Microsoft Releases Security Copilot Agents Preview for Real-Time Threat Response

Microsoft has introduced new AI-powered agents for Security Copilot in public preview at the RSA Conference 2025. The company has started a phased rollout of these new agents to grant early access to select customers.

Last year, Microsoft launched Security Copilot to help security professionals with threat hunting, incident response, intelligence gathering, posture management, and more. This AI-powered security tool offers seamless integration with security products such as Microsoft Defender XDR, Microsoft Sentinel, and Microsoft Intune, as well as third-party services.

In March, Microsoft announced the new Security Copilot agents to handle high-volume security tasks and allow security teams to focus on more complex issues. Customers can access various agents, including a Conditional Access Optimization Agent for Microsoft Entra, a Vulnerability Remediation Agent for Microsoft Intune, and a Threat Intelligence Briefing Agent for Security Copilot. Microsoft plans to roll out additional agents (such as phishing and alert triage tools for Microsoft Defender and Microsoft Purview) in the coming weeks.

“Built on Security Copilot and seamlessly integrated with Microsoft Security solutions and partner ecosystem, these agents are tailored to security-specific use cases, adapt to your workflows, and learn from feedback, all while keeping your team fully in control. Every agent launched is built on the Security Copilot platform, ensuring a consistent, secure, and unified experience across capabilities,” Microsoft explained.

Microsoft has also introduced two new partner agents from Performanta in public preview for commercial customers. The new Email Threat Analyst Agent and IAM Supervisor Agent should help security teams investigate email threats and identity access risks.

Additionally, Microsoft has announced the general availability of Security Copilot support for Microsoft Sentinel scenarios through Azure Lighthouse. This feature allows managed security service providers to use Security Copilot’s natural language prompts and automation capabilities across customer environments. It eliminates the need to purchase separate Copilot licenses.

New Security Copilot plugins

Microsoft is extending the capabilities of Security Copilot with several new plugins, including the Censys plugin, the HP Workforce Experience Platform (WXP) plugin, the Splunk plugin, and the Quest Security Guardian plugin. Microsoft has also announced the general availability of the CheckPhish plugin to help security teams with URL threat analysis.

AI-powered governance and other updates

Microsoft Purview integrations for Security Copilot are now available in preview for data protection risks in AI environments. These features enable organizations to detect sensitive data exposure and investigate AI-based insider threats. Security teams can also apply retention and audit policies to AI-generated data.

Additionally, Microsoft has announced the general availability of Copilot enhancements for Defender for Cloud. The latest updates offer AI-powered risk remediation summaries and delegation tools to protect cloud environments. Microsoft has also announced a public preview of Security Copilot incident summaries for Microsoft Sentinel.

Last but not least, Microsoft has introduced a new overage Security Compute Unit (SCU) model to enhance customer scalability. This feature allows customers to extend their Copilot workloads beyond their initial provisioned limits.