Microsoft is significantly enhancing its Security Copilot platform with the introduction of new AI agents designed to automate and streamline various security tasks. This update aims to empower IT administrators by providing autonomous assistance in crucial areas such as phishing protection, data security, and identity management.
Building upon the foundation of Microsoft Security Copilot, which utilizes text prompts to identify and resolve security issues, the new AI agents will take the platform to a more proactive level. Microsoft is introducing six new security agents, alongside five from its partners, all scheduled for preview in April 2025.
Among the new Microsoft agents, the Phishing Triage Agent within Microsoft Defender will play a crucial role in accurately identifying phishing threats and minimizing false alarms. Alert Triage Agents in Microsoft Purview will assist in managing data loss prevention and insider risk alerts, prioritizing critical incidents and improving accuracy through administrator feedback. The Conditional Access Optimization Agent in Microsoft Entra will track new users and applications, identifying security gaps and recommending solutions. The Vulnerability Remediation Agent in Microsoft Intune will monitor and prioritize vulnerabilities related to application and policy configurations. Lastly, the Threat Intelligence Briefing Agent in Security Copilot will provide timely and relevant threat intelligence tailored to an organization’s specific attributes and threat exposure.
Leveraging Microsoft’s open platform, partners are also contributing valuable AI agents. The Privacy Breach Response Agent from OneTrust will analyze data breaches and provide guidance for privacy teams to ensure regulatory compliance. The Network Supervisor Agent by Aviatrix will perform root cause analysis and summarize network issues related to VPN, gateway, and Site2Cloud connections. BlueVoyant’s SecOps Tooling Agent will assess security operations centers and control states, offering optimization recommendations. Tanium’s Alert Triage Agent will provide analysts with context for informed decision-making. Finally, Fletch’s Task Optimizer Agent will help organizations forecast and prioritize critical cyberthreat alerts, reducing alert fatigue.
These new AI security agents are poised to significantly reduce the manual workload for IT and security teams, enhancing operational effectiveness and strengthening the overall security posture of enterprise organizations. By automating critical security tasks, these agents will allow security professionals to focus on more strategic initiatives, ultimately improving an organization’s defense against evolving cyberthreats.
