AI adoption is expanding fast—from copilots to autonomous agents. Bottomline: securing the full AI estate is now mission critical. Herain Oberoi shares how orgs can: → Stop data oversharing → Reduce shadow AI + prompt injection risk → Govern agent sprawl → Meet compliance with AI powered templates
Microsoft Security
IT Services and IT Consulting
Empowering security leaders with innovation, insights, and tools to stay ahead of threats
About us
Leading source for security innovation, industry insights, and news. Stay ahead of every shift in the security landscape and discover tools to help you secure your organization.
- Website
-
www.microsoft.com/security
External link for Microsoft Security
- Industry
- IT Services and IT Consulting
- Company size
- 10,001+ employees
- Headquarters
- Seattle
- Specialties
- Security, Information protection, Identity, Compliance, Zero Trust, Remote Work, Threat protection, Access management, Microsoft Azure, Microsoft 365, Cloud app security, Secure application development, MCAS, CASB, Cloud access, Machine learning, and Cybersecurity
Updates
-
AI-powered workloads are having a moment. But “having a moment” isn’t a security strategy. Watch the Azure Decoded livestream tomorrow on March 18, 12 PM PT, for a quick, practical session on securing AI workloads in Azure with Microsoft Defender for Cloud. If you’re a developer, security engineer, or technical professional, this session is for you. In this session, you’ll: 🧩 Learn about the layers of AI workloads in Azure ⚠️ Identify AI‑specific risks like prompt injection, data leakage, and model misuse 🛡️ See how Microsoft Foundry adds guardrails and model visibility 🔗 Understand how Microsoft Purview, Microsoft Defender for Cloud, and Microsoft Entra ID work together 🛠️ Be able to apply a unified, defense‑in‑depth approach to AI security Tap the link in the comments for more.
-
-
AI isn’t making malware “autonomous.” It’s making attackers faster. Threat actors are now using AI as a co‑developer—iterating on code, fixing errors, and adapting malware to new environments in minutes, not days. Human operators still set the strategy, but AI is removing friction and accelerating the entire development cycle. Our latest Microsoft Threat Intelligence research breaks down what this means for defenders—link in the comments 👇
-
AI = a copilot 🤝 not an autopilot. If you’re wondering whether agentic AI will replace security analysts, that’s not the real concern. As Allie Mellen of Forrester puts it, the real differentiator is how effectively you use AI to work smarter and get more done.
-
POV: You went to #RSAC last year and you’re still talking about it. Ok, maybe not but we have some exciting events planned. Interested in joining us this year? https://msft.it/6046Qlyuq
-
We don’t just say it works—we show how it performs. Our latest email security benchmarking data is out, revealing how modern email threats are detected, mitigated, and stopped by Microsoft Defender, Secure Email Gateway (SEG) providers, and Integrated Cloud Email Security (ICES) solutions. The data you need to make informed security decisions, straight from real-world telemetry. Learn more at the link in the comments 👇
-
-
A thoughtful and timely perspective from Sherrod DeGrippo on the evolving role of AI in the threat landscape. As she highlights, adversaries are operationalizing AI as part of their core tradecraft to reduce cost and lower the barriers to entry. For organizations navigating the risks and opportunities of AI, this analysis underscores the importance of strengthening security readiness, accelerating detection capabilities, and staying informed as tactics continue to advance. A recommended read for security leaders and practitioners alike. 👇
What are you using AI for in your daily life? Let's talk about what threat actors are doing in theirs. Our threat intelligence tells us how AI is changing the economics of threat and what defenders should pay attention to. Threat actors don’t need AI to invent new attacks. What AI is doing instead is collapsing the economics of threat. This is what we've always talked about... imposing cost. AI is helping threat actors reduce cost and think in terms of behavioral economics. Tasks that once required specialized expertise or larger teams can now be done faster, cheaper, and at scale. Attackers are using AI to draft phishing lures, translate content, summarize stolen data, debug malware, and assemble scripts. For less experienced actors, it lowers the barrier to entry. For experienced operators, it enables larger campaigns with fewer people. We see this clearly in real operations. In Jasper Sleet activity, North Korean actors used AI to sustain fraudulent identities for months, posing as remote IT workers to gain access inside organizations. But AI also strengthens defenders. Microsoft Threat Intelligence used advanced signals to identify and disrupt thousands of these fraudulent accounts and worked with partners to limit further misuse. The question I hear most often is whether threat actors are actually using AI or if this is hype. The answer is simple: they are. The real question is where AI shows up in attacker workflows and what that means for defense. In our latest research, “AI as tradecraft: How threat actors operationalize AI,” we show how AI appears across the attack lifecycle—from reconnaissance and resource development to weaponization and post-compromise activity. This shifts the defensive focus from what tool attackers use to which stage of the operation defenders need to disrupt. Read the full report here: https://lnkd.in/efZQPNsT
-
AI is moving fast. Is your security strategy keeping pace? Here are 5 data points every exec should understand about the business impact of comprehensive cloud and AI security. Share this with your C-suite if your org is planning to accelerate AI adoption and wants to strengthen security. ➡️🔒 Learn more with the link in our comments.
-
Agents are here. Now the infrastructure to manage them is too. Generally available on May 1, Agent 365 is the control plane for all your managed AI agents, giving you visibility, governance, and security control. Did we mention the relief as well? Capabilities include: 🔍 Observe: See what agents exist, what they’re doing, and spot performance/behavior/risk signals quickly (in the tools teams already use). 🛡️ Secure: Give agents a proper identity and control their access to resources, so unmanaged or over‑privileged agents don’t become a security risk. 🧭 Govern: Set guardrails and policies for how agents are onboarded and managed, so IT and security can stay aligned as agents scale. Control, visibility, and security by design—for teams that are already juggling enough. Learn more in the comments.
-