Microsoft Introduces Agency in Security Copilot with New AI Agents

In an exciting development for cybersecurity, Microsoft recently announced enhancements to its Security Copilot, giving it increased agency through the integration of specialized AI agents. This update aims to help organizations automate a variety of tasks within the Microsoft security ecosystem, giving security teams more time to focus on critical issues.

First launched in 2023, Security Copilot promised to automate the initial triage of security incidents, particularly within Microsoft Defender XDR. At a press event held on March 20 in San Francisco, Vasu Jakkal, Microsoft’s Corporate Vice President of Security, Compliance, Identity, and Management, unveiled a comprehensive plan for the future of Security Copilot. The latest version is now backed by 11 task-specific agents that seamlessly interact with Microsoft’s suite of security products, including Defender, Purview, Entra, and Intune.

"We are entering an era of agency in AI," Jakkal emphasized. "You will hear about agents everywhere. But what exactly are these agents?" While that question remained somewhat unanswered at the event, it set the stage for a deeper exploration of the roles these agents would play in enhancing security.

The newly introduced agents serve specific functions, ranging from sorting phishing reports to monitoring identity issues. Among the Microsoft-developed agents are:

• Phishing Triage Agent: Efficiently sorts phishing reports in Microsoft Defender.
• Alert Triage Agent: Handles data loss prevention and insider risk alerts in Microsoft Purview.
• Conditional Access Optimization Agent: Monitors identity and policy issues within Microsoft Entra.
• Vulnerability Remediation Agent: Prioritizes vulnerability fixes in Microsoft Intune.
• Threat Intelligence Briefing Agent: Curates critical threat intelligence updates for Security Copilot.

Additionally, five of the agents come courtesy of Microsoft Security partners, which include:

• Privacy Breach Response Agent (OneTrust): Provides guidance on handling data breaches.
• Network Supervisor Agent (Aviatrix): Performs root cause analysis for network issues.
• SecOps Tooling Agent (BlueVoyant): Evaluates security operations center controls.
• Alert Triage Agent (Tanium): Assists security analysts in prioritizing alerts.
• Task Optimizer Agent (Fletch): Forecasts and prioritizes threat alerts.

The 11th agent is integrated into Microsoft Purview Data Security Investigations (DSI), designed to assist data security teams in navigating data exposure risks. These agents leverage the generative AI’s natural language capabilities to summarize high volumes of information like phishing warnings and threat alerts, thereby highlighting the most pressing signals for human decision-makers.

Given the rapid evolution of the security landscape, Jakkal noted the increasing volume of cyberattacks, which have surged from 4,000 to 7,000 attacks per second, translating to a staggering 600 million attacks daily. This urgency underscores Microsoft’s commitment to deploying AI agents that can adapt and respond without manual oversight.

According to Jakkal, organizations that have used Security Copilot report a significant 30% reduction in response times for incidents. Newcomers to the security field have been found to work 26% faster and 35% more accurately, while seasoned professionals benefitted from a 22% increase in response speed and a 7% improvement in accuracy.

Intrigued by potential pitfalls associated with AI agents, The Register consulted Tori Westerhoff, director of AI safety and security red teaming at Microsoft. She expressed confidence in the company’s approach to AI security, highlighting built-in safeguards to minimize issues such as cross-prompt injection.

"We work proactively to identify and address vulnerabilities before these agents reach customers," she assured. Although Westerhoff refrained from sharing specific metrics regarding false positives and failures during development, she emphasized the rigorous vetting process the agents undergo.

Nick Goodman, a product architect for Security Copilot, showcased the Phishing Triage Agent’s operational capabilities, explaining how many phishing reports received are often false positives. This agent is intended to alleviate the manual labor of triaging these reports, streamlining the process for cybersecurity analysts. To further train the system, users must provide feedback on flagged messages, emphasizing a collaborative learning experience.

Ojas Rege, SVP and General Manager at OneTrust, demonstrated how the Privacy Breach Response Agent assists corporate privacy officers with complex data breach regulations. It offers a prioritized list of actions based on an extensive regulatory research database, though the final notification to governing authorities still requires human intervention.

As cybersecurity threats grow increasingly sophisticated, Microsoft’s latest innovations in AI agents mark a significant step towards optimized security measures, allowing teams to respond effectively while alleviating repetitive tasks.

The AI Buzz Hub team is excited to see where these breakthroughs take us. Want to stay in the loop on all things AI? Subscribe to our newsletter or share this article with your fellow enthusiasts.