Microsoft is stepping up its security game in the face of rising threats from generative artificial intelligence (AI) applications. On March 24, 2025, the tech giant announced a new feature called inline data protection for its Edge for Business web browser, aimed at preventing sensitive company data from being shared into consumer-driven generative AI apps such as OpenAI's ChatGPT, Google Gemini, and DeepSeek.
As workplaces increasingly integrate AI tools, the risk of data leakage has skyrocketed. Microsoft emphasized the importance of this new capability, stating, "With the new inline protection capability for Edge for Business, you can prevent data leakage across the various ways that users interact with sensitive data in the browser, including typing of text directly into a web application or generative AI prompt." This feature will be expanded over time to envelop additional AI, email, collaboration, and social media applications.
Along with this announcement, Microsoft revealed the general availability of enhanced collaboration security for Microsoft Teams to combat phishing attacks that have surged in recent months. Threat actors, identified as Storm-1674 and Storm-1811, have been utilizing Microsoft Teams as a medium to trick users into downloading harmful software or granting them unauthorized access to systems, leading to ransomware deployments.
The tech company has introduced several new controls within Teams that will allow security teams to dictate which tenants, domains, and users can interact with company employees. These updates aim to provide better protection against malicious links or attachments in real-time and improve the reporting of suspicious messages to administrators.
In response to the increasing scale and complexity of cyberattacks, Microsoft is expanding its security offerings to include AI agents that support essential areas such as phishing and data security. Vasu Jakkal, corporate vice president at Microsoft Security, noted, "The relentless pace and complexity of cyberattacks have surpassed human capacity and establishing AI agents is a necessity for modern security."
Moreover, between January and December 2024, Microsoft detected over 30 billion phishing emails targeting its customers, underscoring the need for robust security measures. New features in the Microsoft Security Copilot, which originally launched a year ago, involve six agentic solutions that leverage AI to autonomously manage high volumes of security-related tasks.
These new agents will triage phishing alerts, data loss prevention notifications, monitor vulnerabilities, and curate threat intelligence, aiming to free human defenders to focus on more complex threats. Available for preview in April 2025, the Security Copilot agents are designed to enhance the efficiency and effectiveness of organizational security teams.
In addition, Microsoft Purview is set to roll out data security investigations, incorporating AI-driven analysis to identify and mitigate risks tied to sensitive data exposure. This innovative approach will link data security incidents with Microsoft Defender's findings and insider risk cases, aiming for a comprehensive view of security events.
According to a recent Microsoft report on security in the age of AI, 57% of organizations reported an uptick in security incidents associated with the use of AI. Yet, 60% of organizations have yet to implement necessary controls to manage these risks, indicating a significant gap in preparedness.
With the backing of AI, Microsoft Defender now processes an astonishing 84 trillion signals per day, revealing insights into the drastic increase in cyberattacks including a staggering 7,000 password attacks each second. Recognizing that a manual approach has become insufficient, Microsoft is making AI pivotal in its security protocol.
Beginning in May 2025, enhanced detection measures for emerging threats will be implemented in Microsoft Defender to shield organizations from issues such as indirect prompt injection attacks and sensitive data exposure. New access controls paired with real-time data monitoring will further bolster organizations' defenses against the growing phenomenon of shadow AI.
As part of its Secure Future Initiative, Microsoft continues to innovate across its portfolio, focusing on offering powerful, end-to-end protection amid the rapid evolution of technology in the workplace. They will also host a digital event called Microsoft Secure on April 9, 2025, to discuss these advancements in detail.
Microsoft is not just securing its own framework but also fostering a collaborative approach to cybersecurity by inviting partners to develop AI agents that bolster security capabilities further. With significant advancements being made, both in technology and strategy, Microsoft aims to empower every organization to secure their AI investments effectively and safeguard sensitive data.
In the fast-paced digital world, remaining ahead of cyber threats is paramount, and Microsoft's commitment to delivering innovative security solutions signals a robust readiness to confront the challenges presented by AI and technology today.
