Microsoft is expanding the features of its Security Copilot service with AI agents, and a number of AI agents from partners will also become available.
Security Copilot is a special version of Microsoft Copilot that helps security professionals retrieve data about leaks based on natural language prompts and automate related tasks.
Of the AI agents for Security Copilot that have now been released, six are from Microsoft itself. Three new AI agents help security experts search all alerts for possible information about incidents. The Phishing Triage Agent for Microsoft Defender analyzes phishing alerts within a company’s security systems and filters out false positives.
Two so-called Alert Triage Agents in Microsoft Purview analyze notifications to detect employees’ improper use of business data.
The Conditional Access Optimization Agent in Microsoft Entra monitors access rules and warns administrators of unsafe configurations. They can solve these problems with a single click.
The Vulnerability Remediation Agent in Microsoft Intune helps administrators identify vulnerable endpoints faster and more easily and implement OS updates. Furthermore, the Threat Intelligence Briefing Agent in Security Copilot ensures that relevant security reports are generated automatically and on time.
Security Pilot agents from partners
In addition to Microsoft’s new AI agents, five partners have also introduced AI agents. These external agents come from Aviatrix Systems, OneTrust, Tanium, Fletch and BlueVoyant and cover specific use cases that Security Copilot does not offer as standard.
The Aviatrix agent helps solve network problems, while the OneTrust agent helps companies comply with privacy regulations. The BlueVoyant SecOps agent optimizes SOC activities and makes recommendations for improvement.
The Alert Triage agent from Tanium provides analysts with the correct context for alerts. Lastly, the Fletch Task Optimizer Agent ensures that companies can predict and prioritize the most critical cyber threats.
Other new security features
Microsoft has also rolled out new AI-focused features across the rest of its security portfolio. For example, the business browser version Edge for Business now ensures that employees cannot enter sensitive data into various AI chatbots. This functionality will also be available for integrations with Microsoft Purview and SASE tools from other parties.
Microsoft Defender will get new AI security functionality, specifically to make the use of various LLM within AI platforms and cloud environments more secure.
This functionality is already available, but from May 2025, it will be extended in preview to Google Vertex AI and all LLMs in the Azure Foundry LLM catalog, including Google Gemini, Gemma, Meta Llama, Mistral AI, and custom AI models. This security feature will also cover Google Cloud in addition to Azure and AWS.
Furthermore, a new version of Microsoft Defender for Office 365 will be released in April 2025, which should better protect users against phishing attacks and other threats, including in Teams.
Also read: SUSE Security events land on Microsoft Sentinel and Security Copilot