Microsoft injects AI agents into security tools

Microsoft said Monday it will soon roll out 11 new AI agents for its security-focused Copilot aimed at offloading some of the most repetitive tasks that bog down cybersecurity teams.
Why it matters: Microsoft is the latest major vendor to embed autonomous AI agents directly into its security suite in an effort to reduce burnout for cyber pros and boost efficiency through AI-powered automation.
The big picture: Security professionals have long hoped that AI could help close the cybersecurity workforce gap and ease analyst burnout.
The U.S. only has enough cyber professionals to fill 83% of the available cyber jobs, according to federal data.
Security teams spend about three hours a day just responding to alerts, with some teams seeing more than 4,400 alerts daily, according to research from Vectra AI.
While many legacy cybersecurity vendors have released AI copilots or assistants, only a small group have rolled out agents that can take autonomous action.
Zoom in: Starting next month, Microsoft will make six of its own new agents and five agents from partner companies available for preview in Security Copilot — which is already integrated into all of Microsoft's security tools.
Each agent focuses on a different task: One specifically combs through potential phishing emails. Another can craft notification letters to send to different regulators after a data breach.
Customers can configure each agent's level of access and autonomy, including whether the agent acts under its own identity (with a unique username and password) or as an extension of a human account.
Each agent also has a map of its thinking so human users can review their decisions — and even override or correct their selections.
Case in point: If an agent wrongly flags a training email as phishing, the security team can label it a false positive and instruct the agent not to flag messages from that vendor again.
Between the lines: Microsoft says the new agents are a direct response to customer feedback.
Agents are "an inflection point for us," Vasu Jakkal, corporate VP of security at Microsoft, told Axios at a media preview event on Thursday. "Copilot was more like question-answer, and (customers) always asked us 'Well, we would like it to one-click and get that done.'"
Microsoft first made Security Copilot widely available last year, and Jakkal said customers quickly began asking for more autonomous functionality.
Partners rolling out agents in Copilot include OneTrust, Aviatrix, BlueVoyant, Tanium and Fletch.
What they're saying: "There's just opportunity everywhere," Dorothy Li, corporate VP of Microsoft Security Copilot, told Axios.
"These are the [tasks] that had the highest amount of pain, most volume and where agents can make the most impact today and that's where we chose to start."
Microsoft also anticipates that it will roll out more security agents in the near future, Li added.
The intrigue: Microsoft also relied on an internal generative AI red team to pressure test the new agents for potential security risks.
The red team worked closely with product teams throughout the entire development lifecycle, said Victoria Westerhoff, director of AI safety and security red teaming at Microsoft.

Try Our AI Features

Explore what Daily8 AI can do for you:

Learn with AIFact CheckingText to SpeechAI Summary

Related Articles

Business Insider

5 hours ago

• Business Insider

I was laid off from Microsoft after 23 years, and I'm still going into the office. I feel responsible for my team and customers.

This as-told-to essay is based on a conversation with Freddy Kristiansen, a 59-year-old former Principal Product Manager at Microsoft's Denmark office who was laid off in May 2025. Business Insider has verified Kristiansen's employment. The following has been edited for length and clarity. A couple of weeks ago, after 23 years at Microsoft, I was laid off. Yet here I am, back in the office. It might sound strange to show up at the office after being let go, but I still feel committed to the products, the people using them, and my colleagues. I was laid off in May, and per Danish law as an employee of over nine years, I have a six-month notice period. I've been relieved of my duties, but I am still officially an employee until the end of November. I'm also entitled to three months of severance pay after my notice. I didn't plan to stay at Microsoft for two decades I was originally hired by Navision in 2002. I saw it as a job I'd stay in for a year or two, but shortly after I joined, Microsoft acquired Navision. From then on, I was a Microsoft employee. That's when I thought, "Maybe this could actually be something long-term." Indeed, it ended up being my professional home for the next 23 years. Over the years, I have held a variety of roles, from group program management to technical evangelist. Although I never had an official developer title, I have been developing products throughout. My last major project was AL-Go for GitHub — a tool that helps our partners use DevOps, a software development approach, in their daily work without needing to understand the complex technical details. I didn't expect to feel relieved when I got laid off I've found the work fulfilling, but around five years ago, I started dreaming of my own business. During the last round of Microsoft layoffs in 2023, I submitted an anonymous question during an all-hands asking if they would consider voluntary redundancies. If the option came up in the future, I might volunteer. It never did. One morning in May this year, I got an invite to a one-on-one meeting with my manager. I said to my wife, "This is it. I'm pretty sure I'm going to be laid off." I thought I might feel upset, but, in reality, it was kind of a relief. Some of my colleagues were devastated. They are worried about what the future might hold. But I'm nearing 60. For the past decade, I've worked very hard and put in long hours. However, I'm at the stage of life where I'm no longer interested in working 60-hour weeks. It felt like the right time to finally pursue my long-overdue dream of doing work on my own terms. During that layoff call with my manager and HR, I wasn't sad; I was already thinking about what I wanted to do next. I believe this new chapter will be good for me. I'll be able to take more time for myself, and hopefully I'll be less stressed as I can set my own hours. Starting a business is my silver lining My focus is now on figuring out a business plan that will allow me to deliver the most value to partners and customers in the least amount of time. I plan to offer CTO services, project management, and maybe even some motivational speaking, while squeezing in travel and getting back into a regular exercise routine. Since the layoffs, I've been reminding myself that every cloud has a silver lining. In Danish, we say, "Nothing is so bad that it isn't good for something." In this case, the upside was the severance package. If I'd quit, I'd have received nothing. Because I was laid off after so many years of service, I was entitled to at least nine months of pay. I can use this package as a foundation to build toward my future plans. I still am going into the office for talks and office hours I still have an office access card and my company laptop, at the latest until December when I'm officially terminated. In the meantime, I'm still keen to be helpful. I went into the office today because we had a call with our AL-Go for GitHub product users. Over the years, I introduced this tool to many customers and partners at conferences and in blog posts. I feel a responsibility not only to maintain the product but also to reassure them that they are in safe hands. I'm also in touch with my former team. If they need my help, I'll answer questions, share guidance, or whatever else helps. There's no reason to stop doing that. Next month, I'll be hosting a session for current staff — a kind of motivational talk about my career at Microsoft and the good, bad, and not-so-fun decisions I made. One of those decisions was working my butt off for years. Nobody told me to spend 20 hours on weekends or to work as hard as I did, but I did it because it felt like the right thing to do. I did it because I genuinely felt a connection to our partners, our customers, and my colleagues. And, honestly, I still do.

Forbes

6 hours ago

• Forbes

If You Get This Message From Apple Or Google, It's An Attack

Delete all these messages. There's nothing a cyber criminal likes more than highly publicized events, sudden fear and a sense or urgency. And so last week's headlines that 16 billion passwords leaked in the 'largest ever data breach' hit the jackpot. That this 'opened access' to Apple and Google accounts, the most prized of all, just made it all the sweeter. The fact there's no new data breach impacting Google or Apple or Microsoft or Facebook is beside the point. This is an amalgamation of various breaches, collecting data from multiple sources including infostealers on PCs. But users reading the headlines will not realize and will understandably panic. This highlights the weakness in using passwords to secure accounts. Despite what you've read, the answer is not to reset or change all your passwords. It's to enable two-factor authentication on all your key accounts — especially the likes of Apple, Google, Microsoft, Facebook and Amazon. Better still, switch to passkeys where you can. But many everyday users are now at risk from attacks, whether or not their user names and passwords were in any of those breached datasets. Attackers will now send out emails pretending to be from Apple, Google or other brands, warning of the breach and linking to the public headlines and password reset advice. And those emails or texts will helpfully include a password reset link or a helpline number to call. We've already seen multiple attacks on Apple and Google users, with fake support emails or calls or texts warning that accounts are compromised and passwords need to be reset. These recent headlines are a surprise gift to those attackers. And so, a timely reminder that no major tech brand — Google, Apple, Microsoft and Facebook included — will ever reach out to you about an account security problem or to reset a password. If you receive any such message or call, it's an attack. Period. Google has asked me in the past to 'please reiterate to your readers that Google will not contact you to reset your password or troubleshoot account issues.' The same is true for all those others. It never happens. As the FBI says, 'legitimate customer, security, or tech support companies will not initiate unsolicited contact with individuals." Even if a message is so plausible that you can't ignore it, you must still delete it and access your account using the usual means. Online or using your app. If there's a password issue you'll be directed to a reset option. There won't be. Similarly, if you receive a call or a message to call back, do not respond. Access your account as normal. Google and Apple account details are the most valuable, granting access to many apps and services and the mobile phones that control our lives. But treat any messages from Microsoft or Facebook or any other brand in the wake of this 'breach' the same way. The key advice — to add 2FA or passkeys — will protect you even if a breach is new. The final advice is to avoid SMS 2FA — use another method if you can.

Forbes

8 hours ago

• Forbes

Microsoft Confirms Windows 11 Automatic Deletions: Take Action Now To Protect Yourself

Microsoft's Windows 11 creates System Restore points, that is, snapshots of your PC's system files, settings and registry. But those points expire and are automatically deleted after 60 days, Microsoft has now confirmed. Users can protect themselves by creating regular System Restore points. 'With System Restore you can revert your PC's state to a previous point in time. By using System Restore, you can undo these changes without affecting your personal files,' Microsoft says. Windows 11 Which is great, but those restore points don't last forever, so it's important to know exactly how long they are there for. Previous documentation suggested that on Windows 10, restore points could last as long as 90 days. Windows Latest reports that 'After Windows 11's release in 2021, the retention period has been anywhere between 10 and 90 days (mostly 10 days),' it says. Ten days really isn't long, but there's good news. In a new support document relating to the June 10 update, Microsoft is a bit more specific. 'After installing the June 2025 Windows security update, Windows 11, version 24H2 will retain system restore points for up to 60 days. To apply a restore point, select Open System Restore. Restore points older than 60 days are not available. This 60-day limit will also apply to future versions of Windows 11, version 24H2,' it says. In other words, Microsoft has confirmed that Windows 11 System Restore points will be deleted after 60 days, so you need to periodically create restore points. That's not as good as 90 days, obviously, but way better than 10 days. 'This will give you multiple snapshots, but Windows will still delete the oldest ones once they exceed the retention window (now 60 days on Windows 11 24H2 by default),' says Windows Latest. To create your own System Restore point, as Windows Latest explains, you open Start and search for 'Create a restore point,' which will open System Protection tab in System Properties. Next, under Protection Settings, check that one of the partitions where you're going to put the backup is protected. Choose that partition and Configure to turn on protection. Then, click Create and follow the onscreen instructions. This will last for 60 days. Now that the deletion date is clear, it seems like creating one every few weeks is good practice.