do son 
Image: Microsoft
Microsoft is doubling down on AI-powered security, announcing a significant expansion of its Security Copilot platform with the introduction of AI agents. These autonomous agents are designed to tackle critical security challenges like phishing, data security, and identity management, marking a pivotal shift in how organizations can defend against increasingly sophisticated attacks.
Microsoft’s recognition of the AI imperative in cybersecurity is clear. As stated in their blog post, “The relentless pace and complexity of cyberattacks have surpassed human capacity and establishing AI agents is a necessity for modern security.” This acknowledgment underscores the sheer volume and sophistication of modern cyberattacks, which are overwhelming traditional, human-driven security measures.
One of the most pressing threats addressed by these AI agents is phishing. Microsoft highlights the staggering scale of this issue: “Between January and December 2024, Microsoft detected more than 30 billion phishing emails targeting customers.” This deluge of malicious emails strains security teams, making it challenging to efficiently identify and respond to threats.
To alleviate this burden, Microsoft is introducing the Phishing Triage Agent in Microsoft Defender. This agent is designed to “handle routine phishing alerts and cyberattacks, freeing up human defenders to focus on more complex cyberthreats and proactive security measures.” This automation is crucial, allowing security professionals to prioritize critical tasks and enhance overall security posture.
Beyond phishing, Microsoft is expanding Security Copilot with a suite of AI agents across its security platform. As mentioned in the blog, “Scaling cyber defenses through AI agents is now an imperative to keep pace with this threat landscape. We are expanding Security Copilot with six security agents built by Microsoft and five security agents built by our partners—available for preview in April 2025.”
These Microsoft-built agents include:
- Phishing Triage Agent in Microsoft Defender: To accurately triage phishing alerts.
- Alert Triage Agents in Microsoft Purview: For data loss prevention and insider risk alerts.
- Conditional Access Optimization Agent in Microsoft Entra: To monitor and optimize conditional access policies.
- Vulnerability Remediation Agent in Microsoft Intune: To manage and prioritize vulnerabilities.
- Threat Intelligence Briefing Agent in Security Copilot: To provide tailored threat intelligence.
Microsoft emphasizes that these agents are “purpose-built for security, agents learn from feedback, adapt to workflows, and operate securely—aligned to Microsoft’s Zero Trust framework.” This focus on security and control is paramount, ensuring that these AI tools enhance, rather than compromise, an organization’s security posture.
In addition to Microsoft’s own AI agents, the company is fostering collaboration within the security ecosystem. “Security is a team sport and Microsoft is committed to empowering our security ecosystem with an open platform upon which partners can build to deliver value to customers.” This commitment is reflected in the introduction of five AI agents from Microsoft’s partners, addressing various security needs, including:
- Privacy Breach Response Agent by OneTrust: For data breach analysis and regulatory guidance.
- Network Supervisor Agent by Aviatrix: For root cause analysis of network issues.
- SecOps Tooling Agent by BlueVoyant: To optimize security operations centers.
- Alert Triage Agent by Tanium: To provide context for alert decision-making.
- Task Optimizer Agent by Fletch: To prioritize critical cyberthreat alerts.
Furthermore, Microsoft is addressing the growing challenge of securing AI itself. “Successful AI transformation requires a strong cybersecurity foundation. As organizations rapidly adopt generative AI, there is growing urgency to secure and govern the creation, adoption, and use of AI in the workplace.”
To tackle this, Microsoft is introducing new AI security posture management capabilities and enhanced threat detection for AI-specific risks. They are also providing controls to prevent risky access and data leaks into “shadow AI” applications.
Microsoft’s commitment to innovation and collaboration is evident in its continued investment in AI-driven security. As Alexander Stojanovic, Vice President of Microsoft Security AI Applied Research, notes, “This is just the beginning; our security AI research is pushing the boundaries of innovation, and we are eager to continuously bring even greater value to our customers at the speed of AI.”
With these latest advancements, Microsoft is empowering organizations to navigate the complex threat landscape with greater confidence, leveraging the power of AI to build a safer digital world.
