Microsoft has taken a decisive step in automating cybersecurity with the presentation of new AI agents integrated into its Security Copilot platform. These solutions seek to address the growing complexity and volume of threats, which have overwhelmed human response capacity in many organizations. Furthermore, the use of artificial intelligence in this area has become increasingly critical.
Security Copilot now incorporates 11 intelligent agents: six developed by Microsoft and five by strategic partners, All of these technologies are designed to operate autonomously, learn from data, and support security teams with faster and more accurate incident responses. Their capabilities include identifying phishing attacks, preventing confidential data leaks, and efficiently managing access. This advancement is part of the growing use of artificial intelligence applications.
Agents developed by Microsoft: tools to ease the workload
Among the six agents created by the company, the most notable is Phishing Triage Agent, integrated with Microsoft Defender, that autonomously manages identity theft alerts. This agent identifies real threatsIt rules out false positives and learns from analyst feedback, allowing it to prioritize real threats and reduce response times. This type of artificial intelligence can be crucial for organizations facing a growing number of attacks.
Also added is the Alert Classification Agent in Microsoft Purview, focused on the data loss prevention and internal risk managementThis agent prioritizes incidents and adjusts their accuracy through constant feedback from administrators.
Microsoft Entra now offers a Conditional Access Optimization Agent, Designed to detect gaps in access policies and propose quick adjustments. This component strengthens user authentication and protection against unauthorized accessThe combination of security and artificial intelligence is vital in preventing data breaches.
In parallel, Microsoft Intune incorporates a Vulnerability Correction Agent, that monitors configurations and helps install critical patches in an agile manner, with the approval of the administrators.
Finally, the Threat Intelligence Agent generates customized reports with updated information on malicious activities and emerging threats tailored to the context of each organization.
The contribution of partners: five agents that complete the ecosystem
Collaboration with specialized companies has given rise to five new agents that further strengthen Security Copilot coverageEach of them is designed to solve specific problems within complex corporate environments.
- OneTrust launches Privacy Breach Response Agent, aimed at analyzing privacy violations and offering guidance for compliance with regulations such as GDPR or HIPAA.
- Aviatrix Network Supervisor Agent diagnoses faults in VPN networks or gateways, facilitating the troubleshooting connectivity issues.
- SecOps Tooling Agent by BlueVoyant Evaluates security operations, suggests improvements and optimizes compliance cybersecurity standardsConsider how artificial intelligence can impact the optimization of security processes.
- Tanium Alert Triage Agent provides analysts with the context needed to quickly decide what measures to take before each alert.
- Task Optimizer Agent by Fletch helps prioritize critical tasks based on the potential risk, reducing alert fatigue and improving SOC team efficiency.
All of these agents will be available in preview starting April 2025., and will be natively integrated with existing Microsoft Security tools.
To learn more about how artificial intelligence can revolutionize different industries, we invite you to read about Gemini 2.0 and its impact on AI.
Protection for AI and the Shadow AI Phenomenon
The rise of artificial intelligence has also brought new security challenges., especially due to the uncontrolled use of generative applications by users within organizations, which is known as "shadow AI."
To address this situation, Microsoft has enabled a web category filter in Microsoft Internet Access, which allows to control which AI applications can be used by different groups of users. This measure seeks to prevent unregulated access to platforms that could expose sensitive data.
Complementing this functionality, Microsoft Purview adds data loss prevention (DLP) controls integrated into the Edge for Business browser. These controls prevent sensitive data from being inserted into prompts for tools like ChatGPT, Google Gemini, or DeepSeek.
Security for hybrid and multicloud environments with new integrations
Aware that more and more companies are deploying custom AI models across different clouds and platforms, Microsoft has Expanded AI security management capabilities in Defender for CloudThis expansion includes support for Google VertexAI and models such as Gemini, Gemma, Meta Llama, and Mistral.
Thanks to this interoperability, it is offered Complete visibility into your security posture from code to execution, even in heterogeneous environments like Azure, AWS, or Google Cloud. This capability will be available in preview starting in May.
Additionally, Microsoft Defender will include advanced features to detect new threats from generative AI, such as prompt injection attacks, data leaks, and fraud related to the misuse of language models. If you'd like to learn more about the impact of artificial intelligence on mobile networks, visit Advances in artificial intelligence in mobile networks.
Strengthening security in Microsoft Teams and Office 365 suite
The field of collaboration tools has also been strengthened. Microsoft Defender for Office 365 will enable specific features to protect Teams starting in April.These will include real-time scanning of links and files that may contain malware or phishing attempts.
In addition, all data and alerts derived from these analyses will be available to security teams, allowing complete traceability of incidents affecting collaborative environmentsFor more information on effective collaboration tactics, check out this guide on Creative uses of Copilot in Office.
Microsoft continues to expand its cybersecurity offering with Solutions that combine automation, artificial intelligence, and deep integration with your cloud servicesThe addition of intelligent agents to Security Copilot represents a significant evolution in how organizations can protect themselves against increasingly sophisticated threats, seeking to keep pace with the advance of attackers, reduce team workloads, and ensure that the adoption of new technologies like AI doesn't create new risk vectors.
