How Microsoft's new security agents help businesses stay a step ahead of AI-enabled hackers (www.zdnet.com)

At Ignite, Microsoft announced a new wave of AI security agents—dozens of Microsoft- and partner-built autonomous assistants—integrated directly into its security management portals (Defender, Entra, Intune, Purview) and delivered via a central Microsoft Security Store. The move is intended to shift defenses from reactive playbook-driven responses to proactive, context-aware automation as attackers increasingly adopt “agentic” AI to scale and automate intrusions. Microsoft frames these agents as side-by-side helpers that triage incidents, optimize conditional access, surface timely threat intelligence, and maintain secure endpoints. Technically, agents are being embedded contextually into the appropriate consoles (e.g., identity agents in Entra, endpoint agents in Intune). Examples include the Phishing Triage Agent (now generally available) that autonomously classifies user-reported phish, filters false positives and escalates only genuine threats, and the Threat Intelligence Briefing agent that aggregates sources, scores risk, recommends responses, and links directly to affected assets. The agents will be free for existing Security Copilot customers on Microsoft 365 E5, with broader availability planned (non-Copilot customers will get 30 days’ notice). For defenders, this standardization and portal-level surfacing of automated agents reduces manual noise, accelerates response, and helps close the gap against AI-enabled adversaries.