Microsoft has announced several new AI agents for its Security Copilot solution to assist with enterprise resilience.
These agents intend to support security and IT admins with critical areas such as phishing, data security, and identity management. Meanwhile, AI security remains a top priority, driving innovations in Microsoft Defender, Entra, and Purview to enhance protection and governance.
Vasu Jakkal, Corporate Vice President of Microsoft Security, wrote in an announcement blog post:
We are excited to announce the next evolution of Security Copilot with AI agents designed to autonomously assist with critical areas such as phishing, data security, and identity management. The relentless pace and complexity of cyberattacks have surpassed human capacity and establishing AI agents is a necessity for modern security.”
Microsoft Copilot Security launched last April with the remit of helping security and IT admins “catch what others miss, move faster, and strengthen team expertise.” Copilot for Security functions ostensibly as a chatbot for security admins to use to read and analyse critical information such as threat summaries and security incidents.
Microsoft cites the ever-growing necessity for vigilance around cybersecurity as an inspiration for the agents’ introduction. For example, Jakkal notes that phishing remains a major cyber threat, with Microsoft detecting over 30 billion attacks in 2024. Microsoft Security Copilot’s new phishing triage agent automates alerts, freeing defenders to tackle complex threats.
More Specifics on the New Security Agents’ Feature Sets
Microsoft has introduced six specialised Security Copilot agents to help security and IT teams manage high-volume tasks autonomously. The tech giant stresses that these AI-driven agents integrate with Microsoft Security solutions, learning from feedback, adapting to workflows, and operating within its Zero Trust framework. The pitch is that with security teams in control, they accelerate responses, prioritise risks, and enhance efficiency to affirm cyber resilience.
Each agent is tailored for a specific function within Microsoft’s security ecosystem. The Phishing Triage Agent in Microsoft Defender precisely assesses phishing alerts, distinguishing real threats from false alarms while improving detection based on admin feedback. In Microsoft Purview, Alert Triage Agents prioritise critical data loss prevention and insider risk alerts, which Microsoft says constantly refines accuracy.
The Conditional Access Optimisation Agent in Microsoft Entra identifies gaps in security policies and recommends quick fixes for identity teams. In Microsoft Intune, the Vulnerability Remediation Agent monitors and prioritises vulnerabilities, streamlining app and policy configuration fixes and expediting Windows OS patches with admin approval.
Finally, the Threat Intelligence Briefing Agent in Security Copilot curates real-time threat intelligence based on an organisation’s unique risk profile, providing security teams with proactive insights.
Microsoft says these Security Copilot agents enable faster threat response, smarter risk management, and stronger overall protection by automating key security tasks.
Microsoft Partners Also Delivering New AI Agents to Reinforce Enterprise Security
Microsoft outlines that it’s expanding Security Copilot with an open platform, allowing partners to build AI-driven solutions that enhance security operations. Five partner-developed agents will be available, each designed to streamline key security tasks.
The Privacy Breach Response Agent by OneTrust helps organisations analyse data breaches and provides guidance on meeting regulatory requirements. The Network Supervisor Agent by Aviatrix diagnoses VPN, gateway, and Site2Cloud connection failures, summarising key insights to speed up troubleshooting.
For security operations, the SecOps Tooling Agent by BlueVoyant evaluates an organisation’s security operations centre (SOC) and control effectiveness, offering recommendations to optimise security posture and improve compliance. Meanwhile, the Alert Triage Agent by Tanium provides analysts with the necessary context to make faster, more informed decisions on security alerts.
The Task Optimiser Agent by Fletch helps organisations forecast and prioritise critical cyberthreat alerts, reducing alert fatigue and improving response efficiency.
Cybercriminals are Spreading Malware to Microsoft 365 Accounts via Fake Apps (Again)
Microsoft’s launch of AI agents for Copilot Security is timely, given that its ecosystem is again under scrutiny this week for cybercriminal attacks, this time through spreading malware to Microsoft 365 accounts via fake apps.
Cybercriminals are exploiting malicious Microsoft OAuth applications disguised as legitimate software, including Adobe Drive, Adobe Drive X, Adobe Acrobat, and DocuSign. These fraudulent apps deceive users into granting permissions, allowing attackers to distribute malware and gain access to Microsoft 365 account credentials.
Researchers at Proofpoint identified these attacks, describing them as “highly targeted” in a post on X. The phishing campaigns delivering these malicious applications originated from compromised email accounts belonging to charities and small businesses, most likely Office 365 accounts.
The attacks affected organisations across various US and European sectors, including government, healthcare, supply chain, and retail. Many phishing emails employ familiar social engineering tactics, such as fake requests for proposals (RFPs) and contract-related messages, to lure recipients into clicking malicious links.
