing red teaming and stress testing while leveraging the speed and analysis of AI-powered defense.  

Users of Google Security Operations can add agents, such as our triage and investigation agent, directly into their procedures to speed up response times. The triage and investigation agent automatically investigates alerts, collects evidence, and gives verdicts with clear explanations.  

This information helps security analysts automate decision-making, close alerts, and manage fixes, so they can focus on the more important threats rather than false positives. Building workflows that use this agent will make it even easier for security teams to coordinate their response.  

Few would argue that the progress made over the last 12 to 18 months in putting AI to work to improve security operations is remarkable. New research from Omdia shows that 89% of CISOs are pushing to accelerate the adoption of agentic security, said David Gruber, principal analyst, cybersecurity, Omdia. 

Not only does this commitment reflect the immediacy of combating an AI-enabled adversary, but our data also show that over half of cybersecurity practitioners believe that authentic AI offers a greater advantage to cybersecurity defenders than the adversary. With the prospect of significant improvements in security outcomes, Google Cloud is well-placed to help organizations transform their SOCs with this powerful new technology. In Google Security Operations, customers can now create their own enterprise-ready security agents managed by the remote MCP server, arriving in April. This eliminates the need to host your own MCP server client, simplifying management. build.   

Decision To Use Dark Web Intelligence 

Most threat intelligence teams today spend their days sorting through too many low-quality alerts. The main problem is not a lack of information but a lack of relevant information. To clarify intelligence and find hidden threats, we’ve added agentic features to Google Threat Intelligence. AI agents using Gemini models handle analysis, letting analysts focus on what matters.  

To help teams shift from manual triage to agentic defense, we are adding Dark Web Intelligence to Google Threat Intelligence. Our GTIG analysts, with deep experience in the dark web, provide important context for Gemini’s capabilities. The new feature uses the latest Gemini models to automatically create a detailed profile for your organization.  

Our internal tests show that it can review millions of daily external events with 98% accuracy, highlighting only the threats that matter to your mission. By providing clear answers that explain the why and how of a threat, we help defenders save time and stay ahead in a world of increasingly automated threats.  

Customers can now turn large amounts of dark web data into clear, relevant insights delivered quickly with AI. This helps your team think and act faster than opponents using agents.  

In previous roles, I have leveraged several dark web tools and found that they yielded false-positive rates of over 90%. The new dark web intelligence filters out this noise and connects the dots that no human analyst can see in time. It’s the difference between reacting to a fire and putting it out before a match is struck, said Michael Kosak, director of Threat Intelligence at LastBy. Moving from simple keyword matching to intent-based analysis, dark web intelligence can better understand the context of an adversary’s actions. For example, it can spot when a subsidiary’s access is compromised even if the attacker does not name the victim.  

Protecting your AI innovation 

You need agentic defense to protect your organizations at machine speed, and you also need to protect your AI innovation. As organizations move from testing AI to using it at scale, a big confidence gap has appeared. 72% of organizations are not confident in their ability to run a secure AI strategy, according to a recent survey by Cloud Security Alliance (CSA) and Google.  

Google Cloud can help close this gap by supplying a complete approach to securing AI innovation. We protect the whole life cycle from building to running and cover everything from infrastructure and data to models and agents.  

To help with these problems, we are offering customers new key features.  

  • AI protection in the Security Command Center now integrates with the Vertex AI Agent Engine to detect agent threats, such as unauthorized entry and data exfiltration attempts.  
  • New Armor now integrates with Google NCP servers, expanding its coverage to help mitigate agentic risks, including direct and indirect prompt injections, sensitive data leakage, and tool poisoning.  
  • Sensitive data protection adds AI-powered context classification, medical finance, and passport object detection.  
  • Security Command Center: external export management (available soon in preview) will provide SCC users with a validated outside-in view of your Google Cloud attack surface, identifying exploitable vulnerabilities and showing the native network path enabling the exposure.  

Switching gears to network safeguards, here’s what’s new in network security. 

Google Cloud Network Security has new capabilities for protecting apps and enforcing policies across clouds.  

  • Network security integration in band mode secures app workloads with third-party appliances. No routing changes required.  
  • Cloud NGFW Regional Firewall Policies Preview Protect Workloads Via Internal Application and Proxy Network Load Balancers  
  • Cloud Armor adds hierarchical policies and organization-wide address groups for centralized management and stronger defenses, sets WAF rule limits, configures policies at multiple levels, and manages IP lists across policies.  

What’s new in Chrome Enterprise Premium? 

Chrome Enterprise Premium still protects organizations from data loss. At the RSI conference, we are showcasing new improvements and integrations with our partner Citrix.  

  • Enterprises already benefit from Chrome Enterprise protections against unauthorized use of AI tools in the browser. Now Citrix and Chrome Enterprise together offer even more defense for shared customers, including key‑logging protection and ongoing device checks.  
  • Clipboard protection now extends to Citrix Virtual Apps and web-based apps. Chrome Enterprise’s new browser cache encryption provides added security for non-corporate devices.  

Join Google Security At RSAC 2026 

Our experts are ready to connect and work with you. Visit us to see our technology in action at Moscone’s North Hall booth N6062 or at our space at the Marriott Marquis. You can also engage with the future of cybersecurity in over 19 sessions we are hosting.  

Find out how you can make Google part of your security team. If you cannot join in person, you can live-stream RSAC content or watch it later on demand.

Source: RSAC ’26: Supercharging agentic AI defense with frontline threat intelligence 

Microsoft Outlines New Priorities for AI-Powered Cloud Security 

Microsoft Outlines New Priorities for AI-Powered Cloud Security 

Your organization has likely spent recent years adopting best practices such as zero-trust architecture. Still, the cybersecurity environment is becoming more challenging.  

Threat actors now use AI to find and exploit vulnerabilities. They automate password attacks, phishing, and deepfake content, join calls, request IT support, and reset passwords. Some use AI to adjust their agents in real time as they move through your network.  

Focus on these four key priorities to lead identity security effectively this year. 

  1. Demand AI-powered protection that operates rapidly, adapts instantly, and remains vigilant at all times.  
  1. Prioritize the management, oversight, and protection of both AI and AI agents with immediate attention.  
  1. Implement zero trust across the organization using a unified access fabric solution.  
  1. Establish a strong identity and access foundation for enduring security.  

Use AI-Powered Protection That Is Quick, Adaptable, and Constantly Alert 

In 2026, make it a priority to add AI agents to your workflows. This will help reduce risk, speed up decision-making, and strengthen your defenses.  

Security systems generate a lot of data, but turning that information into clear actions remains mostly manual and can lead to mistakes. Tasks like investigations, policy adjustments, and threat responses often require assembling information from many tools, often under time pressure. Since cyber attackers now use AI to move faster and at a larger scale, relying only on human workflows can hold defenders back.  

Generative and agent-based AI enable teams to proactively manage access, identify policy gaps, and strengthen controls without increasing user friction. You can interact with these agents much like co-workers, reviewing patterns and policies to identify and explain needed changes. A recent study found that identity admins using the conditional access optimization agent in Microsoft Entra finished conditional access tasks 43% faster and 48% more accurately in tested scenarios. These improvements lead to stronger identity security and fewer opportunities for cyber attackers to find weaknesses. Microsoft Entra also comes with built-in AI agents that can review users’ apps, sign-ins, risks, and settings in context. They help you investigate unusual activity, summarize risky behavior, check for sign-in changes, investigate and fix risks, and improve access policies.  

The main benefit of AI-powered protection is its speed, scalability, and flexibility. Human-only workflows can’t keep up with the pace of evolving cyberattacks. By working with AI agents, your teams can frequently assess security, strengthen access controls, and respond to new risks before they become bigger problems.  

Manage, Oversee, and Protect AI and AI Agents 

Treat every AI agent as a critical identity, managing them with the same rigor as human users to avoid security gaps.  

The rise of AI increases the risk of agent sprawl and data leaks. These tools must be secured against emerging threats.  

The good news is that you can use the same zero-trust principles for both human employees and AI agents and manage them with the same tools. You can add advanced controls, including monitoring how agents interact with outside services, setting limits on internet access, and stopping sensitive data from reaching unauthorized AI or SaaS apps.  

With Microsoft Intra Agent ID, you can register and manage agents using familiar Intra experiences. Each agent receives its own identity, which improves visibility and auditability across your security stack. Requiring a human sponsor to govern an agent’s identity and life cycle helps prevent orphaned agents and preserves accountability as agents and teams evolve. You can even automate lifecycle actions for onboarding and retiring agents using conditional access policies. You can block risky agents and set guardrails for least privilege and just-in-time access to resources.  

Microsoft Internet Access detects and secures risky or unsanctioned apps, protects against attacks, and prevents data leaks with network filtering and classification policies. Visibility over network activity lets you use AI agents safely, ensuring policy adherence.  

Extend Zero Trust Principles Everywhere With an Integrated Access Fabric Security Solution 

Identity systems manage credentials and access rights, but may miss network activity. Integrate identity and network access into your Zero Trust setup so they work through a single policy engine. This improves visibility and control over each user session.  

Many organizations use multiple identity and network solutions from different vendors, obstructing visibility. Attackers exploit gaps, using AI to automate phishing and increase breaches.  

A unified platform combines identity, network, and device data for consistent access controls, whether work happens in the cloud, on-site, or at the edge. Drawing on multiple sources, it better evaluates risk and continuously checks trust for real-time, risk-based decisions.  

Microsoft Intra secures access for AI, SaaS apps, internet traffic, and private resources by uniting identity and network controls under a single zero-trust policy engine. Microsoft Entra Conditional Access continuously tracks user and network risks and updates policies immediately when risk levels change, blocking access for users, apps, or AI agents as needed.  

With Entra, your security team sets policies centrally with assurance that they are enforced everywhere. These adaptive controls safeguard users, devices, and AI agents, closing security gaps and simplifying policy management.  

Strengthen Your Identity and Access Foundation to Start Secure and Stay Secure 

Start with a secure foundation using phishing-resistant credentials and strong identity checks to ensure only authorized people can access your systems even during authentication and recovery.  

A baseline security model sets minimum standards for identity, access, system hardening, and monitoring. Use controls like security defaults, Microsoft-managed conditional access, or Microsoft 365 baseline security mode. Move from passwords to passkeys for stronger, easier sign-ins. Use robust recovery and onboarding processes requiring government-issued identification and biometric checks to stop bad actors and AI impersonators.  

Microsoft Entra helps you enforce best practices, including using phishing-resistant credentials, which are authentication methods that protect against fraudulent login attempts for all accounts, and passkey rules. Most admins or users in regulated industries can use device-bound passkeys, such as physical security keys or codes generated by Microsoft Authenticator. Others can use synced passkeys, which are cloud-stored credentials for ease of use. Protect all admin accounts with phishing-resistant credentials and require new employees to set up a passkey before access. With Microsoft Entra Verified ID, you can add a live person check verifying that the user is present and confirm government-issued identification for enrollment and recovery.  

Combine access policies, device compliance, threat detection, and identity protection to further strengthen your foundation.  

Support Your Identity and Network Access Priorities With Microsoft 

The 2026 plan is clear. Use AI for rapid, scaled protection. Secures AI and agents. Apply zero trust with an access fabric solution and strengthen your identity foundation. These steps keep your organization agile and resilient. Evolving threats demand that you outpace advanced attacks.  
Sourcehttps://www.microsoft.com/en-us/security/blog/2026/01/20/four-priorities-for-ai-powered-identity-and-network-access-security-in-2026/