Microsoft Corp. today unveiled a set of security innovations designed to help enterprises defend in an era where artificial intelligence is both a tool and a target.

Leading the list of announcements is a major expansion of Microsoft Sentinel, its cloud-native security operations platform, which is evolving from a cloud-native security information and event management system into a full-fledged AI-ready security platform built for speed, scale and continuous learning.

The next evolution of Microsoft Sentinel sees the general availability of the Sentinel data lake and the public preview of the Sentinel graph and Sentinel Model Context Protocol server. The additions give defenders a unified system to ingest any signal, structured or unstructured, and correlate them across domains with graph-based context.

This shift allows AI agents, including those in Microsoft Security Copilot, GitHub Copilot and other ecosystems, to reason, automate and act at enterprise scale. According to Microsoft, the combination transforms trillions of threat signals into actionable insights, compressing detection and response times that traditionally stretched for days.

Microsoft also today introduced a no-code agent builder inside Security Copilot that allows teams to create custom security agents in minutes using natural language. The agents can be deployed in the Copilot portal, in Visual Studio Code, or in other environments via the Sentinel MCP server.

Security Copilot agents, which launched earlier this year, have already been applied to scenarios such as phishing triage and conditional access optimization. The agents can be deployed in the Copilot portal, in Visual Studio Code, or in other environments via the Sentinel MCP server.

Since March, more than a dozen Copilot agents have been delivered, including ones for user-submitted phish triage, conditional access optimization and access reviews in Entra. With graph-powered context from Sentinel, the agents can now correlate alerts, prioritize by impact and automate common workflows, reducing false positives and mean time to response.

The Security Copilot agent experience is designed to integrate seamlessly into daily tools and workflows – whether embedded in the Microsoft Security products, partner-built, or custom-built for specific environments.

Microsoft is also collaborating with Accenture plc, ServiceNow Inc. and Zscaler Inc. to expand the ecosystem while integrating Sentinel with Defender and Purview to give security teams end-to-end visibility.

The announcements come after Microsoft last week announced new enhancements to Azure AI Foundry Content Safety that provide comprehensive protection for all AI agents across their lifecycle. The enhancements include agent task adherence guardrails which keep AI agents on task via real-time intervention, the ability to detect and block personally identifiable information and the inclusion of Spotlighting in cross-prompt injection attack protection which helps the model better distinguish between trusted and untrusted inputs.

The new enhancements further help ensure that agents built in Azure AI Foundry do not introduce unnecessary risk to your organization.

In addition to Content Safety, Microsoft is extending its “Security for AI” initiative to cover the entire lifecycle of enterprise AI. Recent updates include Entra Agent ID to help organizations discover and manage their agent estate, new controls to prevent data oversharing in custom-built AI apps and agents and advanced detection for prompt injection attacks targeting AI models and MCP servers. Together, the capabilities aim to ensure that AI systems remain governed and secure from development through deployment.

Image: SiliconANGLE/Ideogram