Microsoft (MS) is fundamentally fixing its security system to target the ‘Artificial Intelligence (A..
Microsoft (MS) is fundamentally fixing its security system to target the ‘Artificial Intelligence (AI) Agent Era’. This is because AI agents who read e-mails, organize files, and make reports instead of employees are rapidly spreading, and it is judged that existing security methods alone cannot respond. Microsoft unveiled a large-scale security strategy that encompasses all areas of security, data, identity, and compliance at the annual IT conference ‘Egnite 2025’ held in San Francisco, USA from the 18th to the 20th. MS emphasized, “In the era when AI works, security should also be completely redesigned.”
Unlike conventional chatbots, AI agents “instead” perform actual tasks beyond simple answers. Open Excel to analyze sales data, create proposals with PowerPoint, and automatically continue work across in-house systems and external tools. The problem is that this agent accesses more data and systems than humans at a much faster rate. When exposed to incorrect commands or attacks, the extent of damage becomes incomparable to employee mistakes.
The core of MS’s security strategy announced at Ignite is the principle that “AI manages like an employee.” To this end, MS has newly released “Agent 365.” It is a kind of “AI agent personnel management system” that can register all AI agents used in companies in one place, identify who made them, what data they use, and what authority they have at a glance. It also includes the ability to automatically find unauthorized agents (Shadow AI) and block dangerous commands. Considering the reality that it is difficult to even know how AI is operating inside companies, it is actually the starting point of security.
As AI handles data on its own, the data protection system has also been strengthened. Microsoft’s data security platform “Purview” has undergone major upgrades in the era of AI agents. Security rules such as people are applied to documents, e-mails, and customer information viewed by AI agents, and can be restricted to access only necessary data. This is to prevent the problem of ‘oversharing’ in which AI reads too many documents. In addition, if an employee tries to upload a company file to an external AI service such as ChatGPT or Gemini, it is automatically blocked according to the policy.
A new defense system against AI attacks has also been strengthened. MS pointed out that new attacks such as ‘prompt injection’ that give wrong instructions to AI to leak internal information are rapidly increasing. To prevent this, ‘Security Copilot’ also announced a function to automate the work of the Security Operations Center (SOC) and block risks by analyzing suspicious commands or abnormal activities in real time. AI-based analysis agents have also been added to the existing Defender product line, enhancing the ability to predict attacks and defend against them in advance.
In terms of identity management, “Entra Agent ID” stands out. This is a system that gives AI agents unique identification and determines which resources are accessible. Until now, only user accounts had to be managed, but in the future, AI agents should also receive the same level of authority management and audit as “human employees.” This is an essential basis for preventing misuse of authority and leakage of internal information.
According to MS, more than 1.3 billion agent businesses are expected to be created by 2028. As AI agents become commonplace, companies are now facing a new problem of ‘how to register and manage this agent, and what authority to give,’ said Vasu Jakal, vice president of MS security. “In the era of AI agents, security must also operate at all times and autonomously.” Agent 365 serves as a control tower for AI agents, he said, adding, “Security is the key principle supporting the agent era.”
Meet Miracle Letter, a global trend newsletter read by 78,000 people, for free three times a week. You can subscribe for free by entering the “Miracle Letter” in the search box or scanning the QR code.
[Silicon Valley correspondent Wonho-seop]
link
