Cloud Wars
  • Home
  • Top 10
  • CW Minute
  • CW Podcast
  • Categories
    • AI and Copilots
    • Innovation & Leadership
    • Cybersecurity
    • Data
  • Member Resources
    • Cloud Wars AI Agent
    • Digital Summits
    • Guidebooks
    • Reports
  • About Us
    • Our Story
    • Tech Analysts
    • Marketing Services
  • Summit NA
  • Dynamics Communities
  • Ask Copilot
Twitter Instagram
  • Summit NA
  • Dynamics Communities
  • AI Copilot Summit NA
  • Ask Cloud Wars
Twitter LinkedIn
Cloud Wars
  • Home
  • Top 10
  • CW Minute
  • CW Podcast
  • Categories
    • AI and CopilotsWelcome to the Acceleration Economy AI Index, a weekly segment where we cover the most important recent news in AI innovation, funding, and solutions in under 10 minutes. Our goal is to get you up to speed – the same speed AI innovation is taking place nowadays – and prepare you for that upcoming customer call, board meeting, or conversation with your colleague.
    • Innovation & Leadership
    • CybersecurityThe practice of defending computers, servers, mobile devices, electronic systems, networks, and data from malicious attacks.
    • Data
  • Member Resources
    • Cloud Wars AI Agent
    • Digital Summits
    • Guidebooks
    • Reports
  • About Us
    • Our Story
    • Tech Analysts
    • Marketing Services
    • Login / Register
Cloud Wars
    • Login / Register
Home » Microsoft Advances AI Agents to Address the Scale of Phishing, Malware Threats
AI and Copilots

Microsoft Advances AI Agents to Address the Scale of Phishing, Malware Threats

Tom SmithBy Tom SmithAugust 15, 20254 Mins Read
Facebook Twitter LinkedIn Email
Share
Facebook Twitter LinkedIn Email

Microsoft is ramping up efforts to drive more robust security, as well as security operations, by tapping the power of AI agents. The company has detailed two new agentic AI initiatives to combat phishing and malware.

The first is a now-public preview of a Phishing Triage Agent that was previously disclosed. The second is a prototype that taps AI for malware detection and classification. In both cases, the work focuses on the Microsoft Defender platform.

Phishing Detection at Scale

The Phishing Triage Agent for Defender applies AI to a highly repetitive task that challenges security ops teams: handling user-submitted phishing reports. The agent triages thousands of alerts daily, typically within 15 minutes of detection.

Microsoft detailed the scale of the problem when it comes to managing phishing: Defender for Office 365 detected more than 775 million emails with malware in a 12-month period. In most organizations, more than 90% of reported emails turn out to be false positives. The company said attackers increasingly use AI to write phishing messages that appear personalized, thereby making them harder to detect.

The Phishing Triage Agent leverages large language models (LLMs) to conduct semantic evaluation of email content, URL and file inspections, and intent detection to determine if a submission constitutes phishing or a false alarm. Unlike past tools based on pre-coded logic, the agent dynamically interprets context of each email to draw a conclusion.

The agent evolves as analysts reclassify incidents and provide natural language feedback explaining why a particular verdict was correct or not. In response, the agent refines its reasoning and adapts to the organization’s specific needs, patterns, and nuances.

“This AI-powered agent autonomously triages user-reported phishing emails, acting as force multiplier to security teams helping them scale their response and reduce repetitive investigation work,” said Microsoft Corporate Vice President Dorothy Li in a LinkedIn post about the agent.

Organizations that meet the prerequisites can join the Phishing Triage Agent Public Preview, available through a trial directly in the Microsoft Defender portal. 

AI Agent & Copilot Summit is an AI-first event to define opportunities, impact, and outcomes with Microsoft Copilot and agents. Building on its 2025 success, the 2026 event takes place March 17-19 in San Diego. Get more details.

AI-Powered Malware Detection

Microsoft also detailed a prototype AI agent that analyzes and classifies software autonomously as it seeks out malware. The prototype automates a robust process of reverse engineering a software file to determine whether the software is malicious. The prototype was developed through collaboration between Microsoft Research, Microsoft Defender Research, and Microsoft Discover & Quantum.

The Microsoft Defender platform scans more than one billion active devices monthly; that routinely requires manual review by experts. Unlike other AI applications in security, Microsoft said, AI must make judgment calls without definitive validation beyond expert review, but many software behaviors don’t clearly indicate whether a sample is malicious.

The resulting ambiguity requires analysts to investigate each sample while building evidence to determine whether the software is malicious or benign. This creates major automation and scalability challenges.

The new prototype, dubbed Project Ire, uses specialized reverse-engineering tools to conduct low-level binary analysis and high-level interpretation of code. Evaluation begins with a triage process that identifies the file type and structure. The LLM calls specialized tools to identify and summarize key functions, contributing to an auditable trail that supports secondary review by security teams.  

A validator tool cross-checks claims in the report against the chain of evidence that’s been created. A final report classifies the sample as malicious or benign.

In one early evaluation, the classifier correctly identified 90% of all files and flagged just 2% of benign files as threats, with this low false-positive rate demonstrating strong potential for deployment in security operations.

Based on this and other evaluations, the Project Ire prototype will be leveraged inside Microsoft’s Defender organization for threat detection and software classification, the company said.

These latest advances by Microsoft demonstrate clearly the power of AI to help fend off attackers, especially when it comes to high-volume activities that challenge security teams to achieve the scale required for effective defenses. They are another indication that the security vendor community is racing at least as fast as the attackers to deploy AI, in this case for protection of corporate assets.


Ask Cloud Wars AI Agent about this analysis

Interested in Microsoft?

Schedule a discovery meeting to see if we can help achieve your goals

Connect With Us

Book a Demo

agent ai ai agent automation copilot Cyber Security featured Microsoft security
Share. Facebook Twitter LinkedIn Email
Analystuser

Tom Smith

Editor in Chief, analyst, Cloud Wars

Areas of Expertise
  • AI/ML
  • Business Apps
  • Cloud
  • Digital Business

Tom Smith analyzes AI, copilots, cloud companies, and tech innovations for Cloud Wars. He has worked as an analyst tracking technology and tech companies for more than 20 years.

  Contact Tom Smith ...

Related Posts

Dynamic Communities Introduces AI Partner Executive News & Analysis Site for the Microsoft AI Business Solutions Partner Ecosystem 

September 4, 2025

AI Won’t Boil Earth: Google Cloud Slashes Key AI Energy Metric by 33X

September 4, 2025

2 Models Developed Internally at Microsoft Underscore Aggressive AI Ramp-Up, Hiring

September 4, 2025

Google Achieves 33x Energy Cut for Gemini Apps

September 4, 2025
Add A Comment

Comments are closed.

Recent Posts
  • Dynamic Communities Introduces AI Partner Executive News & Analysis Site for the Microsoft AI Business Solutions Partner Ecosystem 
  • AI Won’t Boil Earth: Google Cloud Slashes Key AI Energy Metric by 33X
  • 2 Models Developed Internally at Microsoft Underscore Aggressive AI Ramp-Up, Hiring
  • Google Achieves 33x Energy Cut for Gemini Apps
  • Salesforce Sets the Standard for Public Sector AI with Agentforce: Purpose-Built, Compliant, and Customer-Centric

  • Ask Cloud Wars AI Agent
  • Tech Guidebooks
  • Industry Reports
  • Newsletters

Join Today

Most Popular Guidebooks and Reports

The Agentic Enterprise: How Microsoft and Industry Leaders Are Redefining Work Through AI

September 2, 2025

SAP Business Network: A B2B Trading Partner Platform for Resilient Supply Chains

July 10, 2025

Using Agents and Copilots In M365 Modern Work

March 11, 2025

AI Data Readiness and Modernization: Tech and Organizational Strategies to Optimize Data For AI Use Cases

February 21, 2025

Advertisement
Cloud Wars
Twitter LinkedIn
  • Home
  • About Us
  • Privacy Policy
  • Get In Touch
  • Marketing Services
  • Do not sell my information
© 2025 Cloud Wars.

Type above and press Enter to search. Press Esc to cancel.

  • Login
Forgot Password?
Lost your password? Please enter your username or email address. You will receive a link to create a new password via email.
body::-webkit-scrollbar { width: 7px; } body::-webkit-scrollbar-track { border-radius: 10px; background: #f0f0f0; } body::-webkit-scrollbar-thumb { border-radius: 50px; background: #dfdbdb }