That pattern continued as defenders embraced automation and AI to manage expanding digital estates. SOCs were often early scale adopters—using machine learning to reduce noise, improve visibility, and respond faster across growing environments. Cyberattackers became more targeted and multistage, moving deliberately across identities, endpoints, cloud resources, and email, where detection was hardest. Success increasingly depended on moving fast enough to act before analysts could connect the dots. Even with this progress, security operations (SecOps) still feel asymmetrical: threat actors only need to be right once, while defenders are judged by every miss. If defense depends on human intervention to begin, defense will always feel asymmetrical.

To change the outcome, SOCs must change how defense itself works. This is the agentic SOC: where security delivers adaptive, autonomous defense, freeing defenders for strategic, high‑impact work. In this series, we’ll break down what that shift requires, what early experimentation has taught us, and where organizations can start today. Read more about how some organizations moving toward the agentic SOC and access a foundational roadmap for this transformation in our new whitepaper, The agentic SOC: Your teammate for tomorrow, today.

What we mean by “the agentic SOC”

At its core, the agentic SOC is an operating model that shifts security from reacting to incidents to anticipating how cyberattackers move—and actively reshaping the environment to cut off their paths.

It brings together a platform that can increasingly defend itself through built-in autonomous defense, with AI agents working alongside humans to accelerate investigation, prioritization, and action—so teams spend less time on execution and more time on judgment, risk, and the decisions that matter.

How does that change day-to-day work? Imagine a credential theft attempt. Built-in defenses automatically lock the affected account and isolate the compromised device within seconds—before lateral movement can begin. At the same time, an AI agent initiates an investigation, hunting for related activity across identity, endpoint, email, and cloud signals, and correlating everything into a single view.

When an analyst opens their queue, the “noise” of overwhelming alerts is already gone. Evidence has been pre-assembled. Likely next steps are suggested. The analyst can start right away by answering higher impact questions: Is this part of a broader campaign? Should this authentication method be hardened? Are there related techniques this cyberattacker commonly uses that the environment is still exposed to?

In today’s SOC, we see that sequence often takes hours—and the proactive improvement is very limited, if it ever happens; there’s simply not enough time. In an agentic SOC, it happens in minutes, and teams can spend the time they’ve gained on deeper investigation, systemic hardening, and reducing the likelihood of repeat cyberattacks.

A layered model for the agentic SOC

This model works because an agentic SOC is built on two distinct, but interdependent layers. The first is an underlying threat protection platform that has fundamentally evolved how cyberattacks are defended against and disrupted. High confidence cyberthreats are handled automatically through deterministic, policy-bound controls built directly into the platform. Known attack patterns are blocked in real time—without deliberation or creativity—shielding the environment from machine-speed cyberthreats before scarce human attention or token intensive reasoning is required. This disruption layer is not optional; it is the prerequisite that makes an agentic SOC safe, scalable, and sustainable.

The second layer operates at the operational level, where agents take on tough analysis and correlation work to dramatically increase the leverage of security teams and shift focus from uncovering insight to acting on it. These agents reason over evidence, coordinate investigations, orchestrate response across domains, and learn continuously from outcomes. Over time, they help identify recurring attack paths, surface gaps in posture, and recommend changes that make the environment harder to exploit—not just faster to respond.

Together, they transform the SOC from a reactive workflow engine into a resilient system.

What’s real now, and why there’s reason for optimism

The optimism around our view of the agentic SOC comes from operational discipline and proven, real-world impact. Autonomous attack disruption has been operating at scale for years.

Attacks like ransomware are disrupted in an average of three minutes, and tens of thousands of attacks are contained every month by isolating compromised users and devices before lateral movement can take hold. This all done with a 99.99% confidence rating, so SOC teams can trust in its efficacy.

Building on that proven foundation, newer capabilities like predictive shielding extend autonomous defense further—anticipating how cyberattacks are likely to progress and proactively restricting high-risk paths or assets during an intrusion.

Together, these system-level protections show that platforms can safely intervene earlier in the cyberattack chain without introducing unnecessary disruption.

Agentic capabilities are also being similarly scoped. Internally, we’ve been testing task agents for triage and investigations under our expert supervision of our defenders. In live environments, these agents automate 75% of phishing and malware investigations. We’ve also tested agents on more complex analytical tasks, such as assessing exposure to specific vulnerabilities—work that once required a full day of engineering effort and can now be completed in less than an hour by an agent.

How day-to-day SOC work will change in the future

In an agentic SOC, the center of gravity will change for roles like an analyst. Fewer analysts are pulled into firefighting; more time is spent investigating how the organization is being targeted and what steps can be taken to reduce exposure. Within this new operating model, security teams will be freed to evolve the team structure and their day-to-day responsibilities.

Agentic systems increase demand for oversight, tuning, and governance. Detection and response engineering becomes more central, as teams design policies, confidence thresholds, and escalation paths. New roles emerge around supervising outcomes and refining system behavior over time.

Expertise becomes more valuable, not less. Judgment, context, and institutional knowledge are no longer consumed by repetitive tasks—they shape how the SOC operates at scale. And skilled practitioners closer to strategy, quality, and accountability.

To make this shift tangible, here’s how key roles are evolving:

• Analysts: from triaging alerts to supervising outcomes. Analysts validate agent‑led investigations, determine when deeper inquiry is needed, focus on ambiguous cases, and guide system learning over time.
• Detection engineers: from writing rules to teaching the system what matters. Engineers decide which signals are trustworthy, add the right context, and set confidence thresholds so detections can be acted on automatically—without human review every time.
• Threat hunters: from manual queries to hypothesis-driven exploration. Hunters use AI to surface anomalies and focus on creative investigation and adversary simulation.
• SOC leadership: from managing queues to orchestrating autonomy. Leaders define automation policies, oversee governance, and align AI actions with business risk.

Each shift reflects a broader truth: in the agentic SOC, people don’t do less—they do more of what matters.

The agentic SOC journey

This is a significant change in how security teams operate, and it doesn’t happen overnight. Based on our own experience, we’ve outlined a maturity model that shows how organizations can progress toward an agentic SOC over time.

Organizations begin by establishing a trusted foundation that unifies security tooling, enables the deployment of autonomous defense and begins unifying security signal in earnest. From there, they introduce agents to take on bounded, high-volume work under human supervision, learning where automation adds leverage and where judgment still matters most. Over time, as confidence, governance, and operational discipline mature, agents expand from assisting individual workflows to coordinating broader security outcomes. At every stage, progress is measured not by how much work is automated, but by how effectively human expertise is amplified.

SOC 1—Unify your platform foundation

The shift begins with a unified security platform that enables autonomous defense. Deterministic, policy-bound protections stop high confidence cyberthreats automatically—removing urgency, reducing blast radius, and eliminating the constant context switching that slows human response. By integrating signals across identity, endpoints, and cloud, defenders gain a shared view of cyberattacks instead of stitching evidence together across tools. This foundation is what makes cross-domain action possible—and separates experimental automation from production-ready operations.

SOC 2—Accelerate operations with generative AI and task agents

With urgency reduced, generative AI changes how work flows through the SOC. Instead of pushing alerts forward, AI assembles context, synthesizes signals across domains, and produces coherent investigations. Repetitive, high-volume tasks like triage, correlation, and basic investigation are absorbed by the system, allowing analysts to focus on higher impact decisions. This stage establishes new operational patterns where humans and AI work together—accelerating response while preserving judgment and accountability.

SOC 3—Deploy agentic automation

As trust grows, agents move from assistance to action. Specialized agents autonomously orchestrate specific tasks—containing compromised identities, isolating devices, or remediating reported phishing—while humans shift into supervisory roles. Over time, agents help identify patterns, anticipate attack paths, and optimize defenses across the environment. Security teams spend less time managing queues and more time shaping posture, risk, and outcomes. These shifts compound across all three stages.

What comes next for the SOC evolution?

We believe the strongest agentic SOC models will begin with autonomous defense—deterministic, policy‑bound actions that safely stop what is already known to be dangerous at machine speed. That foundation removes urgency, noise, and latency from security operations.

Additionally, agents and humans work differently. Agents assemble context, coordinate remediation, and optimize how the SOC operates. Humans provide intent, judgment, and accountability—turning time saved into smarter, more strategic security outcomes.

This is the first of a series of posts that will explore what makes the agentic SOC model real: the platform foundations required to defend autonomously, the governance and trust mechanisms that keep autonomy safe, and the adoption journey organizations take to get there. Some organizations are already rebuilding their businesses around AI, a new class of Frontier Firms. Read more about how they’re making their move toward the agentic SOC and access a foundational roadmap for this transformation in our new whitepaper, The agentic SOC: Your teammate for tomorrow, today.

Learn more

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity. 

The post The agentic SOC—Rethinking SecOps for the next decade appeared first on Microsoft Security Blog.

At the same time, this innovation is happening against a sea change in AI-powered attacks where agents can become “double agents.” And chief information officers (CIOs), chief information security officers (CISOs), and security decision makers are grappling with the resulting security implications: How do they observe, govern, and secure agents? How do they secure their foundations in this new era? How can they use agentic AI to protect their organization and detect and respond to traditional and emerging threats?

The answer starts with trust, and security has always been the root of trust. In this agentic era, security must be woven into, and around, every layer of the AI estate. It must be ambient and autonomous, just like the AI it protects. This is our vision for security as the core primitive of the AI stack.

At RSAC 2026, we are delivering on that vision with new purpose-built capabilities designed to help organizations secure agents, secure their foundations, and defend using agents and experts. Fueled by more than 100 trillion daily signals, Microsoft Security helps protect 1.6 million customers, one billion identities, and 24 billion Copilot interactions.² Read on to learn how we can help you secure agentic AI.

Secure agents

Earlier this month, we announced that Agent 365 will be generally available on May 1. Agent 365—the control plane for agents—gives IT, security, and business teams the visibility and tools they need to observe, secure, and govern agents at scale using the infrastructure you already have and trust. It includes new Microsoft Defender, Entra, and Purview capabilities to help you secure agent access, prevent data oversharing, and defend against emerging threats.

Agent 365 is included in Microsoft 365 E7: The Frontier Suite along with Microsoft 365 Copilot, Microsoft Entra Suite, and Microsoft 365 E5, which includes many of the advanced Microsoft Security capabilities below to deliver comprehensive protection for your organization.

Secure your foundations

Along with securing agents, we also need to think of securing AI comprehensively. To truly secure agentic AI, we must secure foundations—the systems that agentic AI is built and runs on and the people who are developing and using AI. At RSAC 2026, we are introducing new capabilities to help you gain visibility into risks across your enterprise, secure identities with continuous adaptive access, safeguard sensitive data across AI workflows, and defend against threats at the speed and scale of AI.

Gain visibility into risks across your enterprise

As AI adoption accelerates, so does the need for comprehensive and continuous visibility into AI risks across your environment—from agents to AI apps and services. We are addressing this challenge with new capabilities that give you insight into risks across your enterprise so you know where AI is showing up, how it is being used, and where your exposure to risk may be growing. New capabilities include:

• Security Dashboard for AI provides CISOs and security teams with unified visibility into AI-related risk across the organization. Now generally available.
• Entra Internet Access Shadow AI Detection uses the network layer to identify previously unknown AI applications and surface unmanaged AI usage that might otherwise go undetected. Generally available March 31.
• Enhanced Intune app inventory provides rich visibility into your app estate installed on devices, including AI-enabled apps, to support targeted remediation of high-risk software. Generally available in May.

Secure identities with continuous, adaptive access

Identity is the foundation of modern security, the most targeted layer in any environment, and the first line of defense. With Microsoft Entra, you can secure access and deliver comprehensive identity security using new capabilities that help you harden your identity infrastructure, improve tenant governance, modernize authentication, and make intelligent access decisions.

• Entra Backup and Recovery strengthens resilience with an automated backup of Entra directory objects to enable rapid recovery in case of accidental data deletion or unauthorized changes. Now available in preview.
• Entra Tenant Governance helps organizations discover unmanaged (shadow) Entra tenants and establish consistent tenant policies and governance in multi-tenant environments. Now available in preview.
• Entra passkey capabilities now include synced passkeys and passkey profiles to enable maximum flexibility for end-users, making it easy to move between devices, while organizations looking for maximum control still have the option of device-bound passkeys. Plus, Entra passkeys are now natively integrated into the Windows Hello experience, making phishing-resistant passkey authentication more seamless on Windows devices. Synced passkeys and passkey profiles are generally available, passkey integration into Windows Hello is in preview. 
• Entra external Multi-Factor Authentication (MFA) allows organizations to connect external MFA providers directly with Microsoft Entra so they can leverage pre-existing MFA investments or use highly specialized MFA methods. Now generally available.
• Entra adaptive risk remediation helps users securely regain access without help-desk friction through automatic self-remediation across authentication methods, adapting to where they are in their modern authentication journey. Generally available in April.
• Unified identity security provides end-to-end coverage across identity infrastructure, the identity control plane, and identity threat detection and response (ITDR)—built for rapid response and real-time decisions. The new identity security dashboard in Microsoft Defender highlights the most impactful insights across human and non-human identities to help accelerate response, and the new identity risk score unifies account-level risk signals to deliver a comprehensive view of user risk to inform real-time access decisions and SecOps investigations. Now available in preview.

Safeguard sensitive data across AI workflows

With AI embedded in everyday work, sensitive data increasingly moves through prompts, responses, and grounding flows—often faster than policies can keep up. Security teams need visibility into how AI interacts with data as well as the ability to stop data oversharing and data leakage. Microsoft brings data security directly into the AI control plane, giving organizations clear insight into risk, real-time enforcement at the point of use, and the confidence to enable AI responsibly across the enterprise. New Microsoft Purview capabilities include:

• Expanded Purview data loss prevention for Microsoft 365 Copilot helps block sensitive information such as PII, credit card numbers, and custom data types in prompts from being processed or used for web grounding. Generally available March 31.
• Purview embedded in Copilot Control System provides a unified view of AI‑related data risk directly in the Microsoft 365 Admin Center. Generally available in April.
• Purview customizable data security reports enable tailored reporting and drilldowns to prioritized data security risks. Available in preview March 31.

Defend against threats across endpoints, cloud, and AI services

Security teams need proactive 24/7 threat protection that disrupts threats early and contains them automatically. Microsoft is extending predictive shielding to proactively limit impact and reduce exposure, expanding our container security capabilities, and introducing network-layer protection against malicious AI prompts.

• Entra Internet Access prompt injection protection helps block malicious AI prompts across apps and agents by enforcing universal network-level policies. Generally available March 31.
• Enhanced Defender for Cloud container security includes binary drift and antimalware prevention to close gaps attackers exploit in containerized environments. Now available in preview.
• Defender for Cloud posture management adds broader coverage and supports Amazon Web Services and Google Cloud Platform, delivering security recommendations and compliance insights for newly discovered resources. Available in preview in April.
• Defender predictive shielding dynamically adjusts identity and access policies during active attacks, reducing exposure and limiting impact. Now available in preview.

Defend with agents and experts

To defend in the agentic age, we need agentic defense. This means having an agentic defense platform and security agents embedded directly into the flow of work, augmented by deep human expertise and comprehensive security services when you need them.

Agents built into the flow of security work

Security teams move fastest with targeted help where and when work is happening. As alerts surface and investigations unfold across identities, data, endpoints, and cloud workloads, AI-powered assistance needs to operate alongside defenders. With Security Copilot now included in Microsoft 365 E5 and E7, we are empowering defenders with agents embedded directly into daily security and IT operations that help accelerate response and reduce manual effort so they can focus on what matters most.

New agents available now include:

• Security Analyst Agent in Microsoft Defender helps accelerate threat investigations by providing contextual analysis and guided workflows. Available in preview March 26.
• Security Alert Triage Agent in Microsoft Defender has the capabilities of the phishing triage agent and then extends to cloud and identity to autonomously analyze, classify, prioritize, and resolve repetitive low-value alerts at scale. Available in preview in April.
• Conditional Access Optimization Agent in Microsoft Entra enhancements add context-aware recommendations, deeper analysis, and phased rollout to strengthen identity security. Agent generally available, enhancements now available in preview.
• Data Security Posture Agent in Microsoft Purview enhancements include a credential scanning capability that can be used to proactively detect credential exposure in your data. Now available in preview.
• Data Security Triage Agent in Microsoft Purview enhancements include an advanced AI reasoning layer and improved interpretation of custom Sensitive Information Types (SITs), to improve agent outputs during alert triage. Agent generally available, enhancements available in preview March 31.
• Over 15 new partner-built agents extend Security Copilot with additional capabilities, all available in the Security Store.

Scale with an agentic defense platform

To help defenders and agents work together in a more coordinated, intelligence-driven way, Microsoft is expanding Sentinel, the agentic defense platform, to unify context, automate end-to-end workflows, and standardize access, governance, and deployment across security solutions.

• Sentinel data federation powered by Microsoft Fabric investigates external security data in place in Databricks, Microsoft Fabric, and Azure Data Lake Storage while preserving governance. Now available in preview.
• Sentinel playbook generator with natural language orchestration helps accelerate investigations and automate complex workflows. Now available in preview.
• Sentinel granular delegated administrator privileges and unified role-based access control enable secure and scaling management for partners and enterprise customers with cross-tenant collaboration. Now available in preview.
• Security Store embedded in Purview and Entra makes it easier to discover and deploy agents directly within existing security experiences. Generally available March 31.
• Sentinel custom graphs powered by Microsoft Fabric enable views unique to your organization of relationships across your environment. Now available in preview.
• Sentinel model context protocol (MCP) entity analyzer helps automate faster with natural language and harnesses the flexibility of code to accelerate responses. Generally available in April.

Strengthen with experts

Even the most mature security organizations face moments that call for deeper partnership—a sophisticated attack, a complex investigation, a situation where seasoned expertise alongside your team makes all the difference. The Microsoft Defender Experts Suite brings together expert-led services—technical advisory, managed extended detection and response (MXDR), and end-to-end proactive and reactive incident response—to help you defend against advanced cyber threats, build long-term resilience, and modernize security operations with confidence.

Apply Zero Trust for AI

Zero Trust has always been built on three principles: verify explicitly, use least privilege, and assume breach. As AI becomes embedded across your entire environment—from the models you build on, to the data they consume, to the agents that act on your behalf—applying those principles has never been more critical. At RSAC 2026, we’re extending our Zero Trust architecture, the full AI lifecycle—from data ingestion and model training to deployment agent behavior. And we’re making it actionable with an updated Zero Trust for AI reference architecture, workshop, assessment tool, and new patterns and practices articles to help you improve your security posture.

See you at RSAC

If you’re joining the global security community in San Francisco for RSAC 2026 Conference, we invite you to connect with us. Join us at our Microsoft Pre-Day event and stop by our booth at the RSAC Conference North Expo (N-5744) to explore our latest innovations across Microsoft Agent 365, Microsoft Defender, Microsoft Entra, Microsoft Purview, Microsoft Sentinel, and Microsoft Security Copilot and see firsthand how we can help your organization secure agents, secure your foundation, and help you defend with agents and experts. The future of security is ambient, autonomous, and built for the era of AI. Let’s build it together.

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity.

¹Based on Microsoft first-party telemetry measuring agents built with Microsoft Copilot Studio or Microsoft Agent Builder that were in use during the last 28 days of November 2025.

²Microsoft Fiscal Year 2026 First Quarter Earnings Conference Call and Microsoft Fiscal Year 2026 Second Quarter Earnings Conference Call

The post Secure agentic AI end-to-end appeared first on Microsoft Security Blog.

In our new e-book, 3 reasons point solutions are holding you back, we share how a unified, AI-ready platform can transform your security operations to help keep your organization safe. Read on to learn more about the key concepts in our new e-book.

What you’ll learn:

1. The hidden costs of fragmented tools: How disconnected solutions inflate operational costs, slow investigations, and prevent AI from delivering its full potential.
2. The power of unification: Why a unified platform delivers full-spectrum visibility, predictive defense, and agentic assistance—helping teams respond faster and more effectively.
3. Real-world results: See how organizations are reducing breach exposure, cutting incident response effort, and lowering costs through consolidation.

Rethinking security for the AI era

AI is transforming cybersecurity for both defenders and threat actors. But disconnected tools prevent defenders from seeing the full picture and block AI from delivering its full value. Without unified data and context, AI models can’t detect subtle patterns or anticipate evolving cyberthreats. Imagine a security approach that doesn’t just react but predicts—one that turns fragmented signals into actionable insight. An AI-ready platform unifies security data into a scalable, intelligent data lake enriched with threat intelligence and mapped into a living security graph. In our e-book, we explore how this shift transforms security from a patchwork of disparate tools to a strategic advantage for organizations—delivering clarity, speed, and resilience in ways point solutions simply can’t match.

The e-book shares more about how AI-ready unity includes the ability to:

• Predict attack paths and prevent breaches with exposure management.
• Rapidly remediate with AI-powered protection and improved mean time to resolution (MTTR).
• Detect emerging cyberthreats using cyberattacker-level intelligence.
• Continuously optimize security operations center (SOC) operations with centralized data and advanced analytics.

Measurable benefits of a unified security platform

By moving away from fragmented portfolios, organizations see dramatic improvements in efficiency and resilience. Instead of drowning in alert triage, security teams can redirect their focus to proactive remediation and prevention. And AI-powered detection shortens containment from hours to minutes—often halting ransomware before encryption begins.

Stay ahead of accelerating cyberthreats

Microsoft Defender, powered by Microsoft Sentinel, unifies prevention, detection, and response across ransomware, phishing, malware, and other advanced cyberthreats. Together with Microsoft Security Copilot, the stack brings AI-powered guidance and autonomous protection to investigations and response.

The e-book shares more about the key benefits, including:

• Unified foundation: Security information and event management (SIEM), data lake, and graph in one platform.
• Proactive resilience: Continuous exposure management and prioritized prevention.
• AI-accelerated defense: Generative guidance and autonomous response.
• Operational efficiency: Simplified onboarding, connectors, and workflows.
• Strategic value: Lower costs through consolidation and higher return on investment.

Ready to move beyond point solutions?

Download the 3 reasons point solutions are holding you back e-book and discover how a unified, AI-ready platform can help your team stay ahead of cyberthreats and prepare for the future.

Envision a future where defenders and AI agents work together. Hear Charlie Bell, Executive Vice President of Microsoft Security, and Vasu Jakkal, Corporate Vice President of Microsoft Security Business, share how leading organizations are securing AI innovation at scale—plus get demos and actionable steps. Watch now!

Learn more

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity. 

The post New Microsoft e-book: 3 reasons point solutions are holding you back appeared first on Microsoft Security Blog.

Exploitation activity related to this vulnerability was detected as early as December 5, 2025. Most successful exploits originated from red team assessments; however, we also observed real-world exploitation attempts by threat actors delivering multiple subsequent payloads, majority of which are coin miners. Both Windows and Linux environments have been observed to be impacted.

The React Server Components ecosystem is a collection of packages, frameworks, and bundlers that enable React 19 applications to run parts of their logic on the server rather than the browser. It uses the Flight protocol to communicate between client and server. When a client requests data, the server receives a payload, parses this payload, executes server-side logic, and returns a serialized component tree. The vulnerability exists because affected React Server Components versions fail to validate incoming payloads. This could allow attackers to inject malicious structures that React accepts as valid, leading to prototype pollution and remote code execution.

This vulnerability presents a significant risk because of the following factors:

• Default configurations are vulnerable, requiring no special setup or developer error.
• Public proof-of-concept exploits are readily available with near-100% reliability.
• Exploitation can happen without any user authentication since this is a pre-authentication vulnerability.
• The vulnerability could be exploited using a single malicious HTTP request.

In this report, Microsoft Defender researchers share insights from observed attacker activity exploiting this vulnerability. Detailed analyses, detection insights, as well as mitigation recommendations and hunting guidance are covered in the next sections. Further investigation towards providing stronger protection measures is in progress, and this report will be updated when more information becomes available.

Analyzing CVE-2025-55182 exploitation activity

React is widely adopted in enterprise environments. In Microsoft Defender telemetry, we see tens of thousands of distinct devices across several thousand organizations running some React or React-based applications. Some of the vulnerable applications are deployed inside containers, and the impact on the underlying host is dependent on the security configurations of the container.

We identified several hundred machines across a diverse set of organizations compromised using common tactics, techniques, and procedures (TTPs) observed with web application RCE. To exploit CVE-2025-55182, an attacker sends a crafted input to a web application running React Server Components functions in the form of a POST request. This input is then processed as a serialized object and passed to the backend server, where it is deserialized. Due to the default trust among the components, the attacker-provided input is then deserialized and the backend runs attacker-provided code under the NodeJS runtime.

Post-exploitation, attackers were observed to run arbitrary commands, such as reverse shells to known Cobalt Strike servers. To achieve persistence, attackers added new malicious users, utilized remote monitoring and management (RMM) tools such as MeshAgent, modified authorized_keys file, and enabled root login. To evade security defenses, the attackers downloaded from attacker-controlled CloudFlare Tunnel endpoints (for example, *.trycloudflare.com) and used bind mounts to hide malicious processes and artifacts from system monitoring tools.

The malware payloads seen in campaigns investigated by Microsoft Defender vary from remote access trojans (RATs) like VShell and EtherRAT, the SNOWLIGHT memory-based malware downloader that enabled attackers to deploy more payloads to target environments, ShadowPAD, and XMRig cryptominers. The attacks proceeded by enumerating system details and environment variables to enable lateral movement and credential theft.

Credentials that were observed to be targeted included Azure Instance Metadata Service (IMDS) endpoints for Azure, Amazon Web Services (AWS), Google Cloud Platform (GCP), and Tencent Cloud to acquire identity tokens, which could be used to move laterally to other cloud resources. Attackers also deployed secret discovery tools such as TruffleHog and Gitleaks, along with custom scripts to extract several different secrets. Attempts to harvest AI and cloud-native credentials, such as OpenAI API keys, Databricks tokens, and Kubernetes service‑account credentials were also observed. Azure Command-Line Interface (CLI) (az) and Azure Developer CLI (azd) were also used to obtain tokens.

Mitigation and protection guidance

Microsoft recommends customers to act on these mitigation recommendations:

Manual identification guidance

Until full in-product coverage is available, you can manually assess exposure on servers or containers:

1. Navigate to your project directory and open the node_modules folder.
2. Review installed packages and look for:
   • react-server-dom-webpack
   • react-server-dom-parcel
   • react-server-dom-turbopack
   • next
3. Validate versions against the known affected range:
   • React: 19.0.0,19.1.0, 19.1.1, 19.2.0
   • Next.js: 15.0.0 – 15.0.4, 15.1.0 – 15.1.8, 15.2.0 – 15.2.5, 15.3.0 – 15.3.5, 15.4.0 – 15.4.7, 15.5.0 – 15.5.6, 16.0.0 – 16.0.6, 14.3.0-canary.77 and later canary releases
4. If any of these packages match the affected versions, remediation is required. Prioritize internet-facing assets first, especially those identified by Defender as externally exposed.

Mitigation best practices

1. Patch immediately
   • React and Next.js have released fixes for the impacted packages. Upgrade to one of the following patched versions (or later within the same release line):
     • React: 19.0.1, 19.1.2, 19.2.1
     • Next.js: 5.0.5, 15.1.9, 15.2.6, 15.3.6, 15.4.8, 15.5.7, 16.0.7
   • Because many frameworks and bundlers rely on these packages, make sure your framework-level updates also pull in the corrected dependencies.
2. Prioritize exposed services
   • Patch all affected systems, starting with internet-facing workloads.
   • Use Microsoft Defender Vulnerability Management (MDVM) to surface vulnerable package inventory and to track remediation progress across your estate.
3. Monitor for exploit activity
   • Review MDVM dashboards and Defender alerts for indicators of attempted exploitation.
   • Correlate endpoint, container, and cloud signals for higher confidence triage.
   • Invoke incident response process to address any related suspicious activity stemming from this vulnerability.
4. Add WAF protections where appropriate
   • Apply Azure Web Application Firewall (WAF) custom rules for Application Gateway and Application Gateway for Containers to help block exploit patterns while patching is in progress. Microsoft has published rule guidance and JSON examples in the Azure Network Security Blog, with ongoing updates as new attack permutations are identified.

Recommended customer action checklist

• Identify affected React Server Components packages in your applications and images.
• Upgrade to patched versions. Refer to the React page for patching guidance.
• Prioritize internet-facing services for emergency change windows.
• Enable and monitor Defender alerts tied to React Server Components exploitation attempts.
• Apply Azure WAF custom rules as a compensating control where feasible.
• Use MDVM to validate coverage and confirm risk reduction post-update.

CVE-2025-55182 represents a high-impact, low-friction attack path against modern React Server Components deployments. Rapid patching combined with layered Defender monitoring and WAF protections provides the strongest short-term and long-term risk reduction strategy.

Microsoft Defender XDR detections 

Microsoft Defender XDR customers can refer to the list of applicable detections below. Microsoft Defender XDR coordinates detection, prevention, investigation, and response across endpoints, identities, email, apps to provide integrated protection against attacks like the threat discussed in this blog.

Customers with provisioned access can also use Microsoft Security Copilot in Microsoft Defender to investigate and respond to incidents, hunt for threats, and protect their organization with relevant threat intelligence.

In many cases subsequent activity post exploitation was detected and following alerts were triggered on the victim devices. Note that the following alerts below can also be triggered by unrelated threat activity.

Automatic attack disruption through Microsoft Defender for Endpoint alerts

To better support customers in the event of exploitation, we are expanding our detection framework to identify and alert on CVE-2025-55182 activity across all operating systems for Microsoft Defender for Endpoint customers. These detections are integrated with automatic attack disruption.

When these alerts, combined with other signals, provide high confidence of active attacker behavior, automatic attack disruption can initiate autonomous containment actions to help stop the attack and prevent further progression.

Microsoft Defender Vulnerability Management and Microsoft Defender for Cloud

Microsoft Defender for Cloud rolled out support to surface CVE-2025-55182 with agentless scanning across containers and cloud virtual machines (VMs). Follow the documentation on how to enable agentless scanning:

• Protect your servers with Defender for Servers
• Defender for Containers Deployment Overview

Microsoft Defender Vulnerability Management (MDVM) can surface impacted Windows, Linux, and macOS devices. In addition, MDVM and Microsoft Defender for Cloud dashboards can surface:

• Identification of exposed assets in the organization
• Clear remediation guidance tied to your affected assets and workloads

Microsoft Security Copilot

Security Copilot customers can use the standalone experience to create their own prompts or run the following prebuilt promptbooks to automate incident response or investigation tasks related to this threat:

• Incident investigation
• Microsoft User analysis
• Threat actor profile
• Threat Intelligence 360 report based on MDTI article
• Vulnerability impact assessment

Note that some promptbooks require access to plugins for Microsoft products such as Microsoft Defender XDR or Microsoft Sentinel.

Threat intelligence reports

Microsoft Defender XDR customers can use the following threat analytics reports in the Defender portal (requires license for at least one Defender XDR product) to get the most up-to-date information about the threat actor, malicious activity, and techniques discussed in this blog. These reports provide intelligence, protection information, and recommended actions to prevent, mitigate, or respond to associated threats found in customer environments.

Microsoft Defender XDR threat analytics

• Vulnerability Profile: CVE-2025-55182 – React Server Components

Microsoft Security Copilot customers can also use the Microsoft Security Copilot integration in Microsoft Defender Threat Intelligence, either in the Security Copilot standalone portal or in the embedded experience in the Microsoft Defender portal to get more information about this threat actor.

Hunting queries and recommendations

Microsoft Defender XDR

Microsoft Defender XDR customers can run the following query to find related activity in their networks:

Detect potential React2Shell command injection attempt

CloudAuditEvents
| where (ProcessCommandLine == "/bin/sh -c (whoami)" and (ParentProcessName == "node" or ParentProcessName has "next-server"))
        or (ProcessCommandLine has_any ("echo","powershell") and ProcessCommandLine matches regex @'(echo\s+\$\(\(\d+\*\d+\)\)|powershell\s+-c\s+"\d+\*\d+")')
| project Timestamp, KubernetesPodName, KubernetesNamespace, ContainerName, ContainerId, ContainerImageName, FileName, ProcessName, ProcessCommandLine, ProcessCurrentWorkingDirectory, ParentProcessName, ProcessId, ParentProcessId, AccountName

Identify encoded PowerShell attempts

let lookback = 10d;
DeviceProcessEvents
| where Timestamp >= ago(lookback)
| where InitiatingProcessParentFileName has "node"
| where InitiatingProcessCommandLine  has_any ("next start", "next-server") or ProcessCommandLine  has_any ("next start", "next-server")
| summarize  make_set(InitiatingProcessCommandLine), make_set(ProcessCommandLine) by DeviceId, Timestamp
//looking for powershell activity
| where set_ProcessCommandLine  has_any ("cmd.exe","powershell")
| extend decoded_powershell_1 = replace_string(tostring(base64_decode_tostring(tostring(split(tostring(split(set_ProcessCommandLine.[0],"EncodedCommand ",1).[0]),'"',0).[0]))),"\0","")
| extend decoded_powershell_1b = replace_string(tostring(base64_decode_tostring(tostring(split(tostring(split(set_ProcessCommandLine.[0],"Enc ",1).[0]),'"',0).[0]))),"\0","")
| extend decoded_powershell_2 = replace_string(tostring(base64_decode_tostring(tostring(split(tostring(split(set_ProcessCommandLine.[0],"enc ",1).[0]),'"',0).[0]))),"\0","")
| extend decoded_powershell_3 = replace_string(tostring(base64_decode_tostring(tostring(split(tostring(split(set_ProcessCommandLine.[0],"ec ",1).[0]),'"',0).[0]))),"\0","")
| where set_ProcessCommandLine !has "'powershell -c " 
| extend decoded_powershell = iff( isnotempty( decoded_powershell_1),decoded_powershell_1, 
                                                    iff(isnotempty( decoded_powershell_2), decoded_powershell_2,
                                                        iff(isnotempty( decoded_powershell_3), decoded_powershell_3,decoded_powershell_1b)))
| project-away decoded_powershell_1, decoded_powershell_1b, decoded_powershell_2,decoded_powershell_3
| where isnotempty( decoded_powershell)

Identify execution of suspicious commands initiated by the next-server parent process post-exploitation

let lookback = 10d;
DeviceProcessEvents
| where Timestamp >= ago(lookback)
| where InitiatingProcessFileName =~ "node.exe" and InitiatingProcessCommandLine has ".js"
| where FileName =~ "cmd.exe"
| where (ProcessCommandLine has_any (@"\next\", @"\npm\npm\node_modules\", "\\server.js")
    and (ProcessCommandLine has_any ("powershell -c \"", "curl", "wget", "echo $", "ipconfig", "start msiexec", "whoami", "systeminfo", "$env:USERPROFILE", "net user", "net group", "localgroup administrators",  "-ssh", "set-MpPreference", "add-MpPreference", "rundll32", "certutil", "regsvr32", "bitsadmin", "mshta", "msbuild")   
         or (ProcessCommandLine has "powershell" and
             (ProcessCommandLine has_any ("Invoke-Expression", "DownloadString", "DownloadFile", "FromBase64String", "Start-Process", "System.IO.Compression", "System.IO.MemoryStream", "iex ", "iex(", "Invoke-WebRequest", "iwr ", ".UploadFile", "System.Net.WebClient")
                or ProcessCommandLine matches regex @"[-/–][Ee^]{1,2}[NnCcOoDdEeMmAa^]*\s[A-Za-z0-9+/=]{15,}"))))
   or ProcessCommandLine matches regex @'cmd\.exe\s+/d\s+/s\s+/c\s+"powershell\s+-c\s+"[0-9]+\*[0-9]+""'

Identify execution of suspicious commands initiated by the next-server parent process post-exploitation

let lookback = 10d;
DeviceProcessEvents
| where Timestamp >= ago(lookback)
| where InitiatingProcessFileName == "node"
| where InitiatingProcessCommandLine has_any (" server.js", " start", "/server.js")
| where ProcessCommandLine  has_any ("| sh", "openssl,", "/dev/tcp/", "| bash", "|sh", "|bash", "bash,", "{sh,}", "SOCK_STREAM", "bash -i", "whoami", "| base64 -d", "chmod +x /tmp", "chmod 777")
| where ProcessCommandLine !contains "vscode" and ProcessCommandLine !contains "/.claude/"  and ProcessCommandLine !contains "/claude"

Microsoft Defender XDR’s blast radius analysis capability, incorporated into the incident investigation view, allows security teams to visualize and understand the business impact of a security compromise by showing potential propagation paths towards the organization’s critical assets before it escalates into a full blown incident. This capability merges pre-breach estate understanding with post-breach views allowing security teams to map their interconnected assets and highlights potential paths teams can prioritize for remediation efforts based on the criticality of assets and their interconnectivity to the compromised entities.

Microsoft Defender for Cloud

Microsoft Defender for Cloud customers can use security explorer templates to locate exposed containers running vulnerable container images and vulnerable virtual machines. Template titled Internet exposed containers running container images vulnerable to React2Shell vulnerability CVE-2025-55182 and Internet exposed virtual machines vulnerable to React2Shell vulnerability CVE-2025-55182 are added to the gallery.

Microsoft Security Exposure Management

Microsoft Security Exposure Management’s automated attack path analysis maps out potential threats by identifying exposed resources and tracing the routes an attacker might take to compromise critical assets. This analysis highlights vulnerable cloud compute resources, such as virtual machines and Kubernetes containers, that are susceptible to remote code execution vulnerabilities, including React2Shell CVEs. It also outlines possible lateral movement steps an adversary might take within the environment. The attack paths are presented for all supported cloud environments, including Azure, AWS, and GCP.

To view these paths, filter the view in Microsoft Security Exposure Management, filter by entry point type:

• Kubernetes container
• Virtual Machine
• AWS EC2 instance
• GCP compute instance.

Alternatively, in Microsoft Defender for Cloud, customers can filter by titles such as:

• Internet exposed container with high severity vulnerabilities
• Internet exposed Azure VM with RCE vulnerabilities
• Internet exposed GCP compute instance with RCE vulnerabilities
• Internet exposed AWS EC2 instance with RCE vulnerabilities

Microsoft Sentinel

Microsoft Sentinel customers can use the TI Mapping analytics (a series of analytics all prefixed with ‘TI map’) to automatically match the malicious domain indicators mentioned in this blog post with data in their workspace. If the TI Map analytics are not currently deployed, customers can install the Threat Intelligence solution from the Microsoft Sentinel Content Hub to have the analytics rule deployed in their Sentinel workspace. 

Detect network IP and domain indicators of compromise using ASIM

//IP list and domain list- _Im_NetworkSession
let lookback = 30d;
let ioc_ip_addr = dynamic(["194.69.203.32", "162.215.170.26", "216.158.232.43", "196.251.100.191", "46.36.37.85", "92.246.87.48"]);
let ioc_domains = dynamic(["anywherehost.site", "xpertclient.net", "superminecraft.net.br", "overcome-pmc-conferencing-books.trycloudflare.com", "donaldjtrmp.anondns.net", "labubu.anondns.net", "krebsec.anondns.net", "hybird-accesskey-staging-saas.s3.dualstack.ap-northeast-1.amazonaws.com", "ghostbin.axel.org", "194.69.203.32:81", "194.69.203.32:81", "194.69.203.32:81", "162.215.170.26:3000", "216.158.232.43:12000", "overcome-pmc-conferencing-books.trycloudflare.com", "donaldjtrmp.anondns.net:1488", "labubu.anondns.net:1488", "krebsec.anondns.net:2316/dong", "hybird-accesskey-staging-saas.s3.dualstack.ap-northeast-1.amazonaws.com", "ghostbin.axel.org"]);n_Im_NetworkSession(starttime=todatetime(ago(lookback)), endtime=now())n| where DstIpAddr in (ioc_ip_addr) or DstDomain has_any (ioc_domains)
| summarize imNWS_mintime=min(TimeGenerated), imNWS_maxtime=max(TimeGenerated),
  EventCount=count() by SrcIpAddr, DstIpAddr, DstDomain, Dvc, EventProduct, EventVendor

Detect Web Sessions IP and file hash indicators of compromise using ASIM

//IP list - _Im_WebSession
let lookback = 30d;
let ioc_ip_addr = dynamic(["194.69.203.32", "162.215.170.26", "216.158.232.43", "196.251.100.191", "46.36.37.85", "92.246.87.48"]);
let ioc_sha_hashes =dynamic(["c2867570f3bbb71102373a94c7153239599478af84b9c81f2a0368de36f14a7c", "9e9514533a347d7c6bc830369c7528e07af5c93e0bf7c1cd86df717c849a1331", "b63860cefa128a4aa5d476f300ac45fd5d3c56b2746f7e72a0d27909046e5e0f", "d60461b721c0ef7cfe5899f76672e4970d629bb51bb904a053987e0a0c48ee0f", "d3c897e571426804c65daae3ed939eab4126c3aa3fa8531de5e8f0b66629fe8a", "d71779df5e4126c389e7702f975049bd17cb597ebcf03c6b110b59630d8f3b4d", "b5acbcaccc0cfa54500f2bbb0745d4b5c50d903636f120fc870082335954bec8", "4cbdd019cfa474f20f4274310a1477e03e34af7c62d15096fe0df0d3d5668a4d", "f347eb0a59df167acddb245f022a518a6d15e37614af0bbc2adf317e10c4068b", "661d3721adaa35a30728739defddbc72b841c3d06aca0abd4d5e0aad73947fb1", "876923709213333099b8c728dde9f5d86acfd0f3702a963bae6a9dde35ba8e13", "2ebed29e70f57da0c4f36a9401a7bbd36e6ddd257e0920aa4083240afa3a6457", "f1ee866f6f03ff815009ff8fd7b70b902bc59b037ac54b6cae9b8e07beb854f7", "7e90c174829bd4e01e86779d596710ad161dbc0e02a219d6227f244bf271d2e5"]);b_Im_WebSession(starttime=todatetime(ago(lookback)), endtime=now())b| where DstIpAddr in (ioc_ip_addr) or FileSHA256 in (ioc_sha_hashes)
| summarize imWS_mintime=min(TimeGenerated), imWS_maxtime=max(TimeGenerated),
  EventCount=count() by SrcIpAddr, DstIpAddr, Url, Dvc, EventProduct, EventVendor

Detect domain and URL indicators of compromise using ASIM

// Domain list - _Im_WebSession
let ioc_domains = dynamic(["anywherehost.site", "xpertclient.net", "superminecraft.net.br", "overcome-pmc-conferencing-books.trycloudflare.com", "donaldjtrmp.anondns.net", "labubu.anondns.net", "krebsec.anondns.net", "hybird-accesskey-staging-saas.s3.dualstack.ap-northeast-1.amazonaws.com", "ghostbin.axel.org", "194.69.203.32:81", "194.69.203.32:81", "194.69.203.32:81", "162.215.170.26:3000", "216.158.232.43:12000", "overcome-pmc-conferencing-books.trycloudflare.com", "donaldjtrmp.anondns.net:1488", "labubu.anondns.net:1488", "krebsec.anondns.net:2316/dong", "hybird-accesskey-staging-saas.s3.dualstack.ap-northeast-1.amazonaws.com", "ghostbin.axel.org"]);
_Im_WebSession (url_has_any = ioc_domains)

Detect files hashes indicators of compromise using ASIM

// file hash list - imFileEvent
let ioc_sha_hashes = dynamic(["c2867570f3bbb71102373a94c7153239599478af84b9c81f2a0368de36f14a7c", "9e9514533a347d7c6bc830369c7528e07af5c93e0bf7c1cd86df717c849a1331", "b63860cefa128a4aa5d476f300ac45fd5d3c56b2746f7e72a0d27909046e5e0f", "d60461b721c0ef7cfe5899f76672e4970d629bb51bb904a053987e0a0c48ee0f", "d3c897e571426804c65daae3ed939eab4126c3aa3fa8531de5e8f0b66629fe8a", "d71779df5e4126c389e7702f975049bd17cb597ebcf03c6b110b59630d8f3b4d", "b5acbcaccc0cfa54500f2bbb0745d4b5c50d903636f120fc870082335954bec8", "4cbdd019cfa474f20f4274310a1477e03e34af7c62d15096fe0df0d3d5668a4d", "f347eb0a59df167acddb245f022a518a6d15e37614af0bbc2adf317e10c4068b", "661d3721adaa35a30728739defddbc72b841c3d06aca0abd4d5e0aad73947fb1", "876923709213333099b8c728dde9f5d86acfd0f3702a963bae6a9dde35ba8e13", "2ebed29e70f57da0c4f36a9401a7bbd36e6ddd257e0920aa4083240afa3a6457", "f1ee866f6f03ff815009ff8fd7b70b902bc59b037ac54b6cae9b8e07beb854f7", "7e90c174829bd4e01e86779d596710ad161dbc0e02a219d6227f244bf271d2e5"]);dimFileEventd| where SrcFileSHA256 in (ioc_sha_hashes) or
TargetFileSHA256 in (ioc_sha_hashes)
| extend AccountName = tostring(split(User, @'')[1]), 
  AccountNTDomain = tostring(split(User, @'')[0])
| extend AlgorithmType = "SHA256"

Find use of reverse shells

This query looks for potential reverse shell activity initiated by cmd.exe or PowerShell. It matches the use of reverse shells in this attack: reverse-shell-nishang.

Indicators of compromise

The list below is non-exhaustive and does not represent all indicators of compromise observed in the known campaigns:

References

• Critical Security Vulnerability in React Server Components – React
• NVD – CVE-2025-55182
• CVE-2025-55182 (React2Shell) Opportunistic Exploitation In The Wild: What The GreyNoise Observation Grid Is Seeing So Far

Learn more  

For the latest security research from the Microsoft Threat Intelligence community, check out the Microsoft Threat Intelligence Blog.

To get notified about new publications and to join discussions on social media, follow us on LinkedIn, X (formerly Twitter), and Bluesky.

To hear stories and insights from the Microsoft Threat Intelligence community about the ever-evolving threat landscape, listen to the Microsoft Threat Intelligence podcast.

The guidance provided in this blog post represents general best practices and is intended for informational purposes only. Customers remain responsible for evaluating and implementing security measures appropriate for their environments.

The post Defending against the CVE-2025-55182 (React2Shell) vulnerability in React Server Components appeared first on Microsoft Security Blog.

As agents become ubiquitous, security leaders are asking urgent questions: How do we onboard, manage, and govern these agents? How do we protect the data they access and create? How do we protect them from cyberthreats? How do we monitor them to ensure their trustworthiness, and ensure they are not double agents? And how can we use agents to protect, defend, and respond at the speed of AI?

The answer starts with trust and security has always been, and will always be, the root of trust. In the agentic era, security must be ambient and autonomous, like the AI it protects. It must be woven into and around everything we build—from silicon to operating systems, to agents, apps, data, platforms, and clouds—and throughout everything we do. This is our vision for security, where security becomes the core primitive.

At Microsoft Ignite 2025, we’re delivering on that vision with solutions that help customers observe, secure, and govern AI agents and apps, protect the platforms and clouds they are built on, and put agentic AI to work for security and IT teams. We are announcing new innovations across Microsoft Defender, Microsoft Entra, Microsoft Intune, Microsoft Purview, and Microsoft Sentinel—solutions used by more than 1.5 million customers today—to help customers secure every layer of the AI stack with industry-leading offerings.^1,2

Securing AI agents and apps

Let’s start with the first layer of that stack: the AI agents and apps that are helping us across our work, and how we are securing them end to end.

Microsoft Agent 365

Today we announced Microsoft Agent 365, the control plane for AI agents. Agent 365 brings observability at every level of the AI stack. Whether you create agents with Microsoft tools, open-source frameworks, or third-party platforms, Agent 365 helps you observe, manage, secure, and govern them. Security teams can now address agent sprawl, detect shadow agents, and protect agents comprehensively.

Agent 365 capabilities include:

• Registry: With Microsoft Entra registry, IT leaders get the complete inventory of all agents that are being used in their organization, including agents with Microsoft Entra Agent ID, agents that they decide to register themselves, and—coming soon—shadow agents. The registry also allows IT admins to quarantine unsanctioned agents to help ensure that they cannot be discovered by users or connect to other agents and organizational resources.

• Access control: With Agent Policy Templates, customers can enforce standard security policies from day one. As agents integrate into organizational workflows, Microsoft Entra enforces adaptive access policies that respond to real-time context and risk, and blocks agents that may have been compromised from accessing organization resources.

• Visualization: A unified dashboard and advanced analytics provide a complete map of connections among agents and users, other agents, and resources in your organization. Role-based reporting with tailored metrics and analytics helps IT, security, and business leaders see what matters most, right in their flow of work.

• Interop: Agents don’t just automate tasks for users, they amplify the work. With Work IQ, agents help accelerate time to value by accessing your organization’s unique data and context. Integrated with Microsoft 365 apps such as Outlook, Word, and Excel, agents take actions, build content, and collaborate seamlessly alongside users. Agent 365 works across Microsoft platforms, open-source frameworks and partner ecosystems.

• Security: Security is non-negotiable which is why Agent 365 uses Microsoft Defender, Microsoft Entra, and Microsoft Purview to deliver comprehensive protection from external and internal threats. Security leaders can proactively assess posture and risk, detect vulnerabilities and misconfigurations, protect against AI cyberattacks such as prompt injections, prevent agents from processing or leaking sensitive data, identify risky behaviors, and give organizations the ability to audit agent interactions, assess compliance readiness, policy violations, and recommend controls for evolving regulatory requirements.

Microsoft Foundry Control Plane

We announced Foundry Control Plane, a new experience in Microsoft Foundry, which makes it easier for developers to build, manage, and secure agent fleets at scale. Microsoft Defender, Microsoft Entra, and Microsoft Purview capabilities are natively integrated into Foundry Control Plane, so developers and security teams can share unified security controls, policies, and real-time risk insights, ensuring that agents and apps are protected from code development to runtime. Developers can also use Foundry Control Plane to publish agents directly to Agent 365 for IT enablement and activation, ensuring the same shared security foundations.

Microsoft Security Dashboard for AI

As AI adoption accelerates, the need for unified visibility into the security posture, risks, and regulatory compliance of their AI agents, apps, and platforms becomes more important than ever for security teams. The Security Dashboard for AI, announced today, centralizes discovery, protection, and governance by aggregating signals from Microsoft Defender, Microsoft Entra, and Microsoft Purview. This helps chief information security officers (CISOs) and AI risk leaders to manage security posture and mitigate risks across their entire AI estate. For example, you can see your full AI inventory and get visibility into a quarantined agent, flagged for high data risk due to oversharing sensitive information in Microsoft Purview. The dashboard then correlates that signal with identity insights from Microsoft Entra and threat protection alerts from Microsoft Defender to provide a complete picture of exposure.

Microsoft Purview expansion for Microsoft 365 Copilot

Microsoft Purview expanded data security and compliance controls for Microsoft 365 Copilot to include comprehensive data oversharing reports within the Microsoft 365 admin center, automated bulk remediation of overshared links, and data loss prevention for Microsoft 365 Copilot and chat prompts. Organizations can also benefit from automated deletion schedules for Microsoft Teams transcripts containing sensitive data, and enhanced controls to exclude processing of sensitive files in government cloud environments. These capabilities empower security and compliance teams to rapidly detect, protect, and remediate data risks in real time, and at scale.

All of these new solutions add to existing tools that help you secure and govern your AI estate.

Securing platforms and clouds

Now let’s look at the second layer of the stack: the platforms and clouds your agents and AI apps run on, and the innovations we announced to protect them.

Microsoft Defender and GitHub Advanced Security

Developers are under pressure to deliver rapid innovation while security teams are inundated with alerts and growing risk. New integration between Microsoft Defender and GitHub Advanced Security helps developers and security teams work together to secure code and infrastructure, using familiar tools. Security can recommend that developers address vulnerable code and developers can remediate with Copilot Autofix. Security can then validate fixes in Microsoft Defender, closing the loop and accelerating the “shift left” approach to security.

Microsoft Baseline Security Mode

As cyberattackers increasingly use AI to exploit legacy configurations, Baseline Security Mode, now generally available, uses Microsoft-recommended settings to help mitigate legacy risks and improve cloud security posture. A guided admin experience helps to identify potential gaps, simulate changes with “What If” analysis, and deploy broad protections designed to minimize disruption to business-critical workflows. It helps support compliance and audit readiness, provides greater visibility through built-in dashboards and telemetry, and promotes predictability with major updates approximately every six to 12 months.

Microsoft Intune and Windows Security

Windows, built to harness AI and the cloud, helps employees be more productive while you remain secure and in control. Support for post-quantum cryptography helps future-proof your organization against emerging cyberthreats while hardware-accelerated BitLocker protects data without performance trade-offs. And with the Windows Resilience Initiative, we’re making recovery faster and more reliable so when issues occur, you can return to business quickly.

Managing Windows at scale just got easier—and more secure—with new capabilities in Microsoft Intune. These enhancements give IT and security leaders the confidence to embrace AI while minimizing risk. Phased deployments simplify AI rollouts by reducing risk and validating security before scaling, ensuring smooth adoption without disruption. Recovery is faster and more reliable, transforming manual, device-by-device fixes into remote management of the Windows Recovery Environment at scale, with hardware-bound certificates guaranteeing every action is authenticated and authorized. Maintenance windows provide precise control over update timing for operating systems, drivers, and firmware, helping organizations maintain patch compliance while minimizing disruption and keeping productivity high.

Securing with agentic AI

To defend in the agentic age, we need agentic defense. This starts with having an agentic platform and security agents built into the flow of work. Microsoft Sentinel has evolved from its traditional role as a cloud security information and event management (SIEM) to an agentic security platform, powering Microsoft Security Copilot agents and new predictive protection in Microsoft Defender.

Agents built into your everyday flow of work with Security Copilot

With more than four million open roles in cybersecurity, it’s clear: human-scale defense alone cannot secure our digital future.³ The answer? Empowering every security professional with intelligent agents—AI partners that amplify human expertise and transform the very fabric of organizational security.

At Microsoft Ignite, we are introducing a dozen new and enhanced Microsoft Security Copilot agents, available in Microsoft Defender, Microsoft Entra, Microsoft Intune, and Microsoft Purview, to empower security teams to shift from reactive responses to proactive strategies and help transform every aspect of organizational security.

These adaptive agents run side by side with security teams to triage incidents, optimize conditional access policies, surface threat intelligence, and maintain secure, compliant endpoints more easily. Our partner community also released more than 30 new Security Copilot agents, extending protection end-to-end.

To make it easier than ever for organizations to harness the power of Security Copilot agents to protect at the speed and scale of AI, we are thrilled to announce that Security Copilot will be included for all Microsoft 365 E5 customers.* The rollout starts today for Security Copilot customers with Microsoft 365 E5 and continues for all Microsoft 365 E5 customers in the upcoming months.

Predictive shielding with Microsoft Defender

Cyberattackers are using AI to increase the speed and scale of attacks, unleashing a barrage on defenders. Defender predictive shielding goes beyond automated cyberattack disruption and introduces a new capability that can anticipate cyberattacker movement and proactively harden attack pathways to protect critical assets. It forecasts likely attacker pivots using graph insights and threat intelligence from the 100 trillion signals Microsoft analyzes daily. Then, it applies targeted, just-in-time hardening actions to block exploitation of adjacent resources. This strategic and coordinated response minimizes business disruption and gives security teams a powerful advantage over increasingly sophisticated cyberthreats.

Securing with a new suite of expert-led services

To help organizations easily access security expertise, we’re introducing the Microsoft Defender Experts Suite, a new offering that brings together human-led, AI-powered managed extended detection and response, end-to-end proactive incident response services, and direct access to designated Microsoft security advisors. The expert-led services will help you defend against cyberthreats, build cyber resilience, and transform your security operations. Defender Experts Suite will be available early 2026 to help you accelerate security outcomes. We are also announcing that Microsoft is now an approved incident response partner of Beazley, a specialist insurer. The collaboration will provide Microsoft customers with a streamlined claims process and faster action following a cyber event.

Security is the core primitive

In the agentic AI era, digital trust is paramount: security, safety, ethics, and privacy will underpin progress, and security has been, and always will be, the root of trust. This is why we prioritize security above all else through the Microsoft Secure Future Initiative—an ongoing effort to improve security for Microsoft, our customers, and the ecosystem. It is also why we believe security must be ambient and autonomous, woven into and around everything we build—from silicon to operating systems, to agents, apps, data, platforms, and clouds—and throughout everything we do. This is our vision for security as the core primitive.

Security in the agentic era:

The core primitive

Envision a future where defenders and AI agents work together. Hear Charlie Bell and Vasu Jakkal share how leading organizations are securing AI innovation at scale—plus get demos and actionable steps.

Watch now

We are excited to connect with you, the defenders, at Ignite to explore these innovations and more throughout the week. And we look forward to working together to build a safer future for all.

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security Blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity.

* Eligible Microsoft 365 E5 customers will have 400 Security Compute Units (SCUs) per month for every 1,000 user licenses, up to 10,000 SCUs per month. This included capacity is expected to support typical scenarios. Customers will have an option to pay for scaling beyond the allocated amount at a future date with $6 per SCU on a pay-as-you-go basis, and will get a 30-day advanced notification when this option is available. Learn more.

¹ Microsoft is a recognized leader in cybersecurity, Microsoft Security. 2025.

² Microsoft FY25 Fourth Quarter Earnings Conference Call, Jonathan Neilson, Satya Nadella, Amy Hood. July 30, 2025

³ Bridging the Cyber Skills Gap, World Economic Forum. 2025.

The post ​​Ambient and autonomous security for the agentic era​​  appeared first on Microsoft Security Blog.

To help security teams better face the growing challenges, generative AI offers transformative capabilities that can bridge critical gaps. In a newly released e-book from Microsoft, we share multiple scenarios that showcase how Microsoft Security Copilot, powered by generative AI, can empower security analysts, accelerate incident response, and improve operational inefficiencies. Sign up to get the e-book, From Alert Fatigue to Proactive Defense: What Generative AI Can Do for Your SOC, and learn how AI can transform organizations like yours today.

Enhance every stage of the security operations workflow

The teams we talk to mention how generative AI is dramatically improving the efficacy and efficiency of their security operations (SecOps)—it helps analysts triage alerts by correlating threat intelligence and surfacing related activity that might not trigger a traditional alert. It generates rapid incident summaries so teams can get started faster, guides investigations with step-by-step context and evidence, and automates routine response tasks like containment and remediation through AI-powered playbooks. Additionally, generative AI supports proactive threat hunting by suggesting queries that uncover lateral movement or privilege escalation, and streamlines reporting by producing clear, audience-ready summaries for stakeholders, all of which means SOC teams spend less time on manual, repetitive work and more time focusing on high-impact cyberthreats—ultimately allowing for faster, smarter, and more resilient security operations.

Microsoft Security Copilot helps organizations address critical challenges of scale, complexity, and inefficiencies—as well as streamlining investigations, simplifying reporting, and more. It gives analysts a good idea of where to start, how to prioritize, and improves analyst confidence with actionable insights. By embedding generative AI into existing workflows, SOCs can operationalize and contextualize security data in ways never possible before—delivering guided responses, accelerating investigations, and transforming complex data into clear, actionable insights for both technical teams and business leaders.

Organizations using Security Copilot report a 30% reduction in mean time to resolution (MTTR).⁵

How Security Copilot delivers real value in everyday SOC tasks

The e-book spans four chapters that cover key scenarios, including investigation and response, AI-powered analysis, proactive threat hunting, and simplified security reporting. Each chapter presents the core challenges faced by today’s SOC teams, how generative AI accelerates and improves outcomes, and measurable, real-world results that show improvements for security analysts—like reduced noise, faster critical insights, identified cyberattack paths, and audience-ready summaries generated by AI. For example, when an analyst receives alerts about unusual login activity from multiple geolocations targeting a high-privilege account, generative AI consolidates related alerts, prioritizes the incident, and provides actionable summaries, allowing for faster triage and confident response.

Included in the e-book are summaries of AI in action, with step-by-step explanations of how Copilot is:

• Guiding analysts to confident, rapid decisions—helping SOC analysts quickly triage alerts, summarize incidents, recommend precise actions, and guide responses, for faster, more confident threat containment.
• Turning complex scripts into clear insights—supporting SOC analysts to decode malicious scripts, correlate threat intelligence, and automate investigations.
• Anticipating cyberthreats before they escalate—empowering threat hunters to quickly query indicators of compromise (IOCs), uncover hidden cyberattack patterns, and take proactive actions, for more predictive defense against evolving cyberthreats.
• Simplifying security reporting for analysts–letting SOC analysts to instantly consolidate data, capture critical details, and produce clear, audience-ready reports.

We analyze results about 60% to 70% faster with Security Copilot. It plays a central role in our ability to speed up threat analyses and activities, fundamentally reducing the risks for our IT landscape worldwide.

—Norbert Vetter, Chief Information Security Officer, TÜV SÜD

The future of SecOps is here with generative AI

For security leaders looking to improve their response time and better support their teams, generative AI isn’t just a vision for the future—it’s available today. From triage to reporting, generative AI–powered assistants enhance every stage of the SecOps workflow—delivering faster responses, stronger defenses, and more confident decision-making. At the forefront of this transformation is Microsoft Security Copilot, which unifies tools, operationalizes threat intelligence, and guides analysts through complex workflows, letting SOC teams adapt to evolving cyberthreats with ease. Sign up to access “What Generative AI Can Do for Your SOC” today and learn how your team can move from overwhelmed to empowered, tackling today’s challenges with confidence and preparing for tomorrow’s uncertainties. Or read more about Microsoft AI-powered unified security operations and how they can move your team from overwhelmed to empowered.

Learn more with Microsoft Security

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity.

Microsoft Ignite

Join us at Microsoft Ignite to explore the latest solutions for securing AI. Connect with industry leaders, innovators, and peers shaping what’s next.

San Francisco on November 17-21
Online (free) on November 18-20

Register now

¹ “Generative AI and Security Operations Center Productivity: Evidence from Live Operations,” page 2, Microsoft, November 2024

² Cybersecurity Workforce Study: How the Economy, Skills Gap, and Artificial Intelligence Are Challenging the Global Cybersecurity Workforce 2023,” page 20, ISC2, 2023

³ The Unified Security Platform Era Is Here,” page 7, Microsoft, 2024

⁴ “Global Security Operations Center Study Results,” page 6, IBM, March 2023

⁵ “Generative AI and Security Operations Center Productivity: Evidence from Live Operations,” page 2, Microsoft, November 2024 

The post ​​Learn what generative AI can do for your security operations center appeared first on Microsoft Security Blog.

Security Store: Your gateway to stronger security

Released to public preview on September 30, 2025, Microsoft Security Store brings together a diverse catalog of security solutions and AI-powered agents from Microsoft and leading partners—all in one unified experience. Whether you’re looking for advanced threat protection, identity management, compliance automation, or cloud security, you’ll find offerings from these categories and many more tailored to your organization’s needs.

Security professionals can browse a wide range of software as a service (SaaS) solutions, from endpoint protection and data governance to cloud security and compliance. Increasingly, organizations are also turning to AI-powered agents—many of which are built on Microsoft Security Copilot—to automate triage, accelerate investigations, and deliver real-time insights. Security Store has you covered here too, with agents that represent a fast-growing area of innovation, helping security teams respond to cyberthreats with greater speed and precision.

Solutions and agents are organized by industry frameworks like the National Institute of Standards and Technology (NIST) Cybersecurity Framework, making it easy to filter by function, such as threat protection, identity management, or compliance automation. You can also browse by integration type (Microsoft Defender, Microsoft Sentinel, Microsoft Entra, Microsoft Purview) and see at a glance which solutions fit your environment and needs.

Because Security Store is built on the Microsoft Marketplace, customers can take advantage of unified billing—purchasing solutions and agents with their existing Microsoft account, and consolidating spend on a single invoice. Eligible purchases can contribute to Microsoft Azure Consumption Commitment (MACC), helping make your organization’s dollars go further. Deployment is guided and streamlined: admins can deploy solutions and agents directly from the store in just a few steps, with automatic provisioning of resources and clear visibility into where solutions have been installed.

Being able to tailor by framework or goals and see relevant solutions in one place is really valuable. The marketplace can be overwhelming, so having a focused, security-centric experience like this is a big win for us.”

—Sean Vaden, Vice President (VP), Security, Irth Solutions

For partners, the benefits are just as strong. Security Store leverages Microsoft’s global commerce infrastructure, enabling partners to transact in local currencies, access built-in billing and entitlement management, and reach new customers through in-app discovery and mainstream marketplace motions. Partners can monetize both SaaS solutions and AI agents, tap into Microsoft’s go-to-market incentives, and grow their business alongside a rapidly expanding ecosystem.

We’re inspired to be part of Security Store, empowering Microsoft customers with easier access to Akamai’s advanced security and agentic solutions to help them strengthen their overall security posture.”

—Rami Katz, VP Business Development, Akamai

By bringing discovery, purchase, and deployment together in a single place, Security Store empowers organizations to rapidly expand capabilities, respond to new risks, and drive continuous improvement. It’s more than a marketplace—it’s your one-stop shop for building a resilient, future-ready security ecosystem.

Solutions and agents for every challenge

From day one, Security Store is focused on providing a broad selection that brings together the best of Microsoft and its partners to tackle the most pressing security challenges facing organizations today.

From threat protection and incident response to identity management, data security, compliance, and cloud security, Microsoft Security Store offers solutions and agents for every scenario. Offerings are tailored for security operations center (SOC) teams, IT administrators, privacy and compliance leaders, and more—each designed to integrate seamlessly with Microsoft Security products.

• Threat protection and AI agents: Partners like BlueVoyant, Darktrace, and Illumio deliver agents that automate threat hunting, triage alerts, and provide real-time insights. For example, BlueVoyant’s Watchtower agent continuously monitors Microsoft Sentinel environments, while Darktrace’s Email Analysis Agent helps SOC teams detect and respond to phishing attacks with self-learning AI.
• Identity and access management: Solutions from Invoke and Netskope empower organizations to discover, secure, and govern workload identities, enforce Zero Trust policies, and streamline compliance. Invoke’s Identity Workload ID agent flags misconfigurations and recommends best practices, while Netskope’s SSE platform integrates with Microsoft Entra and Microsoft Defender for unified, context-rich protection.
• Data security, governance, compliance, and privacy: Solutions aligned with Microsoft Purview help organizations safeguard sensitive data, automate compliance, and manage privacy requirements. These offerings support robust governance and help organizations meet evolving regulatory standards.
• Endpoint and cloud security: Tanium’s Autonomous Endpoint Management pairs real-time endpoint visibility with AI-powered automation, keeping IT environments healthy and secure at scale. Illumio’s breach containment agent integrates with Microsoft Sentinel to isolate cyberthreats across hybrid and multicloud environments.

Through Security Store, we’re accelerating our ability to turn extended detection and response innovation into customer impact. This is more than a marketplace. We see a new operating system for security transactability, where deployment, automation, and agentic value converge in one seamless experience.”

—Milan Patel, Co-founder, BlueVoyant (former FBI Cyber Division Chief Technology Officer)

Importantly, Security Store features many of the most popular and widely adopted security solutions in the industry. Whether you’re looking for trusted names in endpoint protection, advanced threat intelligence, or innovative AI-powered agents, you’ll find options that are already proven in organizations around the world. This means customers can choose from both established leaders and emerging innovators, all in one place.

Building momentum

In just the first two weeks since launch, Security Store has already brought together a fast-growing catalog of solutions and AI agents from leading partners and innovators. Each week, new offerings are added, ever expanding the choices available to organizations and fueling our momentum to help build safer businesses. For a more detailed walk through of the current security solutions and AI agents available from Microsoft and our partners in Security Store, read our Tech Community post.

The Microsoft Security Store has allowed us to reach new customers who are looking for trusted, ready-to-use security innovations. It makes it easy for organizations to discover and deploy our Security Copilot agents directly within their Microsoft environment, allowing them to quickly benefit from automation, faster investigations, and stronger operational resilience across their security operations.”

—Christian Kanja, Chief Executive Officer, glueckkanja AG

Learn more

The Microsoft Security Store journey is just beginning. With your help, together, we’re building momentum for a safer, more innovative future in security. Whether you’re looking to strengthen your security posture or reach new customers, the Security Store is built for you.

Ready to explore what’s possible? Visit the Security Store to discover, compare, and deploy trusted solutions and agents for your organization. And partners interested in joining can head to the Security Store partner page to get started.

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity.

The post The new Microsoft Security Store unites partners and innovation appeared first on Microsoft Security Blog.

Strengthening cyber defense in the age of agentic AI with Microsoft Sentinel

Microsoft Sentinel has now evolved beyond a cloud-native SIEM into a unified, AI-powered security platform, connecting analytics and context across ecosystems at scale. With a centralized, purpose-built security data lake and graph capabilities, organizations gain deeper insights and richer context for more effective cyberthreat detection and investigation. The Model Context Protocol (MCP) server and agentic tools make data agent-ready, paving the way for seamless integration with autonomous security agents and unlocking new possibilities for proactive defense.

We realized that we needed to uplift our capability in the security operations center. We wanted a platform that could help us face the challenges of offensive use of AI so we could defend at machine speed.

—David Boda, Chief Security and Resilience Officer, Nationwide

Optimizing costs and coverage

Now generally available, the Microsoft Sentinel data lake serves as the foundation for modern, AI-powered security operations. Purpose-built for security, it features a cloud-native architecture that centralizes all security data from more than 350 sources across platforms and clouds. The Microsoft Sentinel data lake simplifies data management, eliminating silos, and enables cost-effective long-term retention, empowering organizations to maintain strong security postures while optimizing budget. By unifying historical and real-time security data, the data lake helps AI agents and automation perform advanced analytics, detect anomalies, and execute autonomous cyberthreat responses with precision and speed.

To further help organizations optimize their security operations, Microsoft Sentinel has native features like:

• SOC optimization helps security teams improve coverage, reduce costs, and streamline operations by providing AI-powered recommendations on data usage, cyberthreat detection gaps, and analytics efficiency. These insights empower defenders to make smarter decisions and maximize return on investment.
• New cost management features in preview help customers with cost predictability, billing transparency, and operational efficiency.

Accelerating the SOC with advanced analytics and AI

Microsoft Sentinel is transforming security operations with advanced analytics, agentic AI, and MCP server. Microsoft Sentinel data lake centralizes security data from hundreds of sources, enabling real-time detection, contextual analysis, and autonomous response. The integration of agentic AI and Microsoft Security Copilot allows defenders to automate investigations, correlate complex signals, and respond to cyberthreats at machine speed. The MCP server further enhances these capabilities by making security data agent-ready. Support for tools like Kusto Query Language (KQL) queries, Spark notebooks, and machine learning models within the Microsoft Sentinel data lake empowers agentic systems to continuously learn, adapt, and act on emerging cyberthreats, driving smarter, faster, and more contextual security operations across the SOC. This AI-powered approach reduces alert fatigue and accelerates decision-making, strengthening security posture across the SOC.

Together, these capabilities empower SOC teams to operate at the speed of AI, reduce noise, and focus on high-impact investigations, driving clarity, efficiency, and resilience across the security lifecycle.

Empowering defenders with industry-leading SIEM

Microsoft Sentinel enhances security operations by unifying SIEM, security orchestration, automation, and response (SOAR), user and entity behavior analytics (UEBA), and threat intelligence into a single, integrated experience. With full integration into the Microsoft Defender portal, Microsoft Sentinel delivers a consolidated view for detection, investigation, and response across endpoints, identities, cloud, and network—streamlining workflows and enhancing efficiency for SOC teams.

• Advanced correlation algorithms combine behavioral analytics, machine learning, and threat intelligence to connect events and deliver comprehensive security insights.
• Custom rules and MITRE ATT&CK® mapping allow defenders to tailor detection strategies for their specific needs.
• Built-in orchestration and automation capabilities reduce manual effort, accelerate incident response, and free analysts to focus on high-value tasks.
• UEBA powered by AI provide deep behavioral insights to detect anomalies and insider threats.
• Integrated threat intelligence enriches investigations with real-time insights, enabling faster detection, deeper context, and more accurate response across the SOC.
• Embedded AI and machine learning accelerate threat detection, reduce false positives, and enable advanced hunting and automated investigations—helping SOC teams respond faster and with precision.

Microsoft Sentinel has comprehensive machine learning threat analytics models that allow us to hunt and detect any security threat, no matter how sophisticated or hidden they are. Microsoft Sentinel has intelligent security event management features which help us to accurately investigate security threats to understand the origin, making it easy to identify the most appropriate way to handle them.

—Software Development Project Manager, Software Industry (Source: Gartner Peer Insights™)

Download the report

To learn more about why Microsoft was named a Leader in the 2025 Gartner® Magic Quadrant™ for SIEM, download the full report.

Looking forward

As cyberthreats grow in sophistication, the need for intelligent, adaptive, and end-to-end AI security platforms becomes more urgent. Microsoft is committed to leading this transformation by:

• Investing in agentic AI to empower defenders with autonomous capabilities.
• Empowering defenders with a cost-effective data lake for deeper insights and scalable analytics.
• Enhancing cross-platform integrations for holistic protection.
• Driving community collaboration through open content hubs and shared analytics.

We’re not just building tools; we’re shaping the future of cybersecurity. Our roadmap is guided by the real-world challenges faced by SOCs and the outcomes they strive for: faster detection, smarter response, and stronger resilience.

We’re honored by the Gartner recognition and deeply grateful to our customers, partners, and the analyst community for their continued trust and collaboration.

Are you a regular user of Microsoft Sentinel? Share your insights and get rewarded with a $25 gift card on Gartner Peer Insights™.

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity.

¹Gartner® Magic Quadrant™ for Security Information and Event Management, Andrew Davies, Eric Ahlm, Angel Berrios, Darren Livingstone, 8 October 2025

Gartner does not endorse any vendor, product or service depicted in its research publications and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s Research & Advisory organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

Gartner Peer Insights content consists of the opinions of individual end users based on their own experiences with the vendors listed on the platform, should not be construed as statements of fact, nor do they represent the views of Gartner or its affiliates. Gartner does not endorse any vendor, product or service depicted in this content nor makes any warranties, expressed or implied, with respect to this content, about its accuracy or completeness, including any warranties of merchantability or fitness for a particular purpose.

This graphic was published by Gartner, Inc. as part of a larger research document and should be evaluated in the context of the entire document. The Gartner document is available upon request from Microsoft.

GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally, Magic Quadrant and Peer Insights are registered trademarks of Gartner, Inc. and/or its affiliates and is used herein with permission. All rights reserved.

The post Microsoft named a Leader in the 2025 Gartner® Magic Quadrant™ for SIEM appeared first on Microsoft Security Blog.

Why ExCyTIn-Bench matters for business

For chief information security officers (CISOs), IT leaders, and buyers, ExCyTIn-Bench offers a clear, objective way to assess AI capabilities for security. It’s not just about accuracy in cyberthreat reports, trivia, or toy simulations, but about how well AI can investigate, adapt, and explain its findings in the face of real-world cyberthreats. As cyberattacks grow in sophistication, tools like ExCyTIn-Bench help organizations select solutions that truly enhance detection, response, and resilience.

Microsoft uses this framework internally to strengthen its AI-powered security features and test their ability to withstand real-world cyberattacks. Our security-focused in-house models rely on feedback from ExCyTIn to uncover weaknesses in detection logic, tool capabilities, and data navigation. For broader integration, we are also collaborating with security products such as Microsoft Security Copilot, Microsoft Sentinel, and Microsoft Defender to evaluate and provide feedback on their AI features. Additionally, Microsoft Security product owners can monitor how different models perform and what they cost, allowing them to choose appropriate models for specific features.

How ExCyTIn-Bench improves upon traditional benchmarks

Unlike traditional benchmarks that rely on multiple choice questions—which are often susceptible to guesswork—ExCyTIn-Bench adopts an innovative, principled methodology for generating questions and answers from threat investigation graphs.^3,4 Human analysts conceptualize threat investigations using incident graphs, specifically bipartite alert-entity graphs.⁵ These serve as ground truth, supporting the creation of explainable question-answer pairs grounded in authentic security data. This enables rigorous analysis of strategy quality, not just final answers. Even recent industry publications, such as CyberSOCEval, focus on packaging realistic SOC scenarios and evaluating how models investigate static evidence in them.³ ExCyTIn adopts a different approach in both design and technical implementation by positioning the agent within a controlled Azure SOC environment: where the agent queries live log tables, transitions across data sources, and plans multistep investigations.

As a result, ExCyTIn evaluates comprehensive reasoning processes, including goal decomposition, tool usage, and evidence synthesis, under constraints that simulate an analyst’s workflow. By defining rigorous ground truths and extensible frameworks, ExCyTIn-Bench enables realistic, multiturn, agent-based experimentation, collaboration, and continuous self-improvement, all reinforced by verifiable, fine-grained reward mechanisms for AI-powered cyber defense.⁶

ExCyTIn-Bench innovations that deliver strategic value

• Realistic security evaluation. Unlike most open-source benchmarks, ExCyTIn-Bench captures the complexity and ambiguity of actual cyber investigations.^3,4 AI agents are challenged to analyze noisy, multitable security data, construct advanced queries, and uncover indicators of compromise (IoCs)—mirroring the work of human SOC analysts.
• Transparent, actionable metrics. The benchmark provides fine-grained, step-by-step reward signals for each investigative action over basic binary success and failure metrics found in current benchmarks. This transparency helps organizations understand not just what a model can do, but how it arrives at its conclusions—critical for actionability, trust, and compliance.
• Accelerating innovation. ExCyTIn-Bench is open-source and designed for collaboration. Researchers and vendors worldwide can use it to test, compare, and improve new models, driving rapid progress in automated cyber defense.
• Personalized benchmarks (coming soon). Create tailored cyberthreat investigation benchmarks specific to the threats occurring in each customer tenant.

Latest results—language models are getting smarter

Recent evaluations show that the newest models are making significant strides:

• GPT-5 (High Reasoning) leads with a 56.2% average reward, outperforming previous models and demonstrating the value of advanced reasoning for security tasks.
• Smaller models with effective chain-of-thought (CoT) reasoning—like GPT-5-mini—are now rivaling larger models, offering strong performance at lower cost.
• Explicit reasoning matters—Lower reasoning settings in GPT-5 drop performance by nearly 19%, highlighting that deep, step-by-step reasoning is essential for complex investigations.
• Open-source models are closing the gap with proprietary solutions, making high-quality security automation more accessible.
• New models are getting close to top CoT techniques (ReAct, reflection and BoN at 56.3%) but don’t surpass them, suggesting comparable reasoning during inference.

Get involved

Upcoming security events

Deep dive into the latest security innovations

Watch Microsoft Secure on demand and join us at Microsoft Ignite, November 17-21, 2025, in San Francisco, CA, or online—for more innovations, hands-on labs, and expert connections.

ExCyTIn-Bench is open-source and free to access. Model developers and security teams are invited to contribute, benchmark, and share results through the official GitHub repository. For questions or partnership opportunities, reach out to the team at msecaimrbenchmarking@microsoft.com.

Thank you to the MSECAI Benchmarking team for helping this become reality.

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity.

¹Benchmarking LLM agents on Cyber Threat Investigation

²https://huggingface.co/datasets/anandmudgerikar/excytin-bench

³CyberSOCEval: Benchmarking LLMs Capabilities for Malware Analysis and Threat Intelligence Reasoning

⁴[2406.07599] CTIBench: A Benchmark for Evaluating LLMs in Cyber Threat Intelligence

⁵Incident or Threat Investigation graphs portray multi-stage attacks by linking alerts, events, and indicators of compromise (IoCs) into a unified view. Nodes denote alerts (e.g., suspicious file downloads) or entities (e.g., user accounts) while edges capture their relationships (e.g., a phishing email that triggers a malicious download)

⁶[2507.14201] ExCyTIn-Bench: Evaluating LLM agents on Cyber Threat Investigation 

The post Microsoft raises the bar: A smarter way to measure AI for cybersecurity appeared first on Microsoft Security Blog.

In a campaign observed in the first half of 2025, we identified the actor specifically targeting Workday profiles. However, it’s important to note that any SaaS systems storing HR or payment and bank account information could be easily targeted with the same technique. These attacks don’t represent any vulnerability in the Workday platform or products, but rather financially motivated threat actors using sophisticated social engineering tactics and taking advantage of the complete lack of multifactor authentication (MFA) or lack of phishing-resistant MFA to compromise accounts. Workday has published guidance for their customers in their community, and we thank Workday for their partnership and support in helping to raise awareness on how to mitigate this threat.

Microsoft has identified and reached out to some of the affected customers to share tactics, techniques, and procedures (TTPs) and assist with mitigation efforts. In this blog, we present our analysis of Storm-2657’s recent campaign and the TTPs employed in attacks. We offer comprehensive guidance for investigation and remediation, including implementing phishing-resistant MFA to help block these attacks and protect user accounts. Additionally, we provide comprehensive detections and hunting queries to enable organizations to defend against this attack and disrupt threat actor activity.

Analysis of the campaign

In the observed campaign, the threat actor gained initial access through phishing emails crafted to steal MFA codes using adversary-in-the-middle (AITM) phishing links. After obtaining MFA codes, the threat actor was able to gain unauthorized access to the victims’ Exchange Online and later hijacked and modified their Workday profiles.

After gaining access to compromised employee accounts, the threat actor created inbox rules to delete incoming warning notification emails from Workday, hiding the actor’s changes to the HR profiles. Storm-2657 then stealthily moved on to modify the employee’s salary payment configuration in their HR profile, thereby redirecting future salary payments to accounts under the actor’s control, causing financial harm to their victims. While the following example illustrates the attack flow as observed in Workday environments, it’s important to note that similar techniques could be leveraged against any payroll provider or SaaS platform.

Initial access

The threat actor used realistic phishing emails, targeting accounts at multiple universities, to harvest credentials. Since March 2025, we’ve observed 11 successfully compromised accounts at three universities that were used to send phishing emails to nearly 6,000 email accounts across 25 universities.

Some phishing emails contained Google Docs links, making detection challenging, as these are common in academic environments. In multiple instances, compromised accounts did not have MFA enabled. In other cases, users were tricked into disclosing MFA codes via AiTM phishing links distributed through email. Following the compromise of email accounts and the payroll modifications in Workday, the threat actor leveraged newly accessed accounts to distribute further phishing emails, both within the organization and externally to other universities.

The threat actor used several themes in their phishing emails. One common theme involved messages about illnesses or outbreaks on campus, suggesting that recipients might have been exposed. These emails included a link to a Google Docs page that then redirected to an attacker-controlled domain.

Some examples of the email subject lines are:

• COVID-Like Case Reported — Check Your Contact Status
• Confirmed Case of Communicable Illness
• Confirmed Illness

In one instance, a phishing email was sent to 500 individuals within a single organization, encouraging targets to check their illness exposure status. Approximately 10% of recipients reported the email as a suspected phishing attempt.

The second theme involved reports of misconduct or actions by individuals within the faculty, with the goal of tricking recipients into checking the link to determine if they are mentioned in the report.

Some examples of the subject lines are:

• Faculty Compliance Notice – Classroom Misconduct Report
• Review Acknowledgment Requested – Faculty Misconduct Mention

The most recently identified theme involved phishing emails impersonating a legitimate university or an entity associated with a university. To make their messages appear convincing, Storm-2657 tailored the content based on the recipient’s institution. Examples included messages that appear to be official communications from the university president, information about compensation and benefits, or documents shared by HR with recipients. Most of the time the subject line contained either the university name or the university’s president name, further enhancing the email’s legitimacy and appeal to the intended target.

Some examples of the subject lines are:

• Please find the document forwarded by the HR Department for your review
• [UNIVERSITY NAME] 2025 Compensation and Benefits Update
• A document authored by [UNIVERSITY PRESIDENT NAME] has been shared for your examination.

Defense evasion

Following account compromise, the threat actor created a generic inbox rule to hide or delete any incoming warning notification emails from the organization’s Workday email service. This rule ensured that the victim would not see the notification emails from Workday about the payroll changes made by the threat actor, thereby minimizing the likelihood of detection by the victim. In some cases, the threat actor might have attempted to stay under the radar and hide their traces from potential reviews by creating rule names solely using special characters or non-alphabetic symbols like “….” or “\’\’\’\’”.

Persistence

In observed cases, the threat actor established persistence by enrolling their own phone numbers as MFA devices for victim accounts, either through Workday profiles or Duo MFA settings. By doing so, they bypassed the need for further MFA approval from the legitimate user, enabling continued access without detection.

Impact

The threat actor subsequently accessed Workday through single sign-on (SSO) and changed the victim’s payroll/bank account information.

With the Workday connector enabled in Microsoft Defender for Cloud Apps, analysts can efficiently investigate and identify attack traces by examining Workday logs and Defender-recorded actions. There are multiple indicators available to help pinpoint these changes. For example, one indicator from the Workday logs generated by such threat actor changes is an event called “Change My Account” or “Manage Payment Elections”, depending on the type of modifications performed in the Workday application audit logs:

These payroll modifications are frequently accompanied by notification emails informing users that payroll or bank details have been changed or updated. As previously discussed, threat actors might attempt to eliminate these messages either through manual deletion or by establishing inbox rules. These deletions can be identified by monitoring Exchange Online events such as SoftDelete, HardDelete, and MoveToDeletedItems. The subjects of these emails typically contain the following terms:

• “Payment Elections”
• “Payment Election”
• “Direct Deposit”

Microsoft Defender for Cloud Apps correlates signals from both Microsoft Exchange Online (first-party SaaS application) and Workday (third-party SaaS application), enabling thorough detection of suspicious activities that span multiple systems, as seen in the image below. Only by correlating first party and third-party signals is it possible to detect this activity spawning across multiple systems.

Mitigation and protection guidance

Mitigating threats from actors like Storm-2657 begins with securing user identity by eliminating traditional credentials and adopting passwordless, phishing-resistant MFA methods such as FIDO2 security keys, Windows Hello for Business, and Microsoft Authenticator passkeys.

Microsoft recommends enforcing phishing-resistant MFA for privileged roles in Microsoft Entra ID to significantly reduce the risk of account compromise. Learn how to require phishing-resistant MFA for admin roles and plan a passwordless deployment.

Passwordless authentication improves security as well as enhances user experience and reduces IT overhead. Explore Microsoft’s overview of passwordless authentication and authentication strength guidance to understand how to align your organization’s policies with best practices. For broader strategies on defending against identity-based attacks, refer to Microsoft’s blog on evolving identity attack techniques.

If Microsoft Defender alerts indicate suspicious activity or confirmed compromised account or a system, it’s essential to act quickly and thoroughly. Below are recommended remediation steps for each affected identity:

1. Reset credentials – Immediately reset the account’s password and revoke any active sessions or tokens. This ensures that any stolen credentials can no longer be used.
2. Re-register or remove MFA devices – Review users MFA devices, specifically those recently added or updated.
3. Revert unauthorized payroll or financial changes – If the attacker modified payroll or financial configurations, such as direct deposit details, revert them to their original state and notify the appropriate internal teams.
4. Remove malicious inbox rules – Attackers often create inbox rules to hide their activity or forward sensitive data. Review and delete any suspicious or unauthorized rules.
5. Verify MFA reconfiguration – Confirm that the user has successfully reconfigured MFA and that the new setup uses secure, phishing-resistant methods.

Microsoft Defender XDR detections

Microsoft Defender XDR coordinates detection, prevention, investigation, and response across endpoints, identities, email, apps to provide integrated protection against attacks like the threat discussed in this blog.

Customers with provisioned access can also use Microsoft Security Copilot in Microsoft Defender to investigate and respond to incidents, hunt for threats, and protect their organization with relevant threat intelligence.

Hunting queries

Microsoft Defender XDR

The Microsoft Defender for Cloud Apps connector for Workday includes write events such as Workday account updates, payroll configuration changes, etc. These are available in the Defender XDR CloudAppEvents hunting tables for further investigation. Important events related to this attack include but are not limited:

• Add iOS Device
• Add Android Device
• Change My Account
• Manage Payment Elections

Install the Microsoft Defender for Cloud Apps connector for Workday to take advantage of these logging, investigation, and detection capabilities.

Review inbox rules created to hide or delete incoming emails from Workday

Results of the following query may indicate an attacker is trying to delete evidence of Workday activity.

CloudAppEvents 
| where Timestamp >= ago(1d)
| where Application == "Microsoft Exchange Online" and ActionType in ("New-InboxRule", "Set-InboxRule")  
| extend Parameters = RawEventData.Parameters // extract inbox rule parameters
| where Parameters has "From" and Parameters has "@myworkday.com" // filter for inbox rule with From field and @MyWorkday.com in the parameters
| where Parameters has "DeleteMessage" or Parameters has ("MoveToFolder") // email deletion or move to folder (hiding)
| mv-apply Parameters on (where Parameters.Name == "From"
| extend RuleFrom = tostring(Parameters.Value))
| mv-apply Parameters on (where Parameters.Name == "Name" 
| extend RuleName = tostring(Parameters.Value))

Review updates to payment election or bank account information in Workday

The following query surfaces changes to payment accounts in Workday.

CloudAppEvents 
| where Timestamp >= ago(1d)
| where Application == "Workday"
| where ActionType == "Change My Account" or ActionType == "Manage Payment Elections"
| extend Descriptor = tostring(RawEventData.target.descriptor)

Review device additions in Workday

The following query looks for recent device additions in Workday. If the device is unknown, it may indicate an attacker joined their own device for persistence and MFA evasion.

CloudAppEvents 
| where Timestamp >= ago(1d)
| where Application == "Workday"
| where ActionType has "Add iOS Device" or ActionType has "Add Android Device"
| extend Descriptor = tostring(RawEventData.target.descriptor) // will contain information of the device

Hunt for bulk suspicious emails from .edu sender

The following query identifies email from .edu senders sent to a high number of users.

EmailEvents
| where Timestamp >= ago(7d)
| where SenderFromDomain has "edu" or SenderMailFromDomain has "edu"
| where EmailDirection == "Inbound"
| summarize dcount(RecipientEmailAddress), dcount(InternetMessageId), make_set(InternetMessageId), dcount(Subject), dcount(NetworkMessageId), take_any(NetworkMessageId) by bin(Timestamp,1d), SenderFromAddress
| where dcount_RecipientEmailAddress > 100 // number can be adjusted, usually the sender will send emails to around 100-600 recipients per day

Hunt for phishing URL from identified .edu phish sender

If a suspicious .edu sender has been identified, use the following query to surface email events from this sender address.

EmailEvents
| where Timestamp >= ago(1d)
| where SenderFromAddress == ""
| where EmailDirection == "Inbound"
| project NetworkMessageId, Subject, InternetMessageId
| join EmailUrlInfo on NetworkMessageId
| where Timestamp >= ago(1d)
| project Url, NetworkMessageId, Subject, InternetMessageId

Hunt for user clicks to suspicious URL from the identified .edu phish sender (previous query)

If a suspicious .edu sender has been identified, use the below query to surface user clicks that may indicate a malicious link was accessed.

EmailEvents
| where Timestamp >= ago(1d)
| where SenderFromAddress == ""
| where EmailDirection == "Inbound"
| project NetworkMessageId, Subject, InternetMessageId
| join UrlClickEvents on NetworkMessageId
| where Timestamp >= ago(1d)
| project AccountUpn, Subject, InternetMessageId, DetectionMethods, ThreatTypes, IsClickedThrough // these users very likely fall into the phishing attack

Microsoft Sentinel

Install the Workday connector for Microsoft Sentinel. Microsoft Sentinel has a range of detection and threat hunting content that customers can use to detect the post exploitation activity detailed in this blog.

Microsoft Sentinel customers can use the TI Mapping analytics (a series of analytics all prefixed with ‘TI map’) to automatically match the malicious domain indicators mentioned in this blog post with data in their workspace. If the TI Map analytics are not currently deployed, customers can install the Threat Intelligence solution from the Microsoft Sentinel Content Hub to have the analytics rule deployed in their Sentinel workspace.

Malicious inbox rule

The query includes filters specific to inbox rule creation, operations for messages with ‘DeleteMessage’, and suspicious keywords.

let Keywords = dynamic(["helpdesk", " alert", " suspicious", "fake", "malicious", "phishing", "spam", "do not click", "do not open", "hijacked", "Fatal"]);
OfficeActivity
| where OfficeWorkload =~ "Exchange" 
| where Operation =~ "New-InboxRule" and (ResultStatus =~ "True" or ResultStatus =~ "Succeeded")
| where Parameters has "Deleted Items" or Parameters has "Junk Email"  or Parameters has "DeleteMessage"
| extend Events=todynamic(Parameters)
| parse Events  with * "SubjectContainsWords" SubjectContainsWords '}'*
| parse Events  with * "BodyContainsWords" BodyContainsWords '}'*
| parse Events  with * "SubjectOrBodyContainsWords" SubjectOrBodyContainsWords '}'*
| where SubjectContainsWords has_any (Keywords)
 or BodyContainsWords has_any (Keywords)
 or SubjectOrBodyContainsWords has_any (Keywords)
| extend ClientIPAddress = case( ClientIP has ".", tostring(split(ClientIP,":")[0]), ClientIP has "[", tostring(trim_start(@'[[]',tostring(split(ClientIP,"]")[0]))), ClientIP )
| extend Keyword = iff(isnotempty(SubjectContainsWords), SubjectContainsWords, (iff(isnotempty(BodyContainsWords),BodyContainsWords,SubjectOrBodyContainsWords )))
| extend RuleDetail = case(OfficeObjectId contains '/' , tostring(split(OfficeObjectId, '/')[-1]) , tostring(split(OfficeObjectId, '\\')[-1]))
| summarize count(), StartTimeUtc = min(TimeGenerated), EndTimeUtc = max(TimeGenerated) by  Operation, UserId, ClientIPAddress, ResultStatus, Keyword, OriginatingServer, OfficeObjectId, RuleDetail
| extend AccountName = tostring(split(UserId, "@")[0]), AccountUPNSuffix = tostring(split(UserId, "@")[1])
| extend OriginatingServerName = tostring(split(OriginatingServer, " ")[0])

Risky sign-in with new MFA method

This query identifies scenarios of risky sign-ins tied to new MFA methods being added.

let mfaMethodAdded=CloudAppEvents
    | where ActionType =~ "Update user." 
    | where RawEventData has "StrongAuthenticationPhoneAppDetail"
    | where isnotempty(RawEventData.ObjectId) and isnotempty(RawEventData.Target[1].ID)
    | extend AccountUpn = tostring(RawEventData.ObjectId)
    | extend AccountObjectId = tostring(RawEventData.Target[1].ID)
    | project MfaAddedTimestamp=Timestamp,AccountUpn,AccountObjectId;
    let usersWithNewMFAMethod=mfaMethodAdded
    | distinct AccountObjectId;
    let hasusersWithNewMFAMethod = isnotempty(toscalar(usersWithNewMFAMethod));
    let riskySignins=AADSignInEventsBeta
    | where hasusersWithNewMFAMethod
    | where AccountObjectId in (usersWithNewMFAMethod)
    | where RiskLevelDuringSignIn in ("50","100") //Medium and High sign-in risk level.
    | where Application in ("Office 365 Exchange Online", "OfficeHome")
    | where isnotempty(SessionId)
    | project SignInTimestamp=Timestamp, Application, SessionId, AccountObjectId, IPAddress,RiskLevelDuringSignIn
    | summarize SignInTimestamp=argmin(SignInTimestamp,*) by Application,SessionId, AccountObjectId, IPAddress,RiskLevelDuringSignIn;
    mfaMethodAdded
    | join riskySignins on AccountObjectId
    | where MfaAddedTimestamp - SignInTimestamp < 6h //Time delta between risky sign-in and device registration less than 6h
    | project-away AccountObjectId1

Microsoft Security Copilot

Security Copilot customers can use the standalone experience to create their own prompts or run the following prebuilt promptbooks to automate incident response or investigation tasks related to this threat:

• Incident investigation
• Microsoft User analysis
• Threat actor profile
• Threat Intelligence 360 report based on MDTI article
• Vulnerability impact assessment

Note that some promptbooks require access to plugins for Microsoft products such as Microsoft Defender XDR or Microsoft Sentinel.

Acknowledgments

We would like to thank Workday for their collaboration and assistance in responding to this threat.

Workday customers can refer to the guidance published by Workday on their community: https://community.workday.com/alerts/customer/1229867.

Learn more

For the latest security research from the Microsoft Threat Intelligence community, check out the Microsoft Threat Intelligence Blog.

To get notified about new publications and to join discussions on social media, follow us on LinkedIn, X (formerly Twitter), and Bluesky.

To hear stories and insights from the Microsoft Threat Intelligence community about the ever-evolving threat landscape, listen to the Microsoft Threat Intelligence podcast.

The post Investigating targeted “payroll pirate” attacks affecting US universities appeared first on Microsoft Security Blog.