Microsoft has announced a significant expansion of its AI-powered security capabilities, introducing autonomous security agents and enhanced protections for artificial intelligence systems. 

The new offerings aim to address the exponential growth in cyberattacks, which now include more than 30 billion phishing emails detected between January and December 2024 and approximately 7,000 password attacks per second.

New AI Agents Transform Security Operations

Microsoft is expanding Security Copilot with six proprietary AI agents and five partner-built agents, all scheduled for preview in April 2025. 

These autonomous agents are designed to handle high-volume security tasks while seamlessly integrating with Microsoft’s existing security ecosystem:

The Microsoft-built agents include the Phishing Triage Agent in Microsoft Defender, which autonomously evaluates phishing alerts to distinguish between genuine threats and false positives. 

The Alert Triage Agents in Microsoft Purview prioritize data loss prevention and insider risk incidents, while the Conditional Access Optimization Agent in Microsoft Entra identifies security gaps in identity protection policies.

Stop attacks before they start, powered by a 97% precise neural Network to Detect Cyber Attacks

Additional Microsoft agents include the Vulnerability Remediation Agent in Microsoft Intune, which prioritizes and expedites patch management, and the Threat Intelligence Briefing Agent, which curates relevant threat data based on an organization’s unique security profile.

Microsoft’s security ecosystem expands with five partner-built agents, including OneTrust’s Privacy Breach Response Agent, which analyzes data breaches to generate regulatory compliance guidance. 

Additional partner agents include Aviatrix’s Network Supervisor Agent, BlueVoyant’s SecOps Tooling Agent, Tanium’s Alert Triage Agent, and Fletch’s Task Optimizer Agent.

Protecting Against Emerging AI Threats

With 57% of organizations reporting an increase in security incidents from AI usage, Microsoft is introducing new solutions to secure AI investments. 

Microsoft Defender has extended AI security posture management beyond Azure and AWS to include Google VertexAI and all models in the Azure AI Foundry catalog, including Gemini, Gemma, Meta Llama, and Mistral models.

New detections for OWASP-identified AI risks—including indirect prompt injection attacks, sensitive data exposure, and wallet abuse—will be generally available in Microsoft Defender starting May 2025. 

These enhancements provide better protection for custom-built AI applications using Azure OpenAI Service and Azure AI Foundry models.

To combat “shadow AI,” Microsoft is introducing AI web category filters in Microsoft Entra internet access and Microsoft Purview browser data loss prevention controls in Edge for Business, preventing sensitive data from being entered into unauthorized AI applications like ChatGPT and Google Gemini.

These innovations reflect Microsoft’s Secure Future Initiative principles, providing organizations with comprehensive tools to secure and govern AI while strengthening overall cybersecurity posture in an increasingly complex threat landscape.