Microsoft unveils Microsoft Security Copilot agents and new protections for AI

Microsoft has unveiled six new Microsoft Security Copilot agents. Building on the transformative capabilities of Security Copilot, the six Microsoft Security Copilot agents enable teams to autonomously handle high-volume security and IT tasks while seamlessly integrating with Microsoft Security solutions. Purpose-built for security, agents learn from feedback, adapt to workflows, and operate securely, aligned to Microsoft’s Zero Trust framework. With security teams fully in control, agents accelerate responses, prioritise risks and drive efficiency to enable proactive protection and strengthen an organisation’s security posture.

Security Copilot agents will be available across the Microsoft end-to-end security platform, designed for the following - 

• Phishing Triage Agent in Microsoft Defender triages phishing alerts with accuracy to identify real cyberthreats and false alarms. It provides easy-to-understand explanations for its decisions and improves detection based on admin feedback.
• Alert Triage Agents in Microsoft Purview triage data loss prevention and insider risk alerts, prioritise critical incidents and continuously improve accuracy based on admin feedback. 
• Conditional Access Optimization Agent in Microsoft Entra monitors for new users or apps not covered by existing policies, identifies necessary updates to close security gaps, and recommends quick fixes for identity teams to apply with a single click.
• Vulnerability Remediation Agent in Microsoft Intune monitors and prioritizes vulnerabilities and remediation tasks to address app and policy configuration issues and expedites Windows OS patches with admin approval.
• Threat Intelligence Briefing Agent in Security Copilot automatically curates relevant and timely threat intelligence based on an organization’s unique attributes and cyberthreat exposure.

Following five AI agents from Microsoft partners will be available in Security Copilot -

• Privacy Breach Response Agent by OneTrust analyses data breaches to generate guidance for the privacy team on how to meet regulatory requirements.
• Network Supervisor Agent by Aviatrix performs root cause analysis and summarizes issues related to VPN, gateway, or Site2Cloud connection outages and failures.
• SecOps Tooling Agent by BlueVoyant assesses a security operations center (SOC) and state of controls to make recommendations that help optimise security operations and improve controls, efficacy and compliance.
• Alert Triage Agent by Tanium provides analysts with the necessary context to quickly and confidently make decisions on each alert.
• Task Optimiser Agent by Fletch helps organisations forecast and prioritise the most critical cyberthreat alerts to reduce alert fatigue and improve security.

Comments

“This is just the beginning; our security AI research is pushing the boundaries of innovation, and we are eager to continuously bring even greater value to our customers at the speed of AI,” said Alexander Stojanovic, VP, Microsoft Security AI Applied Research.

“An agentic approach to privacy will be game-changing for the industry. Autonomous AI agents will help our customers scale, augment, and increase the effectiveness of their privacy operations. Built using Microsoft Security Copilot, the OneTrust Privacy Breach Response Agent demonstrates how privacy teams can analyse and meet increasingly complex regulatory requirements in a fraction of the time required historically,” said Blake Brannon, Chief Product and Strategy Officer, OneTrust.