<ciso brief/>
Tag Banner

All news with #security copilot tag

all tags →

Wed, October 1, 2025

Microsoft Advances Sentinel with Agentic AI Upgrades

#Microsoft #Microsoft Sentinel #Agentic AI #Security Copilot #Azure Storage

🔒 Microsoft announced major AI upgrades for Sentinel SIEM and Security Copilot, positioning them as agentic platforms. The update makes Sentinel data lake generally available and introduces public-preview releases of Sentinel graph and the Sentinel Model Context Protocol (MCP) Server so AI agents can access and act on SIEM data. Customers can now build custom agents with natural‑language prompts and discover third‑party agents via a revamped store. Microsoft positions agents to automate investigation and response but warns of increased noise, false positives and a new attack surface.

read more →

Tue, September 30, 2025

Microsoft Sentinel: Agentic Platform for Defenders Now

#Microsoft #Microsoft Sentinel #Security Copilot #Agentic AI #Azure #Azure Entra ID #Prompt Injection

🛡️ Microsoft announced expanded agentic security capabilities in Microsoft Sentinel, including the general availability of the Sentinel data lake and public preview of Sentinel Graph and the Model Context Protocol (MCP) server to enable AI agents to reason over unified security data. Sentinel ingests structured and semi-structured signals, builds vectorized, graph-based context, and integrates with Microsoft Defender and Microsoft Purview. Security Copilot now offers a no-code agent builder and developer workflows via VS Code/GitHub Copilot, while enhanced governance controls (Entra Agent ID, PII guardrails, prompt shields) aim to secure agent lifecycles.

read more →

Wed, September 24, 2025

AI-Obfuscated SVG Phishing Campaign Detected and Blocked

#Microsoft #AI Security #Account Takeover #Microsoft Defender for Office 365 #Security Copilot #SVG

🔍 Microsoft Threat Intelligence detected and blocked a credential-phishing campaign that likely leveraged AI-generated code to obfuscate its payload inside an SVG attachment. The malicious SVG imitated a PDF and hid JavaScript within invisible, business-themed elements and a long sequence of business terms that the embedded script decoded into redirects, browser fingerprinting, and session tracking. Microsoft Defender for Office 365 blocked the activity by correlating infrastructure, behavioral, and message-context signals, while Security Copilot flagged the code as likely LLM-generated.

read more →