Adwait Joshi, Microsoft’s Senior Director of AI+TI, outlined the benefits of Microsoft Copilot for Security at the recent AI Copilot Digital Summit.
AI is beneficial in terms of helping cybersecurity pros secure applications and data while enhancing overall corporate security. Although many customers already use AI tools, concerns remain about data security and the use of unsanctioned AI apps in the AI era. This reinforces the need for compliance with regulations and responsible AI standards. More specifically, Microsoft is focusing on using GenAI to combat sophisticated threats and empower security and IT teams to stay ahead of threat actors.
Joshi shared some examples of the “market truth” behind Copilot for Security. He referenced the issue of “shadow AI,” in which users are unaware of what data and AI apps are being used. To combat this and ensure the security of AI applications, it’s crucial to discover and understand how all AI apps are being used, including their data usage and compliance status.
AI Agent & Copilot Summit is an AI-first event to define opportunities, impact, and outcomes with Microsoft Copilot and agents. Building on its 2025 success, the 2026 event takes place March 17-19 in San Diego. Get more details.
Microsoft Defender can help manage and control more than 400 apps that are part of the AI ecosystem, support the definition of data policies, and ensure responsible AI practices.
When developing Copilot for Security, Microsoft leveraged its partnership with OpenAI and its extensive threat intelligence to create a “security-specific orchestrator.” This tool performs security and IT functions, including script analysis, incident summarization, impact analysis, and guided remediation.
Copilot for Security offers embedded experiences within tools including Microsoft Defender and standalone tools for a complete view across device management, identity, and threat detection. Joshi referenced a CISO who used Copilot for Security to understand the impact of a Common Vulnerability and Exposure (CVE) and identify affected entities as well as receive recommended remediation steps.
Following Joshi’s segment, Chris Hughes, a CISO and CEO of Aquia, delivered a user perspective on Copilot for Security. He was initially skeptical but, as he continued to dig into the tool and its capabilities, he found it to be promising and now considers it “part of the future of cybersecurity.”
Microsoft’s approach with Copilot for Security is “really interesting,” Hughes noted, as it integrates with Microsoft’s Intune endpoint management software and Microsoft Defender, as well as third-party services.
Copilot for Security supports diverse functions, from Security Operations Center (SOC) analysts handling incident response and threat detection to security pros designing zero-trust architectures. Additionally, Copilot for Security offers automated guidance, reporting, summarization, and dashboards, making it easier for executives to quickly understand and act on their security posture and related incidents.
With this in mind, how should CISOs consider Copilot for Security and the impact it will have on other business users?
While innovative technologies are being integrated throughout the Microsoft ecosystem, Hughes explained, fundamental cybersecurity principles must be enforced. The use of Copilot technology across various business functions can provide access to potentially sensitive data, which necessitates careful analysis and planning to prevent breaches or mishandling.
Hughes closed with usage tips for customers. He equated Copilot for Security to a muscle; he noted, “You have to exercise it to build proficiency.” To effectively use new technologies, he advised experimenting with them using non-sensitive, low-risk data to build that proficiency.
The session provided clear visibility into opportunities with Copilot for Security and safeguards that security leaders should establish to realize its full value without compromising corporate data.
