In the fast-evolving age of Artificial Intelligence (AI), traditional methods of mitigating cyber attacks are quickly becoming obsolete. In 2024, Microsoft recorded 30 billion phishing emails, with an average of 7,000 password attacks being launched every second. These current AI-powered cyber threats demonstrate that cybersecurity professionals require more sophisticated tools to manage and respond to these relentless attacks.
Microsoft is addressing this challenge by using its AI-powered end-to-end security platform. This innovative solution involves developing intelligent AI security agents. These agents are designed to detect threats in milliseconds, analyze complex security scenarios, continuously learn from interactions, and most importantly, allow human experts to focus on more critical security tasks.
A total of 11 Microsoft AI agents – six built by Microsoft and 5 from partners, will be used to increase the functionality of Security Copilot. These features will be available for preview in April 2025. They include:
- Phishing Triage Agent (Microsoft Defender): Identifies cyberthreats and false alarms from phishing alerts, explains its decisions, and improves accuracy with admin feedback.
- Alert Triage Agent (Microsoft Purview): Handles data loss prevention and insider risk alerts, prioritizes critical incidents, and refines precision based on admin feedback.
- Conditional Access Optimization Agent (Microsoft Entra): Detects gaps in existing access policies, recommends updates, and suggests swift fixes for identity teams to apply.
- Vulnerability Remediation Agent (Microsoft Intune): Assesses vulnerabilities, prioritizes tasks to fix configuration issues, and fast-tracks OS patches with admin approval.
- Threat Intelligence Briefing Agent (Security Copilot): Provides curated and timely threat intelligence tailored to an organization’s specific cyber risk profile.
With collaboration being an important measure in promoting security, they partnered with cybersecurity specialists to create the following additional AI agents:
- Privacy Breach Response Agent by OneTrust.
- Network Supervisor Agent by Aviatrix.
- SecOps Tooling Agent by BlueVoyant.
- Alert Triage Agent by Tanium.
- Task Optimizer Agent by Fletch.
These Microsoft AI agents are an improvement over traditional SOAR and XDR platforms. As cyber threats continue to grow more sophisticated, Artificial Intelligence will undoubtedly become our most powerful defensive technology.
About the author:
