How Microsoft's New AI Agents Boost Enterprise Security

Two factors define modern cyberattacks and the threat actors that drive them: complexity and relentless pace. 

It’s a vastly challenging and rapidly evolving landscape that, in an increasing number of cases, leaves security professionals and business teams overwhelmed by a constant pressure to stay one step ahead of adversaries. 

In this context, vulnerabilities that may have been low risk yesterday can quickly be exploited and become high risk tomorrow. 

Assessing the impact of these vulnerabilities and prioritising them effectively adds complexity, time and resources to the security process and impacts enterprise security.

For this reason, AI agents have become a crucial component of organisational security, automating tasks, improving threat detection and enabling proactive measures that free teams to focus on critical issues. 

Recognising this shift, Microsoft has unveiled six of its own AI agents for its Security Copilot – a Gen AI-powered security solution for businesses – and five agents that have been created by its partners. 

Expanding Security Copilot with agentic AI

Microsoft launched Security Copilot in April 2024. It was created in response to organisations grappling with data overload, alert exhaustion and limited visibility across myriad security solutions while facing a significant rise in global cybercrime. 

Security Copilot was the industry’s first Gen AI solution at time of launch, using the technology to help security and IT professionals catch what others miss, move faster and strengthen expertise. 

It is informed by large-scale data and Microsoft Threat Intelligence, which processes 84 trillion signals per day, including 7,000 password attacks per second. 

The company says that scaling existing defences with agentic AI is imperative if teams are to keep pace with this vast threat landscape. 

“This is just the beginning; our security AI research is pushing the boundaries of innovation, and we are eager to continuously bring even greater value to our customers at the speed of AI,” says Alexander Stojanovic, Vice President of Microsoft Security AI Applied Research.

Microsoft’s six new AI agents

The company’s six in-house developed agents are purpose-built for security applications and enabling teams to autonomously deal with high-volume security processes. They also integrate into existing Microsoft security solutions. 

The agents learn from feedback, operate securely and adapt to existing workflows within the business. 

They are also aligned with Microsoft’s Zero Trust framework, a comprehensive standard designed to safeguard people, devices, apps and data. 

Rather than assuming all enterprise activity is safe behind corporate firewalls, the company’s Zero Trust model authenticates, authorises and encrypts every request before granting access to the network.  

Underpinned by this strong foundation, Microsoft’s six new agents for Security Copilot are:

• Phishing Triage Agent in Microsoft Defender: triages phishing alerts to identify real cyberthreats and false alarms, and improves detection based on admin feedback.
• Alert Triage Agents in Microsoft Purview: offers triage data loss prevention and insider risk alerts and prioritises critical incidents. 
• Conditional Access Optimisation Agent in Microsoft Entra: searches for new users or apps not covered by existing organisation policies, identifies relevant updates to close potential gaps, and recommends fixes.
• Vulnerability Remediation Agent in Microsoft Intune: monitors and prioritises vulnerabilities and remediation tasks.
• Threat Intelligence Briefing Agent in Security Copilot: automated curation of relevant and timely threat intelligence based on the unique attributes and security posture of the organisation.

Microsoft partner agents

Microsoft works with a broad security ecosystem in order to provide customers with a robust and comprehensive suite of solutions. 

In this spirit, the company is also releasing five agents created by partners. This includes:

• Privacy Breach Response Agent by OneTrust: analyses data breaches and generates guidance on meeting regulatory requirements.
• Network Supervisor Agent by Aviatrix: carries out root cause analysis and provides information on security issues.
• SecOps Tooling Agent by BlueVoyant: assesses security operations centres (SOCs) to optimise operations and improve controls.
• Alert Triage Agent by Tanium: provides necessary context to inform analyst decision making. 
• Task Optimizer Agent by Fletch: forecasts and prioritises the most critical cyberthreat alerts to minimise alert fatigue and improve security.

Blake Brannon, Chief Product Officer and Strategy Officer at Microsoft partner OneTrust says: “An agentic approach to privacy will be game-changing for the industry. Autonomous AI agents will help our customers scale, augment and increase the effectiveness of their privacy operations.

“Built using Microsoft Security Copilot, the OneTrust Privacy Breach Response Agent demonstrates how privacy teams can analyse and meet increasingly complex regulatory requirements in a fraction of the time required historically.”

Explore the latest edition of Cyber Magazine and be part of the conversation at our global conference series, Tech & AI LIVE and Cyber LIVE.

Discover all our upcoming events and secure your tickets today.

Cyber Magazine is a BizClik brand