Microsoft Sentinel and Security Copilot Gain New Agentic Features to Tackle Evolving Cyber Threats

Microsoft has introduced new agentic security capabilities in Microsoft Sentinel and Security Copilot. These features are designed to help security teams stay ahead of increasingly complex threats and safeguard their organizations in the era of agentic AI.

According to Microsoft, organizations are rapidly transforming into “frontier firms” where human expertise and AI agents work side by side in real time. As cyber threats grow more complex, security teams need more intelligent and adaptive tools to keep pace and protect their digital ecosystems effectively.

Microsoft Sentinel Data Lake now generally available

The new Microsoft Sentinel data lake solution, launched in July, is now generally available to commercial customers. It’s a unified repository that consolidates structured and semi-structured security data. This security data lake allows AI agents to analyze, correlate, and respond to threats quickly across an organization’s digital environment.

Microsoft has also announced the public preview of Sentinel Graph and Sentinel Model Context Protocol (MCP) server. The Sentinel graph provides a semantic, graph-based view of security data to help IT teams understand relationships and context across their enterprise networks. The Sentinel MCP server supports this process by allowing AI agents to access and reason over unified data using open standards, which enables faster, more intelligent threat detection and response.

“Sentinel ingests signals, either structured or semi-structured, and builds a rich, contextual understanding of your digital estate through vectorized security data and graph-based relationships. By integrating these insights with Defender and Purview, Sentinel brings graph-powered context to the tools security teams already use, helping defenders trace attack paths, understand impact, and prioritize response—all within familiar workflows,” explained Vasu Jakkal, Corporate Vice President, Microsoft Security.

Security Copilot enhancements

The Security Copilot portal has added a new no-code agent builder that allows customers to create, optimize, and publish agents with natural language commands. Developers can also build agents on a Sentinel MCP server-enabled coding platform, such as using GitHub Copilot in VS Code. Microsoft Security Copilot agents are designed to integrate seamlessly into existing workflows and Microsoft Security tools.

Microsoft and partners have already released agents for tasks like phishing triage and conditional access optimization. The new Security Store is designed to help customers discover, purchase, and deploy Microsoft and partner-created Security Copilot agents.

Additionally, Microsoft has detailed several enhancements coming to Azure AI Foundry to strengthen protection throughout the lifecycle of AI agents. These upcoming features include agent task adherence control to ensure real-time alignment of agents with tasks, and built-in safeguards to prevent exposure of personally identifiable information (PII). There is also a new spotlighting capability in prompt shields to enhance protection against cross-prompt injection attacks.

Lastly, Microsoft emphasizes that security is a team effort that requires collaboration across organizations and ecosystems. These new features should help security teams protect their organizations against sophisticated cyberattacks.