By Alice Chambers |
Alym Rayani, vice president of Microsoft Security, highlighted how AI transformation must be matched by an equally ambitious security strategy at the Microsoft AI Tour in London, UK.
The evolution from conversational copilots to autonomous agents capable of executing tasks and organising workflows is becoming increasingly evident. One of the defining features of this new wave is accessibility to AI. Rayani demonstrated how straightforward it is to create an AI agent, emphasising that “you don’t need to know anything about coding to create an agent” – a shift that effectively democratises intelligence across the organisations.
But that same accessibility introduces new risks. As organisations rush to deploy AI, Rayani warned of mounting complexity. “Everyone’s running AI, often faster than governance frameworks can be set up,” he said.
AI introduces new security challenges, including agent sprawl, data oversharing, shadow AI and regulatory compliance pressures, with over 1,000 regulations worldwide and more than 250 changes per day, according to Rayani.
At the same time, threat actors are scaling their operations with more than 4,000 password attacks per second, according to Microsoft’s Digital Defense Report. AI systems expand the attack surface further, creating new vectors that security teams need to anticipate and defend.
Rayani referenced Microsoft’s Secure Future Initiative, launched in November 2023, which is built around three pillars: secure by design, secure by default and secure operations. The initiative has required significant internal transformation. Microsoft “had to turn off 5.9 million identities, decommissioned 700,000 apps and learned a lot about data pipelines to diffuse data back into their products,” he said.
For Microsoft, security is now the “core primitive” – something that should always be present. That philosophy underpins Microsoft’s AI-first, end-to-end security platform, where Security Copilot capabilities are embedded across its security services. The company’s threat intelligence advantage, Rayani said, is built on “100 trillion unparalleled global signals” analysed by “more than 10,000 experts using AI.”
As enterprises adopt agentic AI, the boundaries between IT, development and security teams are blurring. Organisations are asking key questions, such as ‘can IT discover and manage these agents?’, ‘are they acting appropriately?’, and ‘who or what are they sharing sensitive information with?’.
To address these concerns, IT teams can manage and govern agent usage at scale with Microsoft Agent 365, described as a control plane for agents covering registrations, access control, visualisation, interoperability and security. Developers can use the newly introduced Foundry Control Plane, while security teams can rely on Microsoft Defender, Microsoft Entra and Microsoft Purview.
Rayani also highlighted recently announced capabilities designed to move organisations from reactive defence to predictive resilience. Predictive shielding, he explained, “autonomously anticipates the path and tactics and hardens your environment.”
Meanwhile, security agents embedded into daily workflows – including 40 new and enhanced agents from Microsoft and its partners – are designed to streamline response and remediation. One example is the phishing triage agent. With AI-based phishing attempts are 85 per cent more effective, according to Rayani, traditional manual triage is becoming unsustainable. He cited customers using the agent having got through six times more alerts than those not using it.