Microsoft's new AI agents aim to help security pros combat the latest threats

Microsoft is rolling out a new set of AI agents as part of its Security Copilot initiative, aimed at simplifying the job of security professionals in safeguarding their organizations from modern threats. The announcement came on Monday, with Microsoft developing six of these agents, while five others are crafted by third-party collaborators. Starting in April, all these agents will be available for a preview.

These AI agents, integrated with Microsoft's security software, are designed to assist security teams in managing high-volume security and IT tasks more efficiently. Drawing from Microsoft's Zero Trust framework, these agents are capable of learning from user interactions and adapting to the specific workflows within an organization.

Also: Navigating AI-powered cyber threats in 2025: 4 expert security tips for businesses

Here's a closer look at the six Microsoft-developed agents:

1. Phishing Triage Agent in Microsoft Defender: This agent sorts through Microsoft Defender's phishing alerts, distinguishing genuine threats from false alarms. It provides clear explanations for its decisions and can enhance its detection abilities based on your feedback.
2. Alert Triage Agent in Microsoft Purview: This agent focuses on prioritizing alerts from Microsoft Purview related to data loss and insider risks. It also refines its operations with your feedback.
3. Conditional Access Optimization Agent in Microsoft Entra: This agent scans for new users and applications in Microsoft Entra not covered by current policies. It recommends policy updates to close security gaps and offers quick solutions for identity and authentication issues.
4. Vulnerability Remediation Agent in Microsoft Intune: Tailored for Microsoft Intune, this agent prioritizes security vulnerabilities, identifies issues with app and policy configurations, and suggests appropriate Windows patches.
5. Threat Intelligence Briefing Agent in Security Copilot: This agent collaborates with Security Copilot to deliver timely and relevant threat intelligence tailored to your organization's specific risks and environment.

Moving on to the five third-party agents, all integrated into Security Copilot:

1. Privacy Breach Response Agent by OneTrust: This agent assesses data breaches and provides guidance on meeting regulatory requirements.
2. Network Supervisor Agent by Aviatrix: It monitors and analyzes security risks associated with VPN, gateway, and Site2Cloud connection issues.
3. SecOps Tooling Agent by BlueVoyant: This agent evaluates your security operations center and offers recommendations for enhancements.
4. Alert Triage Agent by Tanium: It contextualizes security alerts to help you decide on the best course of action.
5. Task Optimizer Agent by Fletch: This agent prioritizes the most urgent security alerts, aiding in efficient task management.

Microsoft Security Copilot, which was officially launched about a year ago, leverages AI to monitor and analyze potential security threats facing your organization. The aim is to automate routine tasks, thereby freeing up IT and security staff to focus on more pressing issues. Additionally, the AI provides strategic guidance to help teams respond to threats more swiftly and effectively.

Also: AI bots scraping your data? This free tool gives those pesky crawlers the run-around

Security Copilot operates on a flexible pay-as-you-go model, allowing organizations to scale their usage as needed. The cost is calculated monthly based on a Security Compute Unit (SCU) at $4 per hour. If an organization uses one SCU continuously for 24 hours a day throughout a month, the estimated cost would be approximately $2,920.

Kris Bondi, CEO and co-founder of security firm Mimoto, shared with ZDNET, "Security professionals are constantly bombarded with alerts and issues, often lacking sufficient context. While AI agents may not detect threats themselves, they can assist in managing responses to detected threats. An AI agent can be programmed to automatically initiate a multi-step response when triggered by specific cues, alleviating some of the burden from security professionals."

However, AI technology is not infallible. Tools like Security Copilot may miss genuine threats or generate false positives, highlighting the necessity for human oversight. As a relatively new product, many organizations are still navigating the best ways to integrate it into their security strategies.

Also: How AI agents help hackers steal your confidential data - and what to do about it

J. Stephen Kowski, Field CTO at SlashNext Email Security+, told ZDNET, "AI agents hold the promise of enhancing threat response capabilities, but the performance of baseline models has been underwhelming. Many users report that even top-tier solutions miss a significant number of threats. Microsoft's Security Copilot has potential, but its adoption rate is slower than anticipated due to concerns about data management, necessary services, and licensing fees."

Want more stories about AI? Sign up for Innovation, our weekly newsletter.