News

Microsoft Expands AI Security Arsenal with New Agentic Tools Amid Surge in Cyberattacks

• By John K. Waters
• 03/26/2025

Microsoft has unveiled a major expansion of its AI-driven cybersecurity platform, introducing a suite of autonomous agents to help organizations counter rising threats and manage the growing complexity of cloud and AI security.

The announcement marks the next phase for Microsoft Security Copilot, launched a year ago, as the company adds 11 AI-powered agents to automate tasks like phishing detection, data protection, vulnerability management, and threat analysis. The move underscores the tech giant’s strategy to use AI not only as a target for protection, but also as a frontline defense against increasingly sophisticated cyberattacks.

"With over 30 billion phishing emails detected in 2024 alone and cyberattacks now exceeding human capacity to respond, agent-based AI security has become an imperative," said Vasu Jakkal, Corporate Vice President at Microsoft’s Security Group, in a blog post.

Six of the new AI agents are developed in-house and five are built by Microsoft’s security partners, including OneTrust, Aviatrix, and Tanium. The tools will begin rolling out in preview starting April 2025.

"An agentic approach to privacy will be game-changing for the industry," said Blake Brannon, Chief Product and Strategy Officer, OneTrust, in a statement. "Autonomous AI agents will help our customers scale, augment, and increase the effectiveness of their privacy operations. Built using Microsoft Security Copilot, the OneTrust Privacy Breach Response Agent demonstrates how privacy teams can analyze and meet increasingly complex regulatory requirements in a fraction of the time required historically."

Among the new additions is a Phishing Triage Agent in Microsoft Defender, designed to filter and prioritize phishing alerts, providing explanations and improving with user feedback. Another, the Conditional Access Optimization Agent, monitors identity systems to spot policy gaps and recommend fixes. Microsoft is also debuting an AI-powered Threat Intelligence Briefing Agent that curates threat insights tailored to each organization’s risk profile.

The release comes amid surging global interest in generative AI and a parallel rise in what Microsoft calls “shadow AI”—unauthorized AI use within organizations, often outside of IT oversight. Microsoft estimates that 57% of enterprises have seen an uptick in security incidents tied to AI, even as 60% admit they have not implemented adequate controls.

To address this, Microsoft is extending its AI security posture management across multiple clouds and models. Starting May 2025, Microsoft Defender will support AI security visibility across Azure, AWS, and Google Cloud, including models like OpenAI’s GPT, Meta’s Llama, and Google’s Gemini.

Other new safeguards include browser-based data loss prevention (DLP) tools to block sensitive information from being entered into generative AI apps like ChatGPT and Google Gemini, as well as enhanced phishing protection in Microsoft Teams—long a target of email-like attacks.

"The rise of AI has introduced new cyber risk vectors, but it’s also our greatest ally," said Alexander Stojanovic, Vice President of Microsoft Security AI Applied Research, in a statement. "This is just the beginning of what security agents can do."

With its expanding AI-first approach to cybersecurity, Microsoft is positioning itself as a key player in the emerging market for autonomous cyber defense tools. Analysts say the company is betting that automation, rather than headcount, will be the defining factor in securing the digital infrastructure of the AI era.