Start Secure and Stay Secure on your AI Agent Journey with Microsoft Defender

Introduction

The power of AI agents is their autonomy – their ability to understand context, dynamically adjust workflows, orchestrate tooling, and act with little to no human interaction. But that same autonomous decision-making amplifies security risks. Not only are we seeing a geometric rise in the volume of agents being added to our workforce, but the attack techniques and surface area these agents introduce are fundamentally different than anything before.

Analysts expect more than 1.3 billion agents will be in operation by 2028. To put that into perspective, if they were their own country today, they would rank 3rd in population, behind only India and China. The proliferation of pro-code, low-code, and no-code agent-building platforms is further democratizing agent creation and will continue to drive the massive growth we expect in the coming years. These new waves of AI tinkerers, many without extensive developer-level security knowledge, have the potential to introduce additional risks without even realizing it.

Today, we are excited to announce new capabilities in Microsoft Defender that help security administrators and security analysts manage agent risks and threats, as part of Microsoft Agent 365. Security teams will now benefit from a unified approach to manage posture and protect against threats across the AI agent lifecycle.

Introducing AI Agent security within Microsoft Defender

At Ignite 2025, Microsoft Defender is announcing the preview of unified posture management and threat protection for AI agents.

These new agent security capabilities will be added to existing product experiences, as well as Microsoft Agent 365. This evolution broadens Defender’s AI security capabilities to cover agentic AI services on pro-code platforms like Microsoft Foundry and low-code/no-code environments such as Copilot Studio.

AI security posture management for Microsoft Foundry agents, as well as threat protection for Copilot Studio agents, are now in preview. Threat protection for Microsoft Foundry agents will be available soon.

Core Capabilities

1. Comprehensive Visibility for AI Agents

Gain a unified, risk-based inventory of AI agents across Microsoft Foundry and Copilot Studio to eliminate blind spots and reduce shadow agents. Defender consolidates metadata, instructions, identities, and connected tools—helping security administrators manage sprawl and maintain control. Unlike point solutions, Defender’s posture, alerts, and response capabilities cover the entire AI stack within a unified portal and experience.

Figure 1: AI agent inventory in Defender

2. Risk Reduction for AI Agents

Defender strengthens posture by identifying misconfigurations, excessive permissions, and insecure instructions. AI security posture recommendations and detailed attack path analysis contextualize how weak spots from Microsoft Foundry agents form broader risks for the organization, enabling proactive remediation before breaches occur. Pre-built advanced hunting queries help security teams spot potential vulnerabilities within Copilot Studio agents.

Figure 2: Attack path analysis for AI agents

3. Threat Protection for AI Agents

The rise of AI agents introduces entirely new threats that traditional security tools aren’t equipped to handle, including prompt injection and privilege compromise. Attackers can exploit an agent’s language understanding with manipulative inputs that evade classic defenses, demanding fresh approaches to security. Defender is expanding its threat protections for generative AI to include new protection for AI agent-specific threats.

New jailbreak attempt alerts and real-time blocking of unsafe tool invocation for Copilot Studio agents are automatically correlated with broader threat signals and insights from the industry-leading Microsoft Threat Intelligence, to deliver contextual alerts and incident-level visibility. Similar detections for Microsoft Foundry agents will also be available in preview soon.

Figure 3: Threat protection for AI agents

Above-mentioned threat signals are further contextualized within Microsoft Defender and Sentinel, seamlessly connecting Microsoft’s security, AI, and DevOps platforms like Microsoft Defender, Foundry, Copilot Studio, and GitHub Advanced Security, helping organizations start secure and shift AI security farther left.

Additionally, Defender is expanding the threat hunting experience to include logs for Copilot Studio, Azure Foundry, and agents built on third-party agent builder platforms through the A365 SDK. This enhancement will provide security teams with even more insight into agentic threats and incident context.

Customer Scenarios

With these capabilities, customers can protect AI agents better with these specific use cases:

• Gain visibility and insight: Eliminate shadow agents and unify AI asset management across multi-cloud platforms.
  • Conduct risk reduction: Understand vulnerabilities with posture recommendations and prioritize proactive hardening with attack-path analysis.
  • Threat protection: Monitor runtime activity for malicious patterns, block prompt injection attacks, and correlate signals for incident context.

What Sets Defender Apart

AI agents are just one of many potential threat vectors within your organization that attackers may target. Unlike point solutions, Defender offers build-to-runtime protection across the AI stack—models, agents, SaaS apps, and cloud infrastructure. The power of this unified approach is that it extends beyond AI. Correlating security posture, attack paths, and alerts across endpoints, identities, applications, cloud infrastructure, and other signals helps security practitioners better understand threats and coordinate response within a single experience, reducing complexity and enabling continuous security.

Looking Ahead

Microsoft remains committed to helping customers start secure and stay secure on their AI journey. Join us at Microsoft Ignite either live or in person to learn more about these and other announcements. To learn more about our news, join us live at Microsoft Ignite 2025:

BRK264 From Risk to Resilience: Secure your AI Agents with Microsoft Defender

BRK267 End-to-end security for your AI platforms, apps, and agents

BRK268 Secure Azure AI Foundry agents with Microsoft Security

And read about our other Ignite 2025 announcement from Microsoft Defender for Cloud and Microsoft Defender. Learn more about the AI Security Posture Management capabilities within Defender Cloud Security Posture Management.