Microsoft

Stub

Hyperscaler with deep agentic-AI surface area in the wiki, operating defender-AI at two distinct layers: at the SOC layer, Microsoft Security Copilot + Agent 365 + Entra Agent ID (GA May 1 2026, M365 E7 The Frontier Suite) + Microsoft Prompt Shields + Microsoft Purview AI + Defender for Cloud + Defender Predictive Shielding + Sentinel agent-aware SIEM playbooks + Sentinel MCP Entity Analyzer. At the AppSec / vulnerability-research layer, MDASH (multi-model agentic scanning harness, 100+ specialized agents; announced May 12 2026 by the Microsoft Autonomous Code Security (ACS) team in collaboration with Microsoft Windows Attack Research and Protection (WARP); led by Taesoo Kim). Named launch partner of Project Glasswing (Anthropic coalition, same-day announcement May 12 2026) — Microsoft makes Mythos Preview available to Glasswing participants via Microsoft Foundry, and tested Mythos against its own CTI-REALM open-source security benchmark with “substantial improvements.” Igor Tsyganskiy (EVP of Cybersecurity and Microsoft Research) is the quoted Glasswing executive. The earlier MDASH “generally available AI models” silence is explained by Glasswing coordinated-launch constraint — Mythos is almost certainly one of MDASH’s orchestrated SOTA-reasoner models. Plus broader frameworks: Microsoft Responsible AI Standard (RAI), ZT4AI (Zero Trust for AI), M365 memory-injection detector, FIDES (zero-PI on AgentDojo), PyRIT (Microsoft AI Red Team OSS).

Pending content: company overview, full AI security product portfolio, ISO 42001 + AIUC-1 posture, key personnel beyond Vasu Jakkal, Taesoo Kim, and Igor Tsyganskiy (Jason Clinton, MSFT AI Red Team leadership, ACS / WARP team breakdown). CTI-REALM benchmark needs its own concept page.

March 2026 RSAC announcement portfolio

Per Vasu Jakkal’s pre-RSAC 2026 post (2026-03-20), Microsoft’s three-pillar agentic-AI security framing organizes the portfolio:

Pillar 1 — Secure agents. Agent 365 (GA May 1) bundling Defender / Entra / Purview capabilities for agent governance.

Pillar 2 — Secure foundations. Security Dashboard for AI (GA); Entra Internet Access Shadow AI Detection (GA Mar 31); Enhanced Intune App Inventory (May); Entra Backup & Recovery (preview); Entra Tenant Governance (preview, shadow-tenant detection); Entra Passkey + Windows Hello integration; Entra External MFA (GA); Entra Adaptive Risk Remediation (Apr); Unified Identity Security (preview); expanded Purview DLP for M365 Copilot (GA Mar 31, blocks PII / credit card numbers in prompts); Purview Embedded in Copilot Control System (Apr); Purview Customizable Data Security Reports (preview); Entra Internet Access Prompt Injection Protection (GA Mar 31) — first major-vendor network-layer PI defense; Defender for Cloud Container Security; Defender for Cloud Posture Management (AWS + GCP, Apr); Defender Predictive Shielding (preview) — adaptive policy contraction during active attacks.

Pillar 3 — Defend with agents and experts. Security Copilot (now in M365 E5 + E7); Security Analyst Agent in Defender (Mar 26); Security Alert Triage Agent in Defender (Apr); Conditional Access Optimization Agent in Entra; Data Security Posture Agent in Purview (with credential scanning); Data Security Triage Agent in Purview; 15+ partner-built agents in the Security Store. Microsoft Sentinel additions: Data Federation via Microsoft Fabric (preview, integrating Databricks / Fabric / ADLS); Playbook Generator with NL Orchestration (preview); Granular Delegated Administrator Privileges + Unified RBAC (preview); Security Store Embedded in Purview + Entra (GA Mar 31); Custom Graphs via Microsoft Fabric (preview); Sentinel MCP Entity Analyzer (GA Apr) — first SIEM with native MCP integration. Microsoft Defender Experts Suite for managed XDR.

Stats (per the Mar 2026 post): 80% of Fortune 500 already deploying agents (Copilot Studio + Agent Builder, Nov 2025 baseline); Microsoft Security: 1.6M customers, 1B identities, 24B Copilot interactions, 100T daily signals.

Secure Development Lifecycle (SDL) — AI extension (2026-02-03)

Microsoft’s classical secure-by-design framework — Microsoft Secure Development Lifecycle (SDL) — published its first explicit AI extension on 2026-02-03 in a Microsoft Security Blog post by Yonatan Zunger: [[microsoft-sdl-evolving-security-practices|Evolving Security Practices for an AI-Powered World]]. The post announces six SDL-for-AI focus areas (threat modeling for AI, AI system observability, AI memory protections, agent identity and RBAC enforcement, AI model publishing, AI shutdown mechanisms) and six operating pillars (research, policy, standards, enablement, cross-functional collaboration, continuous improvement). Substantive per-area technical guidance is promised “in the coming months.” This makes Microsoft SDL the first major-vendor secure-SDLC framework with an explicit AI scope (NIST SSDF SP 800-218A remains partial; Google SAIF is AI-first rather than an extension of a classical secure-SDLC anchor).

The 2026 SDL extension complements rather than replaces the broader Microsoft AI-security portfolio: SDL operates at the develop-and-ship lifecycle layer (policy + practice + tooling), while Agent 365 + Entra Agent ID, ZT4AI, the Mar 2026 RSAC portfolio, and MDASH operate at the run-and-defend layer.