Microsoft Unveils New AI Agents for Business Security

The threat landscape for cybersecurity is fast-moving and complex. Cyberattacks evolve constantly and demand more from security professionals, who are under pressure to stay ahead of adversaries.

Threat actors operate at a relentless pace, meaning that vulnerabilities previously seen as minor can become major concerns in hours. What was low risk yesterday may pose high risk today.

These shifting dynamics complicate efforts to assess and prioritise vulnerabilities and security teams must dedicate extra time, energy and resources to stay on top of threats.

To reduce the load, organisations are turning to AI agents. These systems automate repetitive work, enhance detection and offer preventative measures that give teams room to focus on what matters most.

In line with this trend, Microsoft has expanded its Security Copilot solution with 11 AI agents, with six developed in-house and five from partners. 

These additions mark the next step in the company’s strategy to scale security operations using Gen AI.

Why Security Copilot keeps businesses safe

Microsoft introduced Security Copilot in April 2024. This product combines Gen AI technology with Microsoft Threat Intelligence data, which processes 84 trillion signals per day and blocks 7,000 password attacks per second. The solution helps IT and security teams make faster decisions, uncover hidden threats and apply their expertise where it’s needed most.

Security Copilot was the first Gen AI security tool when it launched. It addresses three main issues businesses face today: too much data, too many alerts and too little visibility across a range of security platforms. Microsoft says that using agentic AI offers a way to meet the scale and speed of modern threats.

"This is just the beginning; our security AI research is pushing the boundaries of innovation, and we are eager to continuously bring even greater value to our customers at the speed of AI,” says Alexander Stojanovic, Vice President of Microsoft Security AI Applied Research.

Inside Microsoft’s AI agents

Each of the six agents created by Microsoft is purpose-built for a distinct security function. They are designed to integrate into Microsoft’s existing security ecosystem and align with the company’s Zero Trust model. Zero Trust is an approach where no user, device or app is trusted by default, even if inside the network perimeter. Every request is authenticated, authorised and encrypted before access is granted.

These new agents can operate independently, adapt to business workflows and learn from admin feedback. They include:

• Phishing Triage Agent in Microsoft Defender: filters phishing alerts to separate real threats from false positives and learns from admin input to enhance detection.

• Alert Triage Agents in Microsoft Purview: evaluates alerts linked to data loss prevention and insider risk, flagging the most critical incidents.

• Conditional Access Optimisation Agent in Microsoft Entra: identifies gaps in access policies and suggests updates to address unprotected users or applications.

• Vulnerability Remediation Agent in Microsoft Intune: tracks and prioritises system vulnerabilities and automates remediation planning.

• Threat Intelligence Briefing Agent in Security Copilot: creates briefings using threat intelligence relevant to the organisation’s environment and risk profile.

These agents function autonomously, freeing security professionals to focus on high-impact challenges rather than routine investigations.

Five agents from Microsoft’s partners

Alongside Microsoft’s own agents, five more have been introduced through partnerships. Each brings a specialised capability to complement Microsoft’s broader security offering. These include:

• Privacy Breach Response Agent by OneTrust: evaluates breaches and advises on compliance with data protection rules.

• Network Supervisor Agent by Aviatrix: conducts root cause analysis on network security issues and provides guidance for resolution.

• SecOps Tooling Agent by BlueVoyant: audits security operations centres (SOCs) and suggests operational improvements.

• Alert Triage Agent by Tanium: adds detailed context to alerts to help analysts make more informed decisions.

• Task Optimizer Agent by Fletch: predicts which alerts need attention first and reduces analyst overload by deprioritising less relevant notifications.

These partner-built agents expand the use of Security Copilot beyond Microsoft’s ecosystem, giving customers access to more ways of tackling different areas of enterprise security.

Blake Brannon, Chief Product and Strategy Officer at OneTrust, says: “An agentic approach to privacy will be game-changing for the industry. Autonomous AI agents will help our customers scale, augment and increase the effectiveness of their privacy operations.

“Built using Microsoft Security Copilot, the OneTrust Privacy Breach Response Agent demonstrates how privacy teams can analyse and meet increasingly complex regulatory requirements in a fraction of the time required historically.”

Explore the latest edition of AI Magazine and be part of the conversation at our global conference series, Tech & AI LIVE. 

Discover all our upcoming events and secure your tickets today.

AI Magazine is a BizClik brand