Microsoft Expands Security Co-pilot With New AI Threat Response Agents

Microsoft Expands Security Co-pilot With New AI Threat Response Agents

Microsoft is expanding its Security Copilot with AI-powered agents that automate routine security tasks, freeing teams to focus on advanced threats.  

Highlights of the Security Co-pilot expansion, April 2025 preview 

  • Six new agents are available for Defender, Entra, Intune, and Purview, each handling specific security tasks independently.  
  • Five new partner agents from OneTrust, Aviatrix, BlueVoyant, Tanium, and Fletch add features for privacy, networking, and analytics.  

New Microsoft Security Agents Include: 

  1. Phishing triage agent (Defender): This agent automatically reviews user-reported emails, distinguishes between real threats and harmless messages, and summarizes findings in language that security teams can easily understand.  
  1. Alert Triage agent (Purview): automatically analyzes and prioritizes insider risk and data loss prevention alerts, accounting for data sensitivity and user actions.  
  1. Conditional Access Optimization Agent (Entra): This agent reviews existing identity access policies, detects gaps or weaknesses, and provides real-time suggestions for more effective identity protection.  
  1. Vulnerability Remediation Agent (Intune): monitors app and policy vulnerabilities, ranks them, and helps manage patches more efficiently.  
  1. Threat Intelligence Briefing Agent (Security Copilot): This agent collects relevant threat data, analyzes it against your organization’s unique risk profile, and generates concise intelligence briefings for your security team.  

Major Updates and Security Improvements for AI 

  • For expanded AI protection, Microsoft will now manage and secure AI environments, including Azure, AWS, Google, Vertex AI, Gemini, Gamma, Lama, and Mistral models, by offering broader monitoring and safeguard measures across these platforms.  
  • Shadow AI prevention: Microsoft Entra now includes web filters to spot and block unauthorized AI apps.  
  • Browser-based data protection: the new Purview controls in Microsoft Edge for Business help stop users from entering sensitive data into AI tools.  
  • Teams Security: Microsoft Teams now offers better protection against phishing and advanced threats during collaboration. Overall, these agents learn from user input and integrate into existing workflows within Microsoft’s Zero Trust framework. In their work, they help security teams stay in control and respond to incidents faster.  

Protecting AI systems and leveraging AI for security are now essential for every organization at Microsoft. We are committed to helping organizations secure their future with our AI-first comprehensive security platform.  

A year ago, the Security Copilot launched to help defenders. Today, new AI agents handle phishing, data security, and identity tasks as cyber threats rise beyond human capacity. AI agents are now vital for modern security.  

Phishing is a major cyber threat. In one year, Microsoft detected over 30 billion phishing emails. This volume can overwhelm security teams, making manual work and separate tools insufficient for quick, data-driven decisions.  

The new phishing triage agent in Microsoft Security Copilot can handle routine phishing alerts and attacks. This lets human defenders focus more on serious threats and pre-emptive security measures. This is just one example of how agents can change how we approach security.  

Organizations continue to prioritize securing and managing AI. We will bring new features to our purpose-built solutions, including Microsoft Defender, Microsoft Entra, and Microsoft Purview.  

Explore the new agents in Security Copilot and the latest AI security to strengthen your organization’s cyber defenses today.  

Expanding Microsoft Security Copilot With New AI Agent Capabilities 

Microsoft Threat Intelligence handles 84 trillion daily signals, including 7,000 password attacks per second. To match this pace, Security Copilot adds six Microsoft agents and five partner agents, with previews in April 2025.  

Six new AI agent solutions from Microsoft Security 

The six new agents extend Security Copilot’s capabilities by managing high-security and IT volumes, adapting to feedback, and following Zero Trust principles. They help teams respond faster and focus on major risks.  

Security Copilot agents will soon be available throughout the Microsoft security platform. Here is what they are designed to do:  

  • The phishing triage agent in Microsoft Defender reviews phishing alerts, identifies real threats, filters out false alarms, provides clear explanations for each decision, and improves over time with admin feedback.  
  • Alert triage agents in Microsoft Purview, Review, Data Loss Prevention, and Insider Risk prioritize the most critical incidents and enhance their accuracy based on administrator feedback.  
  • The Conditional Access Optimization Agent in Entra detects unprotected users or apps and suggests simple policy updates for identity teams.  
  • The vulnerability remediation agent in Intune tracks, ranks, and helps address vulnerabilities, speeding Windows OS patching after admin approval.  
  • The Threat Intelligence briefing agent automatically collects and shares intelligence tailored to your organization.  

Security Copilot’s agents show how we keep innovating by building on years of AI research. Learn more about how these agents work.  

5 New Agent Solutions From Microsoft Security Partners 

Security is a team effort, and Microsoft supports our partners with an open platform that enables them to deliver more value to customers. Here are five new AI agents from our partners that will be available in Security Copilot:  

  • The Privacy Breach Response Agent by OneTrust reviews data breaches, provides guidance to the privacy group, and ensures regulatory requirements are met.  
  • The Aviatrix network supervisor agent identifies the root cause of issues and summarizes VPN gateway or site2cloud connection outages and failures.  
  • The SecOps tooling agent by BlueVoyant assesses security operations, centers, and controls, then recommends improvements for operations, controls, and compliance.  
  • The triage agent from Tanium provides analysts with the context they need to quickly and confidently decide how to handle each alert.  
  • The Task Optimizer Agent by Fletch helps predict important alerts, reduce fatigue, and improve security.  

Find out more about Security Copilot agents and learn how to get started today. If you already use Security Copilot, join our customer connection program now to receive the latest updates and become part of our collaboration network.  

New, AI-Powered Data Security Investigations And Analysis 

We are introducing Microsoft Purview Data Security Investigations to help teams quickly identify and address risks related to sensitive data exposure. These investigations use AI-powered content analysis to identify sensitive data and other risks associated with incidents. Investigators can use these understandings to work securely with other teams and simplify complex tasks, helping mitigate faster. This solution connects data security investigations to Defender incidents and Purview insider risk cases and will be available for preview starting April 2025.  

Further Advances In Securing And Governing Generative AI 

A strong cybersecurity foundation is vital for AI transformation. As organizations adopt generative AI, securing and managing workplace issues becomes urgent. Our new report, Secure Employee Access in the Age of AI, shows that 57 percent of organizations have seen more security incidents due to AI, while most recognize the need for AI controls  60 percent have not begun.  

Securing AI is a new challenge, and leaders have particular concerns, such as preventing data oversharing, reducing new AI threats and vulnerabilities, and keeping up with changing compliance rules. Microsoft Security Solutions are designed to help organizations deal with these issues. We are announcing new advanced features to help organizations protect their AI investments, whether they use Microsoft AI or other AI tools.  

AI Security Posture Management for Multimodal and Multicloud Environments 

Organizations building custom AI solutions need to improve the security of AI models running across different platforms and clouds. To help with this, Microsoft Defender now offers AI security posture management not only for Microsoft Azure and Amazon Web Services, but also for Google Cloud, Vertex AI, and all models in the Azure AI Foundry Catalog. Starting in May 2025, this will cover models like Gemini, Gamma, Meta, Llama, Mistral, and custom models. With this multi-cloud support, organizations can see and manage AI security across Azure, AWS, and Google Cloud. Microsoft Defender helps organizations get started with AI security across different models and clouds.  

New Detection And Protection For Emerging AI Threats 

AI introduces new risks, including more avenues for cyber attacks and undiscovered vulnerabilities. The open worldwide application security project OWASP spotlights the top risks and solutions for generative AI apps. Starting in May 2025, Microsoft Defender will offer new and improved AI detections for several OWASP-identified risks, including indirect prompt injection attacks, sensitive data exposure, and wallet abuse. These new detections will help SOC analysts better protect custom AI apps with added safeguards for the Azure OpenAI service and models in the Azure AI Foundry Catalog.  

New Controls To Prevent Risky Access And Data Leaks Into Concealed AI Apps 

As more people use generative AI, many organizations are finding that employees are using AI apps that have not been approved by IT or security teams. This unapproved use, known as shadow AI, has greatly increased the risk of sensitive data leaks. To help manage this, we are announcing the general availability of an AI web category filter in Microsoft Intra Internet Access. This feature lets organizations set detailed access permissions and enforce policies about which users or groups can use different types of AI apps.  

After establishing access policies, the next step is to block sensitive data from being entered into AI apps. To support this, Microsoft is previewing per‑web‑view browser data loss prevention controls in Edge for Business. This helps security teams enforce DLP policies and prevent data entry into generative AI apps, starting with ChatGPT, Copilot Chat, DeepSeek, and Google Gemini.  

Learn more about our AI security innovations and take action today to strengthen your organization’s defenses. Email remains the main phishing vector, but collaboration tools are increasingly targeted. Starting in April 2025, Microsoft Defender for Office 365 will protect Teams users from phishing by scanning links and attachments in real time for potential threats. SOC teams will have full visibility into related attempts and incidents via Microsoft Defender alerts and data.  

Agile Innovation To Build A Safer World 

We are always working to improve the Microsoft security portfolio by following our Secure Future initiative. Our goal is to provide strong, complete protection and give defenders the best AI tools so every organization can secure and manage AI. We appreciate our customers and partners, and together we look forward to creating a safer world for everyone. 

Source:  Expanding Microsoft Security Copilot with AI agentic capabilities 

Microsoft Unveils Security Copilot Agents to Counter Rising AI Attacks

Microsoft Unveils Security Copilot Agents to Counter Rising AI Attacks

Today, organizations must secure AI to strengthen their defenses. At Microsoft, we help protect the future with our AI-first end-to-end security platform.  

A year ago, we launched Microsoft Security Co-Pilot to help defenders quickly detect, investigate, and respond to cybersecurity threats. Now we are introducing the next step: AI agents capable of handling key tasks. For example, phishing, data security, and identity management are distinct. As cyberattacks become more frequent and complex, using AI agents is now vital for modern security.  

Phishing attacks remain among the most common and harmful cyber threats. From January to December 2024, Microsoft found over 30 billion phishing emails targeting customers. This huge volume can overwhelm security teams that rely on manual work and separate tools, making it hard to quickly assess threats and use data to manage risks.  

The new phishing triage agent in Microsoft Security Copilot can handle routine phishing alerts and attacks. This lets human defenders focus on more serious threats and preemptive security measures. This is one example of how agents can change security.   

Securing and managing AI is still a top priority for organizations. We are moving forward with new solutions and updates in Microsoft Defender, Microsoft Intune, and Microsoft Purview.  

Keep reading to discover more about these new agents in Security Copilot, as well as the latest updates in AI security, as we expand on the next capabilities of our platform.  

Expanding Microsoft Security Co-Pilot With New AI Agent Capabilities 

Microsoft Threat Intelligence now processes 84 trillion signals per day, underscoring how quickly cyberattacks are growing, including 7,000 password attacks per second. To keep up, scaling defenses with AI agents is a must. Next, we are adding 6 new security agents from Microsoft and 5 from our partners, all available for preview in April 2025.  

Six New AI Agent Solutions From Microsoft Security 

These six new security Copilot agents help teams handle substantial volumes of security and IT risks independently and work seamlessly with Microsoft security tools. Built for security, the agents learn from feedback, integrate with existing workflows, and follow Microsoft’s Zero Trust framework, with teams in control. Agents speed up responses, focus on the most important tasks, and help organizations protect themselves more efficiently.  

The security Copilot agents will be available throughout the Microsoft Security platform and are designed for these users.  

  • The Phishing Triage Agent in Microsoft Defender sorts phishing alerts to identify real threats, explains its actions, and improves with admin feedback. It aids triage and data loss prevention, and manages critical incidents across Microsoft Purview, with continuous improvement based on feedback.  
  • The Conditional Access Optimization Agent in Microsoft Entra watches for new users or apps that aren’t covered by current policies, identifies needed updates to close security gaps, and suggests quick fixes that identity teams can apply with a single click.  
  • The vulnerability remediation agent in Microsoft Intune tracks security vulnerabilities and proposed fixes, assists with application and policy problems, and rapidly deploys Windows OS updates once administrators approve them.  
  • The threat intelligence briefing agent in Security Co-Pilot automatically compiles and distributes tailored intelligence reports for each organization, factoring in their specific needs and risk profiles. Security Co-Pilots’ new agent features show how we keep innovating by building on years of AI research. Explore these agents to empower your security team and take the next step toward stronger protection.  

5 New AI Agent Solutions From Microsoft Security Partners 

Security is a team effort, and Microsoft is committed to supporting our security ecosystem through an open platform that enables partners to build on and deliver value to customers. Partners with this in mind, these five partner AI agents will be available in Security Co-pilot.  

  • The Privacy Breach Response Agent by OneTrust reviews data breaches and provides the Data Privacy Team with guidance on meeting regulatory requirements, responding to cloud connection outages, and handling failures.  
  • The SecOps by BlueVoyant evaluates security operations centers, controls, and workflows, and then suggests targeted improvements to enhance operational effectiveness and compliance.  
  • The alert triage agent from Tanium provides analysts with relevant context, enabling them to quickly and confidently make decisions about each security alert. This reduces response times and helps analysts focus on high-priority risks, increasing their overall impact.  
  • The task-optimizer agent from Fletch helps organizations predict and rank the most important cyber threat alerts, reducing alert fatigue and improving security.  

Learn more about Security Co‑Pilot agents and learn how to get started today. If you already use Security Co‑Pilot, join our Customer Connection Program now to receive the latest updates and be part of our ongoing improvement efforts.  

New AI-Powered Data Security Investigations And Analysis 

We are introducing Microsoft Purview data security investigations to help security teams quickly identify and address risks related to sensitive data exposure. These investigations use AI-powered deep content analysis to identify sensitive data and other risks associated with incidents. Investigators can use these understandings to work securely with partner teams and make more complex tasks easier and faster, thereby supporting mitigation. This solution connects data security investigations to Defender incidents and Purview insider risk cases and will be available for preview starting April 2025.  

Further Advances in Securing and Governing Generative AI 

A strong cybersecurity foundation is vital for successful AI transformation. As organizations adopt generative AI, it becomes urgent to secure and manage its use in the workplace. Our new report, Secure Employee Access in the Age of AI, shows that 57% of organizations have experienced more security incidents due to AI use. Yet 60% have not started putting controls in place, even though most know they need them.  

Securing AI remains a new challenge, and leaders have specific concerns. They want to prevent data oversharing and leaks, reduce new AI threats and vulnerabilities, and keep up with changing compliance rules. Microsoft Security Solutions are designed for AI to help organizations tackle these issues. We are announcing new advanced features to help organizations protect their AI investments, whether they use Microsoft AI or other AI tools. tools.  

AI Security Posture Management for Multi-Model and Multi-Cloud Environments 

Organizations building their own AI solutions need to strengthen security for AI models running on different platforms and clouds. To help with this, Microsoft Defender now offers AI Security Posture Management not just for Microsoft Azure and Amazon Web Services but also for Google Vertex AI and all models in the Azure AI Foundry Catalog. Starting in May 2025, this coverage will include Gemini, Gamma, Meta Llama, Mistral, and custom models. With new multi-cloud support, organizations will have better visibility into AI security from code to runtime across Azure, AWS, and Google Cloud. Microsoft Defender helps organizations get started with AI security across different models and clouds.  

New Detection and Protection for Emerging AI Threats 

AI introduces new risks, including more avenues for cyber attacks and unidentified vulnerabilities. The open worldwide application security project OWASP presents the top risks and solutions for generative AI apps. Starting in May 2025, Microsoft Defender will offer new and improved AI detections for several OWASP-identified risks, including direct prompt injection attacks, sensitive data exposure, and wallet abuse. These new detections will help SOC analysts better protect custom AI apps with added safeguards for the Azure OpenAI service and models in the Azure AI Foundry Catalog.  

New controls to prevent risky access and data leaks into covert AI apps 

As more people use generative AI, many organizations are finding that employees are using AI apps that have not been approved by IT or security teams. This unapproved use, known as shadow AI, has greatly increased the risk of sensitive data leaks. To help manage this, we are announcing the general availability (GA) of an AI web category filter in Microsoft Intune Internet Access. This feature lets organizations set detailed access controls to prevent shadow AI by deciding which users and groups can access different types of AI apps. 

Once AI app access policies are in place, the next step is to prevent sensitive data from entering these apps. To help, we’re launching a preview of Microsoft Purview Browser Data Loss Prevention (DLP) Controls in Microsoft Edge for Business. This feature helps security teams enforce DLP rules to prevent sensitive data from being entered into generative AI apps, including ChatGPT, Copilot Chat, DeepSeek, and Google Gemini.  

For a broader view, learn more about our latest innovations in AI security.  

New Phishing Protection In Microsoft Teams For Safer Collaboration 

Email is still the main way phishing attacks happen, but collaboration tools are now common targets too. Starting in April 2025, Microsoft Defender for Office 365 will protect users in Teams against phishing and other advanced threats. With built-in protection, Teams will be better guarded against harmful links and attachments, including instant scanning. SOC teams will also have full visibility into related attempts and incidents through alerts and data in Microsoft Defender.  

Agile Innovation To Build A Safer World 

We are always working to improve Microsoft’s security portfolio by following the principles of our secure future initiative. Our goal is to provide strong, complete protection and give defenders the best AI tools so every organization can secure and manage AI. We appreciate our customers and partners, and together we look forward to creating a safer world for everyone.

Source: Microsoft unveils Microsoft Security Copilot agents and new protections for AI 

Microsoft Outlines New Priorities for AI-Powered Cloud Security 

Microsoft Outlines New Priorities for AI-Powered Cloud Security 

Your organization has likely spent recent years adopting best practices such as zero-trust architecture. Still, the cybersecurity environment is becoming more challenging.  

Threat actors now use AI to find and exploit vulnerabilities. They automate password attacks, phishing, and deepfake content, join calls, request IT support, and reset passwords. Some use AI to adjust their agents in real time as they move through your network.  

Focus on these four key priorities to lead identity security effectively this year. 

  1. Demand AI-powered protection that operates rapidly, adapts instantly, and remains vigilant at all times.  
  1. Prioritize the management, oversight, and protection of both AI and AI agents with immediate attention.  
  1. Implement zero trust across the organization using a unified access fabric solution.  
  1. Establish a strong identity and access foundation for enduring security.  

Use AI-Powered Protection That Is Quick, Adaptable, and Constantly Alert 

In 2026, make it a priority to add AI agents to your workflows. This will help reduce risk, speed up decision-making, and strengthen your defenses.  

Security systems generate a lot of data, but turning that information into clear actions remains mostly manual and can lead to mistakes. Tasks like investigations, policy adjustments, and threat responses often require assembling information from many tools, often under time pressure. Since cyber attackers now use AI to move faster and at a larger scale, relying only on human workflows can hold defenders back.  

Generative and agent-based AI enable teams to proactively manage access, identify policy gaps, and strengthen controls without increasing user friction. You can interact with these agents much like co-workers, reviewing patterns and policies to identify and explain needed changes. A recent study found that identity admins using the conditional access optimization agent in Microsoft Entra finished conditional access tasks 43% faster and 48% more accurately in tested scenarios. These improvements lead to stronger identity security and fewer opportunities for cyber attackers to find weaknesses. Microsoft Entra also comes with built-in AI agents that can review users’ apps, sign-ins, risks, and settings in context. They help you investigate unusual activity, summarize risky behavior, check for sign-in changes, investigate and fix risks, and improve access policies.  

The main benefit of AI-powered protection is its speed, scalability, and flexibility. Human-only workflows can’t keep up with the pace of evolving cyberattacks. By working with AI agents, your teams can frequently assess security, strengthen access controls, and respond to new risks before they become bigger problems.  

Manage, Oversee, and Protect AI and AI Agents 

Treat every AI agent as a critical identity, managing them with the same rigor as human users to avoid security gaps.  

The rise of AI increases the risk of agent sprawl and data leaks. These tools must be secured against emerging threats.  

The good news is that you can use the same zero-trust principles for both human employees and AI agents and manage them with the same tools. You can add advanced controls, including monitoring how agents interact with outside services, setting limits on internet access, and stopping sensitive data from reaching unauthorized AI or SaaS apps.  

With Microsoft Intra Agent ID, you can register and manage agents using familiar Intra experiences. Each agent receives its own identity, which improves visibility and auditability across your security stack. Requiring a human sponsor to govern an agent’s identity and life cycle helps prevent orphaned agents and preserves accountability as agents and teams evolve. You can even automate lifecycle actions for onboarding and retiring agents using conditional access policies. You can block risky agents and set guardrails for least privilege and just-in-time access to resources.  

Microsoft Internet Access detects and secures risky or unsanctioned apps, protects against attacks, and prevents data leaks with network filtering and classification policies. Visibility over network activity lets you use AI agents safely, ensuring policy adherence.  

Extend Zero Trust Principles Everywhere With an Integrated Access Fabric Security Solution 

Identity systems manage credentials and access rights, but may miss network activity. Integrate identity and network access into your Zero Trust setup so they work through a single policy engine. This improves visibility and control over each user session.  

Many organizations use multiple identity and network solutions from different vendors, obstructing visibility. Attackers exploit gaps, using AI to automate phishing and increase breaches.  

A unified platform combines identity, network, and device data for consistent access controls, whether work happens in the cloud, on-site, or at the edge. Drawing on multiple sources, it better evaluates risk and continuously checks trust for real-time, risk-based decisions.  

Microsoft Intra secures access for AI, SaaS apps, internet traffic, and private resources by uniting identity and network controls under a single zero-trust policy engine. Microsoft Entra Conditional Access continuously tracks user and network risks and updates policies immediately when risk levels change, blocking access for users, apps, or AI agents as needed.  

With Entra, your security team sets policies centrally with assurance that they are enforced everywhere. These adaptive controls safeguard users, devices, and AI agents, closing security gaps and simplifying policy management.  

Strengthen Your Identity and Access Foundation to Start Secure and Stay Secure 

Start with a secure foundation using phishing-resistant credentials and strong identity checks to ensure only authorized people can access your systems even during authentication and recovery.  

A baseline security model sets minimum standards for identity, access, system hardening, and monitoring. Use controls like security defaults, Microsoft-managed conditional access, or Microsoft 365 baseline security mode. Move from passwords to passkeys for stronger, easier sign-ins. Use robust recovery and onboarding processes requiring government-issued identification and biometric checks to stop bad actors and AI impersonators.  

Microsoft Entra helps you enforce best practices, including using phishing-resistant credentials, which are authentication methods that protect against fraudulent login attempts for all accounts, and passkey rules. Most admins or users in regulated industries can use device-bound passkeys, such as physical security keys or codes generated by Microsoft Authenticator. Others can use synced passkeys, which are cloud-stored credentials for ease of use. Protect all admin accounts with phishing-resistant credentials and require new employees to set up a passkey before access. With Microsoft Entra Verified ID, you can add a live person check verifying that the user is present and confirm government-issued identification for enrollment and recovery.  

Combine access policies, device compliance, threat detection, and identity protection to further strengthen your foundation.  

Support Your Identity and Network Access Priorities With Microsoft 

The 2026 plan is clear. Use AI for rapid, scaled protection. Secures AI and agents. Apply zero trust with an access fabric solution and strengthen your identity foundation. These steps keep your organization agile and resilient. Evolving threats demand that you outpace advanced attacks.  
Sourcehttps://www.microsoft.com/en-us/security/blog/2026/01/20/four-priorities-for-ai-powered-identity-and-network-access-security-in-2026/