Cloud security today is no longer just about misconfigurations; it’s about keeping pace with cloud-native change, prioritizing risk before it becomes an incident, and securing AI as a new supply chain for applications. In modern environments, infrastructure and applications are rebuilt and redeployed constantly through CI/CD, containers, and managed services, which means the security posture can quickly change. That speed increases the chance that small gaps—overly permissive identities, risky configuration drift, or unvetted AI models—turn into real attack paths unless teams have continuous visibility and guardrails that prevent regression.
At the same time, security professionals need more than long lists of findings; they need risk context that connects issues to likelihood of exploitation and business impact so they can fix what matters first. And as organizations embed generative AI, the model itself becomes an artifact that must be governed like any other dependency—acquired, stored, scanned, validated, and monitored—because a tampered or unsafe model can introduce backdoors, leak sensitive data, or produce manipulated outputs at scale. In short, cloud security now spans across posture, runtime, and supply chain—for both cloud resources and the AI-powered applications.
Today, we are closing that gap with multi-layered security: expanding our multi-cloud visibility to new AWS and GCP services, enabling near real-time container runtime protection to eliminate binary drift, and introducing AI model scanning. By embedding security directly into the execution layer of both containers and AI, Microsoft Defender for Cloud ensures that as your organization scales, your defense adapts automatically.
Strengthen security posture through broader coverage, visibility, and prioritized real risk
Microsoft Defender continues to expand how customers see and secure their multi-cloud environments by adding broader coverage and deeper visibility across Amazon Web Services (AWS) and Google Cloud Platform (GCP). With support across compute, databases, storage, analytics, AI and machine learning, identity, networking, and DevOps, customers can now discover and inventory a much wider set of cloud assets through a single, unified experience. This expanded agentless coverage automatically delivers security recommendations and compliance insights for newly discovered resources, enabling continuous risk assessment and faster remediation of misconfigurations. Coverage for these additional AWS and GCP resources will be available in public preview in March.
As visibility increases, Defender for Cloud also ensures that prioritization remains clear and actionable. Cloud Secure Score—our AI‑driven, dynamic, risk‑based scoring mechanism—evaluates each resource individually based on likelihood of exploitation and potential business impact. This gives security teams clear insight into how and why their score evolves over time, helping them focus on the most critical risks first. Cloud Secure Score will be generally available in the Defender portal and publicly available in the Azure portal by the end of April.
Defender for Cloud is also extending protection to specialized workloads, including upcoming vulnerability assessment support for Azure Databricks compute clusters, which provides visibility and actionable recommendations for vulnerabilities introduced through custom libraries. Vulnerability assessment for Azure Databricks will be available in Defender CSPM by the end of April.
Detect and block unauthorized changes in running containers
As organizations gain clearer visibility into risk across their cloud estate, protecting workloads at runtime becomes a critical layer of defense.
Containers are designed to be immutable, but in practice attackers often exploit runtime gaps by introducing unauthorized binaries or malicious executables after deployment—changes that traditional controls may not detect in time. To address this risk, we are announcing binary drift detection and prevention, along with anti-malware detection and prevention for containers.
These capabilities identify when a running container deviates from its original image and automatically prevents unauthorized or malicious processes from executing. With policy-driven controls, security teams can distinguish legitimate operational activity from suspicious behavior. This allows security teams to protect the integrity of their containerized applications and reduce the window for runtime compromise. The result is stronger, proactive protection that helps organizations confidently run container workloads across modern Kubernetes environments. Binary drift detection is now generally available, and binary drift prevention and anti-malware detection and prevention in public preview.
Identify risks to your AI supply chain
As generative AI becomes embedded in applications—from support chatbots and copilots to automated decisioning—unsecured AI models introduce a new and often invisible risk surface. A compromised or unvetted model can leak sensitive data, execute unsafe logic, or generate manipulated outputs that undermine trust, compliance, and brand integrity. Unlike traditional software flaws, these risks can propagate at machine speed, turning a single vulnerable model into a systemic business issue. Securing AI models before they are deployed—and continuously as they evolve—is critical for organizations delivering AI‑powered experiences.
We’re thrilled to share the public preview of AI model scanning in Microsoft Defender, starting April, that delivers comprehensive protection for models stored in Azure Machine Learning registries and workspaces, identifying malware, unsafe operators, and embedded backdoors across common model formats. Continuous scanning generates actionable security recommendations tied to each model resource, while high-confidence malware detections trigger Defender alerts that flow directly into SOC workflows through Defender XDR.
For developers, a new CLI enables on-demand, in-pipeline scanning of model artifacts during the build process, surfacing risk down to individual files and enforcing security gates in CI/CD pipelines so that models that haven’t been scanned aren’t deployed.
Visibility across the AI development cycle brings these controls together—from supply chain integrity and artifact validation to pre-deployment scanning. Organizations that treat AI security as a continuous discipline, not a onetime checkpoint, build the foundation required to scale AI securely.
AI model scanning will be available in public preview starting April 1st at no additional cost as part of Defender for AI Services plan. Licensing requirements might change when the feature becomes generally available. If that happens, the feature will be disabled, and you’ll be notified should you wish to re-enable it under the new license.
Additional Resources
- Learn more about Microsoft Defender for Cloud, here
- Find cloud security recent innovations, here
- Defender for AI blog
- Attend cloud security theatre sessions on container security and AI models at RSA on March 24th and March 25th
Microsoft