Microsoft is taking the load off of cybersecurity teams with the help of new AI agents

Microsoft is banking on autonomous AI agents to help cybersecurity teams cut down on tedious, routine tasks.

On Monday, Microsoft announced 11 new AI agents, five built by third-party partners and six by the tech giant itself, will be available for preview on its Security Copilot service starting in April. Microsoft launched Security Copilot, its GenAI security solution, last year.

The new agents will help to address specific pain points faced by cybersecurity teams. One agent is designed to triage phishing alerts and point out possible false alarms in Microsoft Defender. Another one can help to generate relevant threat intelligence for an organization. Other functionalities include:

• A task optimizer agent, built by cybersecurity AI platform Fletch, that will aid organizations in prioritizing more pressing cyberthreat alerts
• A vulnerability remediation agent that can prioritize vulnerabilities and remediation tasks in Microsoft Intune
• A privacy breach response agent, built by software company OneTrust, that can analyze data breaches and assist privacy teams in adhering with regulatory requirements

In need. The rollout comes at a time when security teams combatting threats at the frontline are swamped with repetitive daily tasks and are experiencing alert fatigue. A 2024 Vectra AI report found that security operations center (SOC) teams, on average, get a little under 4,000 alerts per day.

Daily demands for these teams can be time intensive. Microsoft, for example, claims that it could take an SOC analyst up to 30 minutes to manually triage a user-submitted phishing alert and likened the task to finding a needle in a haystack.

W in the chat. Norman Currie, head of partnerships at AI security company Simbian, told IT Brew that the tech giant’s new agents are a big win for the AI service and solutions industry because it is representative of the demand for AI-related resources by the security industry.

“As such a key player in the space, both as a software vendor and as a security provider, Microsoft is validating the need for additional AI [and] a greater presence of AI in cybersecurity as a whole,” Currie said.

Currie, however, told us that immediate adoption of such tools will depend on the culture of an organization.

“We always have the early adopters, followed by the typical growth within the space…I don’t think you’re going to see anything different here,” he said.