Traditional security automation, often implemented through Security Orchestration, Automation, and Response (SOAR) platforms, relies on predefined rules, if-statements, for loops, and functions. While effective for routine and highly similar tasks, this approach faces significant challenges. The logic is hardcoded by humans, meaning it struggles with fundamentally new data types, unforeseen circumstances, or nuanced situations that a human analyst might easily grasp but cannot be precisely captured in code. When the environment changes or new threats emerge, traditional automation often requires rewriting, leading to a rigid and often outdated security posture.
Microsoft Security Copilot Agents
Microsoft is addressing these limitations by evolving its Security Copilot platform to include AI-powered agents. The core philosophy behind these agents is to meet security professionals where they are, integrating AI directly into existing workflows and products that users are already familiar with. Crucially, these agents are designed to be human in the loop (HITL), ensuring that people remain in control and that the AI does not make changes to your environment without your knowledge and approval.
HITL differentiates Microsoft’s AI agents from traditional automation; instead of following static, pre-programmed logic, the agents dynamically plan and reason about tasks and execute that plan, adapting as they go, much like a human analyst would during an investigation. This dynamic reasoning allows them to handle complexity and unforeseen scenarios that traditional automation cannot. Microsoft is committed to fostering an ecosystem where both their own agents and third-party solutions can use the Security Copilot platform.
The agents feature a prominent display of a reasoning tree, also referred to as a decision tree. This tree is designed to provide security teams with a clear and transparent understanding of how the AI agent arrived at its decisions or recommendations.
Unlike traditional automation playbooks, this reasoning tree is not static code, but rather a dynamically reasoned path. It visually represents the steps the agent took during its operation, including how it used instructions, guardrails, and its dynamic reasoning ability to explore information and analyze data.
For example, the tree can show instances where the agent looked up data from Microsoft’s threat intelligence sources or detected suspicious elements, often highlighted with red indicators. Users can click on specific nodes within the tree to drill down for more details. This common decision tree interface is consistent across different Microsoft security products (like Defender, Intune, and Purview), ensuring a uniform experience for security professionals when verifying AI actions. The reasoning tree is crucial for the HITL approach, fostering transparency and enabling users to debug agent actions and meet regulatory compliance requirements for responsible AI use. Furthermore, feedback provided by users, often based on their understanding from the reasoning tree, directly improves the AI’s reasoning process.
Currently, there are thirteen live and active agents, with six developed by Microsoft and more by partners, all operating asynchronously and autonomously.
Phishing Triage
Phishing remains a persistent problem, leading to a deluge of user-submitted phishing incidents. Often, 95-98% of these are false positives – users clicked the report button, but it wasn’t a malicious phishing attempt. However, each still takes around 30 minutes to triage, and the remaining 1-2% are too dangerous to ignore.
The Phishing Triage Agent reads the email content, analyzes threat intelligence data (sender reputation, content, links), and assesses the likelihood of a legitimate phishing attack. For false positive cases, the agent can auto-resolve the incident, significantly saving time and reducing the review load by about 95%, enabling security teams to focus on actual threats.
The agent provides human-readable summaries and tags to indicate AI activity. If the agent makes a mistake, users can provide feedback, explaining the business context (e.g., “this sender is our corporate training vendor, don’t treat as phishing”). This feedback immediately updates the agent’s instructions and improves its future reasoning. While the AI is not fast enough for real-time inline scanning of billions of emails, it excels at the time-consuming human task of triaging user-submitted phishing. Performance is tracked using KPIs such as incident resolution rate and time to triage.
Data Loss Prevention (DLP) and Insider Risk Management (IRM)
Operating within Microsoft Purview, the Data Loss Prevention (DLP) and Insider Risk Management (IRM) agents address the immense workload associated with reading and classifying documents for privacy and insider risk analysis. Many organizations face a growing backlog of alerts that human teams cannot keep up with.
These agents can read and classify documents, helping analysts understand what’s contained within the documents and whether an employee’s access or activity truly poses a risk. This capability allows teams to quickly process their queues down, identify the highest-risk areas, and focus on the most critical cases.
Conditional Access Optimization
This tool tackles the common problem of out-of-date conditional access policies. Due to the rapid pace of business change – new users, applications, and deployments – policies quickly drift from the organization’s current operational state, creating significant risk windows that can last for months if reviews are only done quarterly or annually. Manually updating these policies is complex, and mistakes can have severe business consequences.
The agent significantly reduces this risk window to minutes or hours by performing the cognitive load of identifying the most important policy adjustments and crafting the necessary policy changes. It presents recommendations, often for MFA or device compliance policies, and provides button-click deployment. Users can drill into details, including a JSON diff of changes, and are always in control. Crucial guardrails prevent the agent from making recommendations for new users or applications within a 24-hour span, allow custom natural language instructions to exclude specific areas or users (e.g., “always exclude break-glass accounts from MFA policy adjustments”), and ensure consistency by recommending the most valuable policy enhancements.
Vulnerability Intelligence Agent
This agent reads vulnerability intelligence reports, analyzes your device estate (laptops and desktops), and identifies available patches. It then builds appropriate patching groups directly within Intune, streamlining the process from vulnerability discovery to deployment. This eliminates the cognitive load of manually reading and reasoning about reports, tracking down vendor patches, and creating deployment groups.
The agent primarily focuses on Microsoft and third-party operating system-level patches for Windows endpoints, prioritizing based on the potential impact to the organization, considering factors like CVSS scores and actively exploited vulnerabilities. It is not dependent on a pre-existing asset inventory, instead leveraging real installed state data from Defender.
Threat Intelligence Briefing Agent
Serving as a proactive tool, this agent focuses on the “server-side”” equivalent of endpoint vulnerability management. It analyzes intelligence about threat actors and cybercriminal groups, then cross-references this with your organization’s system data, considering factors like geography, business sector, software, and infrastructure. The agent produces a tailored briefing report on relevant cyber threats and vulnerability intelligence. This empowers cyber threat analysts to be more effective and provides critical insights to organizations that may not have a dedicated threat intelligence team.
Shortcomings
While powerful, these agents are still early in their journey. Currently, estimating the precise cost of agent usage is challenging as they are in preview and offered free for existing Security Copilot customers, primarily for Microsoft to learn real-world performance. The level of interactivity is also evolving; users cannot yet ask the agent ad-hoc questions like “show me all other emails like this that you tagged or missed.”
Multilingual performance is strong for languages natively supported by OpenAI models but may be weaker for others. Additionally, while the agents can assist with data exfiltration or data loss prevention triage, there isn’t yet an agent actively performing leak/loss detection.
Microsoft maintains control over the underlying AI models to prevent model poisoning, and while the system is designed to be resistant to RAG poisoning, customers are responsible for data in their own connected servers. The scope of some agents is also currently limited, for example, the Vulnerability Intelligence Agent only covers Windows endpoints, not Mac, Linux, or servers.
Why This Matters
The challenges of automating security operations are immense. Traditional automation struggles with the dynamic, unpredictable nature of cyber threats and the vast amounts of unstructured data. This leads to human teams being overwhelmed by a deluge of benign alerts, spending valuable time on low-value tasks like triaging masses of user-submitted phishing emails. Security policies become out of date almost as soon as they’re written, creating significant risk. The complexity of managing vulnerabilities, analyzing threat intelligence, and ensuring data privacy further burdens security professionals, often leading to burn-out and missed threats.
Microsoft’s AI Copilot agents offer a compelling solution by providing a fundamentally different approach. They move beyond rigid automation to dynamically reason and adapt, enabling security teams to achieve faster results. By intelligently handling routine but time-consuming tasks, they allow human analysts to focus on high-value security behaviors and critical incidents. Furthermore, they reduce the cognitive load associated with complex tasks like policy crafting and vulnerability prioritization.
For CISOs and security leaders, this solution offers a strategic advantage. It allows organizations to do more with less, optimizing the efficiency of their security teams. The human-in-the-loop design provides transparency and control, ensuring that AI-driven actions align with organizational policies and risk tolerance. The ability of agents to learn from human feedback and adapt to specific business contexts means the system continuously improves and becomes more effective over time. With auditability and governance built-in, enterprises can responsibly deploy and manage these AI capabilities. By investing in AI-powered agents, organizations can transform their security operations, making them more proactive, resilient, and focused on genuine threats.
Eclipse Foundation Brings Enterprise-Grade Operations to Open VSX
TinyMCE AI Embeds Writing Intelligence Directly Into Dev Workflows
Twilio Expands Flex With Embeddable Contact Center Architecture
Telestream Expands Multi-Cloud Media Workflows with Oracle Cloud
New Research Finds AI Recommendations Drive Discovery, But Not Decisions
