Microsoft Adds AI Security Monitoring to 'Defender' Solution

During this week's RSA Conference, Microsoft described some steps it's taking to extend its security products to the developing AI frontier.

To that end, the company on Monday described new capabilities in its Microsoft Defender for Cloud solution aimed at protect generative AI applications in the enterprise.

A new AI security posture management (AI-SPM) capability, part of Defender Cloud Security Posture Management (CSPM), is now in limited preview. It aims to leverage Microsoft Azure AI services, such as Microsoft Azure AI Content Safety and Azure OpenAI, to provide ongoing surveillance of AI applications, detecting any irregular behavior, consolidating observations and enhancing security alerts with logged evidence.

"The new AI posture capabilities in Defender CSPM discover GenAI artifacts by scanning code repositories for Infrastructure-as-Code (IaC) misconfigurations and scanning container images for vulnerabilities," wrote Microsoft's Shiran Horev in a blog post. "With this, security teams have full visibility of their AI stack from code to cloud and can detect and fix vulnerabilities and misconfigurations before deployment."

According to Horev, AI-SPM will be able to:

  • Continuously discover GenAI application components and AI-artifacts from code to cloud.
  • Explore and remediate risks to GenAI applications with built-in recommendations to strengthen security posture.
  • Identify and remediate toxic combinations in GenAI applications using attack path analysis.
  • Detect on GenAI applications powered by Azure AI Content Safety prompt shields, Microsoft threat intelligence signals, and contextual activity monitoring.
  • Hunt and investigate attacks in GenAI apps with built-in integration with Microsoft Defender.

Furthermore, Microsoft is releasing threat protection for AI workloads in Microsoft Defender for Cloud in preview. This new feature will natively integrate with Azure OpenAI Service, Azure AI Content Safety prompt shields and Microsoft threat intelligence to deliver contextual and actionable security alerts in real time.

The new feature can also link with Microsoft Defender XDR to enable security teams to correlate AI workload-related security alerts with broader security incidents to provide enterprises with a more complete view of their security posture.

About the Author

Chris Paoli (@ChrisPaoli5) is the associate editor for Converge360.