Microsoft has expanded its AI-driven Security Copilot with six proprietary AI agents to help security teams.
The company is also working with partners to add five more third-party agents into the mix.
The security agents will be available for preview next month. They are designed to autonomously triage and process phishing alerts, data loss alerts, prioritize critical incidents, and monitor vulnerabilities.
The Microsoft-made agents include:
Microsoft Security partners have also contributed to the agent pool:
The eleventh agent resides in Microsoft Purview Data Security Investigations (DSI), an AI-based service designed to help data security teams deal with data exposure risks.
Essentially, these agents use the natural language capabilities of generative AI to automate the summarization of high-volume data like phishing warnings or threat alerts so that human decision makers can focus on signals deemed to be the most pressing.
This fits with Jakkal’s thesis that the security landscape is changing faster than people can handle, making it necessary to rely on non-deterministic macros, or AI agents in more modern jargon.
“You look at this web landscape, the speed, the scale, and the sophistication is increasing dramatically,” she said. “From last year when we were seeing 4,000 attacks per second, we’re seeing 7,000 attacks per second. That translates to 600 million attacks a day.”
New AI agents to autonomously handle high-volume security tasks
Microsoft’s AI security agents enable teams to autonomously handle high-volume security and IT tasks.
Phishing Triage Agent in Microsoft Defender evaluates phishing alerts to distinguish between genuine cyber threats and false alarms. It offers clear explanations for its decisions and enhances detection capabilities based on administrator feedback.
Alert Triage Agents in Microsoft Purview analyze data loss prevention and insider risk alerts, helping prioritize critical incidents while continuously improving accuracy through admin input.
AI agent will identify necessary updates to close security vulnerabilities
Conditional Access Optimization Agent in Microsoft Entra detects new users or apps not covered by existing policies, identifies necessary updates to strengthen security, and provides quick-fix recommendations.
Vulnerability Remediation Agent in Microsoft Intune monitors and prioritizes vulnerabilities and remediation tasks, addressing app and policy configuration issues while expediting Windows OS patches with admin approval.
Threat Intelligence Briefing Agent in Security Copilot automatically compiles relevant and timely threat intelligence tailored to an organization’s unique attributes and cyber threat landscape.
Microsoft is also enhancing its phishing protection in Teams
Along with the new AI agents, Microsoft is also enhancing its phishing protection in Microsoft Teams.
Starting next month, Microsoft Defender for Office 365 will offer enhanced protection against phishing and other cyber threats within Teams.
This includes improved defenses against malicious URLs and attachments, further strengthening Microsoft’s commitment to safeguarding users from potential cyber threats.
Third-party agents to enhance Security Copilot’s capabilities
The five third-party agents included in the Security Copilot are: Privacy Breach Response Agent by OneTrust; Network Supervisor Agent by Aviatrix; SecOps Tooling Agent by BlueVoyant; Alert Triage Agent by Tanium; and Task Optimizer Agent by Fletch.
These agents will further enhance the capabilities of Microsoft’s AI-driven cybersecurity solution.
As per Microsoft, 57% of organizations report an increase in security incidents from AI usage. Password attacks make up more than 99% of the identity attacks
