Microsoft Unveils AI-Powered Security Agents to Enhance Cyber Defense at Scale

Microsoft has announced a major evolution of its Security Copilot platform, introducing new AI agents designed to autonomously assist with pressing cybersecurity challenges, including phishing, identity management, and data protection.
Launched a year ago to help security teams detect and respond to incidents more effectively, Security Copilot now leverages agent-based automation to handle high-volume security tasks at scale, essential in an era where cyberattacks have outpaced human capacity to respond manually.
AI Agents Designed to Defend at Scale
Between January and December 2024, Microsoft identified over 30 billion phishing emails, underscoring the need for intelligent automation. The newly introduced phishing triage agent in Microsoft Defender can process routine alerts, freeing security professionals to focus on more critical and proactive security strategies.
Microsoft is launching six new Security Copilot agents, available in preview starting April 2025, alongside five partner-developed agents. These agents are built to operate within Microsoft's existing security platforms, Defender, Entra, Intune, and Purview, while adhering to Zero Trust principles and learning from user feedback to improve continually.
Microsoft’s Six New AI-Powered Security Agents
Microsoft's updated Security Copilot adds six AI agents to enhance threat response. These include tools for phishing detection, insider risk triage, access policy fixes, vulnerability patching, and threat intelligence, with Core Agents streamlining security operations across platforms.
Microsoft is enhancing Security Copilot with five partner-developed agents. These include OneTrust’s Privacy Breach Response Agent for regulatory guidance after data breaches, Aviatrix’s Network Supervisor Agent for diagnosing connectivity issues, and BlueVoyant’s SecOps Tooling Agent for improving SOC efficiency. Tanium’s Alert Triage Agent helps prioritize alerts, while Fletch’s Task Optimizer Agent identifies the most urgent threats to reduce alert fatigue.
Also read: Microsoft Adds Advanced AI Research Tools to Copilot Suite
Advancing AI Governance and Security
Microsoft is adding new features to Defender, Entra, and Purview to address growing AI security concerns. In May 2025, it will launch AI security posture management tools, expanding Defender’s support to include Google VertexAI and models from Meta, Mistral, and Gemini, alongside Azure AI.
New Defenses Against AI-Specific Threats
Microsoft is enhancing AI security with new tools launching in May 2025 to detect emerging threats like prompt injection, wallet abuse, and data leaks, aligned with OWASP's top AI risks. To counter "shadow AI," new protections include AI Web Filtering in Entra and Purview DLP for Edge to block sensitive data entry into tools like ChatGPT and Gemini. In April 2025, Purview will introduce AI-powered data security investigations, and Defender for Office 365 will expand phishing protection to Microsoft Teams with real-time scanning and integrated alerts.