Microsoft is rolling out a suite of AI-powered agents for its Security Copilot program, aiming to streamline security tasks for professionals. Announced on Monday and set for a preview release in April, the launch includes six Microsoft-built agents and five from third-party partners.
Integrated with Microsoft’s security products, the six in-house agents are designed to help security teams manage high-volume tasks. These agents will learn from user feedback and align with Microsoft’s Zero Trust framework.
The Microsoft agents include:
- Phishing triage agent in Microsoft Defender: Prioritizes Microsoft Defender phishing alerts, distinguishing real threats from false positives and improving based on feedback.
- Alert triage agent in Microsoft Purview: Prioritizes Microsoft Purview alerts about data loss and insider risks, also refining its behavior with user input.
- Conditional access optimization agent in Microsoft Entra: Identifies new users and apps in Microsoft Entra not covered by existing policies, suggesting updates and quick fixes for identity and authentication methods
- Vulnerability remediation agent in Microsoft Intune: Prioritizes security vulnerabilities, detects app and policy configuration problems, and recommends Windows patches.
- Threat intelligence briefing agent in Security Copilot: Provides relevant and urgent threat intelligence based on an organization’s environment and specific risk exposure.
The five third-party agents, all available in Security Copilot, feature:
- Privacy breach response agent by OneTrust: Analyzes data breaches and provides guidance on meeting regulatory requirements.
- Network supervisor agent by Aviatrix: Scans and analyzes security risks associated with VPN, gateway, and Site2Cloud connection failures.
- SecOps tooling agent by BlueVoyant: Assesses your security operations center and controls, offering improvement advice.
- Alert triage agent by Tanium: Contextualizes security alerts to assist in handling decisions.
- Task optimizer agent by Fletch: Prioritizes critical security alerts for appropriate action.
Launched a year ago, Microsoft Security Copilot uses AI to monitor and analyze security threats, automating tasks to free up IT staff. It offers guidance to help staff focus their efforts, improve response time and effectiveness.
Microsoft now lets Copilot use your phone from PC
Security Copilot operates on a pay-as-you-go model, billed monthly through a Security Compute Unit (SCU) at $4 per hour. Microsoft estimates a monthly cost of around $2,920 for one SCU used 24/7.
Kris Bondi, CEO of Mimoto, noted that while AI agents can’t detect threats, they can execute multi-step responses based on specific cues. J. Stephen Kowski, Field CTO at SlashNext Email Security+, added that despite the promise of improved threat response, baseline models have had mixed results, and adoption of Microsoft’s Security Copilot has been slower than anticipated due to questions about data handling and costs.
