Microsoft’s new AI agents take on phishing, patching, alert fatigue
Microsoft is rolling out a new generation of AI agents in Security Copilot, built to help with some of the most time-consuming security challenges, such as phishing, data protection, and identity management.
Phishing is still one of the most common — and costly — types of cyberattacks out there. Last year, from January to December 2024, Microsoft spotted over 30 billion phishing emails aimed at customers. The sheer volume is staggering, and it’s more than most security teams can handle, especially if they’re stuck using manual processes or juggling disconnected tools.
New Microsoft Security Copilot agents
Microsoft is expanding Security Copilot’s capabilities with six new AI agents designed to help security teams tackle high-volume, repetitive tasks. These agents are built to work across the Microsoft Security ecosystem, streamlining operations and helping defenders stay ahead of threats.
“Purpose-built for security, agents learn from feedback, adapt to workflows, and operate securely—aligned to Microsoft’s Zero Trust framework,” said Vasu Jakkal, Corporate VP, Microsoft Security.
The new Security Copilot agents are integrated directly into Microsoft’s end-to-end security platform. According to Jakkal, they give security teams more control while increasing speed and precision. “The phishing triage agent in Microsoft Security Copilot being unveiled today can handle routine phishing alerts and cyberattacks, freeing up human defenders to focus on more complex cyber threats and proactive security measures.”
Among the agents rolling out:
Phishing Triage Agent in Microsoft Defender analyzes phishing alerts to distinguish real threats from false positives. It explains its decisions in plain language and continuously improves based on admin feedback.
Alert Triage Agents in Microsoft Purview focus on data loss prevention and insider risk. They sort through alerts, surface the most critical ones, and learn over time to improve their accuracy.
Conditional Access Optimization Agent in Microsoft Entra helps identity teams spot gaps in their access policies. It flags users or apps that fall outside current coverage and recommends updates that can be applied with a single click.
Vulnerability Remediation Agent in Microsoft Intune keeps tabs on app and policy misconfigurations and prioritizes Windows OS patches. It recommends remediation steps and accelerates patching with admin approval.
Threat Intelligence Briefing Agent in Security Copilot pulls together relevant, timely threat intelligence tailored to an organization’s environment and risk profile.
New agentic solutions from Microsoft Security partners
Microsoft says five new AI agents from partners will soon be available in Security Copilot, each built to tackle specific challenges in security and IT.
For example, OneTrust’s Privacy Breach Response Agent helps privacy teams figure out how to respond to data breaches by breaking down what happened and offering guidance on regulatory requirements.
Aviatrix is bringing a Network Supervisor Agent that digs into network issues — things like VPN or Site2Cloud outages — and gets to the root cause quickly so teams can fix problems faster.
BlueVoyant’s SecOps Tooling Agent looks at how a security operations center is running and recommends ways to improve tooling, controls, and overall effectiveness.
Tanium is launching an Alert Triage Agent that gives analysts more context around each alert so they can make faster decisions.
And Fletch has built a Task Optimizer Agent that helps security teams stay ahead by forecasting which cyberthreat alerts matter most, helping to reduce alert fatigue and focus on what’s truly critical.
“An agentic approach to privacy will be game-changing for the industry. Autonomous AI agents will help our customers scale, augment, and increase the effectiveness of their privacy operations. Built using Microsoft Security Copilot, the OneTrust Privacy Breach Response Agent demonstrates how privacy teams can analyze and meet increasingly complex regulatory requirements in a fraction of the time required historically,” said Blake Brannon, Chief Product and Strategy Officer, OneTrust.