AI Threats Demand New Cybersecurity Investments

For nearly a decade, it seemed that every conversation I had about cybersecurity began and ended with ransomware

That’s changed.

While ransomware remains a major challenge, our customers are increasingly coming to us with concerns about the threat posed by artificial intelligence. They’re right to be worried. Armed with AI tools, hackers can rapidly create sophisticated phishing messages that look and sound nearly identical to legitimate emails from senders such as employers and financial institutions.

AI tools also make it possible for hackers to launch attacks at a scale that would previously have been impossible. And even internally, organizations run the risk of unauthorized users accessing sensitive information via large language models (LLMs) if those tools are not set up properly. 

This new threat landscape is causing many organizations to expand their cyber defense arsenal. In particular, we’ve been seeing keen interest in these three offerings from Microsoft.

Microsoft MXDR. This is a fully managed service that combines Microsoft Sentinel, the Defender family and Entra ID Protection with 24/7 expert monitoring to investigate and contain threats. Rather than simply aggregating logs, Microsoft MXDR (Managed Extended Detection and Response) uses AI to correlate activity across endpoints, identities, on-premises infrastructure and the cloud. The tool also automates much of the response to these threats, meaning that cybersecurity staffers typically need to handle only the most critical incidents. For most organizations, an investment in Microsoft MXDR will mean taking a step up from their existing endpoint detection and response platforms. The cross-environment visibility of MXDR, combined with automated response, makes the move worth it for organizations worried about AI-powered threats.

Microsoft Security Copilot. By now, most people are likely familiar with Microsoft’s Copilot brand of AI tools, which includes offerings like Microsoft 365 Copilot, GitHub Copilot and Sales Copilot. Microsoft Security Copilot is essentially an AI-powered security assistant that sits on top of Microsoft’s security stack, using LLMs, Microsoft’s threat intelligence and companies’ own logs to summarize incidents and recommend concrete response steps in natural language. At the speed of AI, Microsoft Security Copilot can analyze suspicious emails and scripts, initiate investigations and generate step-by-step remediation guidance. We already know that bad actors are using AI to launch attacks against companies; Microsoft Security Copilot gives organizations their own powerful AI tool to fight back.

Microsoft Purview. This is Microsoft’s unified data security, compliance and governance platform. Previously known as Microsoft 365 E5 Compliance, Microsoft Purview provides capabilities including data discovery and classification, sensitivity labels, and data loss prevention across Microsoft 365, on-premises systems and cloud platforms. When it comes to AI threats, governance is where Microsoft Purview really shines. Without proper governance in place, an internal LLM may return answers to user queries based on sensitive information. For example, imagine that a user asks a question about workplace conduct policies, and the LLM provides examples drawn from sensitive HR files. Or, consider the fallout if the system were to make employees’ Social Security numbers accessible across the organization. Microsoft Purview gives organizations the tools they need to stop that from happening.

The history of cybersecurity is a back-and-forth between defenders and attackers. One group levels up its game, and the other is then forced to respond to keep pace. With AI, attackers have powerful new ways to exploit vulnerabilities at scale. To stop them, defenders are going to need powerful tools of their own.