Organizations face an ever-evolving cyberthreat landscape marked by faster, more complex attacks. Today, Microsoft is answering this call with the general availability of an agentic security platform built on Microsoft Sentinel.
This new wave of innovation combines data, context, automation, and intelligent agents to help security teams detect, investigate, and respond at AI speed.
The rise of “Frontier Firms”, where humans and AI agents collaborate in real time, has created fresh opportunities and challenges for defenders.
Traditional security tools struggle to keep pace with modern threats, forcing teams to juggle silos of alerts and manual workflows. Microsoft Sentinel’s agentic platform brings everything under one roof:
- A unified security data lake that ingests structured and semi-structured signals
- Graph-based relationships and vectorized data for rich context
- AI agents that reason across your environment in real time
By integrating seamlessly with Microsoft Defender and Microsoft Purview, Sentinel gives teams the visibility and tools they already trust, now enhanced with agentic orchestration.
Key Capabilities
Sentinel Data Lake and Graph Context
Sentinel’s data lake, now generally available, centralizes all your security signals at cloud scale. The new Sentinel graph and Model Context Protocol (MCP) server in public preview add semantic access and graph-based context.
These features enable AI agents whether in Security Copilot, VS Code with GitHub Copilot, or partner platforms to navigate your digital estate, trace attack paths, and pinpoint impact with precision.
With Sentinel MCP server, security teams can extend and customize AI agents. Predefined and custom agents can automate investigations, enrich alerts, and trigger responses.
This shifts security operations from reactive firefighting to proactive threat hunting and predictive defense.
Security Copilot Agents
Building on Sentinel’s context, Security Copilot now offers a no-code agent builder. Teams can describe desired workflows in natural language and publish custom agents in minutes.
For developers, the MCP-enabled coding platform in VS Code supports GitHub Copilot–powered agent creation.
Whether for phish triage, conditional access optimization, or embedded access reviews, these agents reduce false positives, speed triage, and lower MTTR.
Secure and Govern AI at Scale
As AI adoption grows, so do the risks. Microsoft continues to strengthen Security for AI:
- Entra Agent ID for discovering and managing AI agents
- Controls to prevent data oversharing in custom AI apps
- Risk discovery tools for AI model providers and MCP servers
- Advanced detection for prompt injection attacks
Upcoming enhancements to Azure AI Foundry will add real-time task adherence control, PII guardrails, and prompt shield spotlighting, ensuring agent behavior aligns with security policies across their lifecycle.
Sentinel’s open and extensible architecture invites partners to build and deploy their own agents.
Microsoft is collaborating with Accenture, ServiceNow, and Zscaler to strengthen the ecosystem. Visit the new Microsoft Security Store to discover and deploy both Microsoft and partner-built agents.
Learn more and see these innovations in action at Microsoft Secure on September 30–October 1, and at Microsoft Ignite, November 17–21, in San Francisco or online.
Security is a team sport. With Microsoft Sentinel’s AI-driven agentic SIEM and Security Copilot agents, defenders can innovate boldly, adapt quickly, and work smarter. Together, we’re not just imagining the future of security, we’re building it.
Follow us on Google News, LinkedIn, and X to Get Instant Updates and Set GBH as a Preferred Source in Google.
