Microsoft has unveiled a sweeping overhaul of its Sentinel platform, pitching it as an “AI-ready security platform” designed to meet the speed and scale of modern cyber attacks.
The tech heavyweight says its new data lake and AI agents will give security teams the ability to act in real time, blocking phishing attempts or compromised accounts in minutes rather than hours.
Scott Woodgate, general manager of threat protection at Microsoft, told City AM that the shift reflects the growing urgency.
“Attacks move very quickly through the system, and sometimes the security team manually is just not fast enough anymore”, he claimed. “AI can help us not just detect but respond in real time”.
Automating security
At the centre of Microsoft’s pitch is the idea of agents, small, specialised AI systems trained to take on specific security tasks.
A phishing triage agent, for instance, can sort through user-submitted emails to separate genuine threats from the flood of marketing noise.
Another can disable a stolen identity in under three minutes.
The broad attraction is that of freeing human teams from repetitive work and responding faster than attackers can move.
Yet, the risks are equally clear: What if an agent locks out a chief executive in the middle of an earnings call? Or, what if it misses a subtle but genuine threat?
“If the chief executive has been phished and their identity is stolen, and you disable them, you did something great for the company…but you better be right,” Woodgate admitted.
Microsoft insists its tools act only with “very high confidence” and give customers control over when AI makes decisions.
Indeed, past attempts to automate security, from intrusion detection systems to behavioural analytics, have often faltered under the weight of false positives and noisy alerts.
Human defenders still in play
Microsoft is careful to stress that AI will not replace human teams.
“Security teams and agents working together can now be more effective than people alone”, Woodgate told City AM.
In theory, automation gives analysts more time to pursue sophisticated investigations rather than drowning in alerts.
But in practice, many CISOs remain wary of handing too much control to systems they don’t fully understand.
That scepticism is heightened by the fact that attackers are also harnessing AI, from generating realistic phishing emails to automating reconnaissance.
As recent breaches at Co-op, Jaguar Land Rover, and Harrods suggest, the pressure on defenders is only increasing.
For now, Sentinel’s revamp shows Microsoft betting that speed is the decisive factor in the evolving cybersecurity landscape.
As Woodgate argued: “The faster we find things and remove those things, the better off we are”.