Microsoft Security Copilot: Cybersecurity in an AI-driven world

The Importance of Career Preparation in 2023

May 5, 2023

The Future Lawyer Weekly Briefing – W/C 8th May 2023

May 8, 2023

Published by Zara Yusuf at May 6, 2023

What is Microsoft Security Copilot?

On the 28th March 2023, Microsoft announced the release of Security Copilot, a new AI assistant for cyber security experts. Drawing upon OpenAI’s GPT-4 generative AI, which also powers ChatGPT and Bing, the model aims to empower defenders, helping them to identify hidden patterns, reinforce their defences, and respond quickly to malicious activity.

As Vasu Jakkal, Corporate Vice President of Microsoft Security, claims, “Security Copilot is the first and only generative AI security product enabling defenders to move at the speed and scale of AI.”

On the one hand, Security Copilot appears to operate like other AI chatbots, allowing analysts to prompt a solution and receive a summative response.

However, its user-case specific application makes it far more complex. When prompting an answer, defenders will not only receive text, but also visual representations of data, such as graphs or flowcharts, which both summarise and simplify information on incoming cyberattacks. Security Copilot will also draft resources like spreadsheets, campaign reports, and presentations, prioritising specific threats, whilst providing predictive guidance to help thwart future attacks.

At present, Microsoft Security Copilot is only available through private preview. In relation to accessibility, Chang Kawaguchi, Microsoft’s Vice President and AI Security Architect, stated, “We’re not yet talking about a timeline for general availability […] So much of this is about learning and learning responsibly, so we think it’s important to get it to a small group of folks, […] to make this the best possible product.”

Advantages of Microsoft Security Copilot

Simplifying complex issues and quickening responses

As Jakkal states, “[Security Copilot] can process 1,000 alerts and give you the two incidents that matter in seconds”, opposed to hours or even days. On average, security experts face 174,000 alerts a week, analysing approximately 12,000 of them, with around 4 days to resolution. Security Copilot provides step-by-step guidance, accelerating the investigation process and an analyst’s response time. The model’s capacity to quickly and efficiently summarise processes and a diverse range of threats ensures that defenders can prioritise the most important cyber risks.

Closed-loop learning system

Security Copilot is a closed-looped learning system, meaning it’s constantly learning and utilising user feedback to fine-tune and reinforce its skills. Like any other AI-generated content, Microsoft admits that Security Copilot may contain mistakes. Yet, as it continues to learn from its interactions with security professionals, the model will adapt its responses to formulate more efficient and pertinent solutions.

Unparalleled threat intelligence

At present, Microsoft Security is surveilling over 50 ransomware gangs and 250 nation-state cybercriminal organisations, receiving around 65 trillion cybersecurity threat signals every day. Furthermore, Microsoft prevents over 25 billion password theft attempts per second, with its analysts utilising more than 100 data sources. Employing industry-leading threat intelligence, Security Copilot means that defenders have access to the latest knowledge of cyber attackers, their techniques, and processes, to ensure a higher level of detection.

Potential Risks of AI Technology

Although there are benefits to using AI, new and innovative technologies also pose fresh challenges. As Richard Anning, Head of the Tech Faculty at ICAEW, notes, “While companies are using AI to help defend themselves against cyberattacks, the cyber criminals are using AI to get around AI defences.”

Another risk of AI-powered security lies in data protection and access management. Chris Harris, EMEA Technical Director, states, “There’s also the risk of the technology pulling data that it shouldn’t. For example, if it misunderstands the instruction and pulls data from another client’s project.”

However, Kawaguchi stresses that Microsoft Security Copilot complies with the same data-sharing restrictions and regulations as the other security services it integrates with, such as Microsoft Sentinel or Defender.

The AI-Powered Future of Cyber Defence

Whilst current AI systems appear to merge the efforts of machine learning capabilities and human intelligence, experts predict a future with minimal human intervention, as AI begins to move beyond an advisory role.

Rather than alerting defenders of security breaches and providing guidance on the best solutions, AI will apply security automatically. Utilising pre-learnt logic and actions, AI models will have the capacity to make contextualised guesses, with the ability to self-repair.

Embracing technological advancements, like Microsoft Security Copilot, is key to creating safer environments for cybersecurity analysts in the future. However, the challenge remains in being able to appropriately mediate the collaboration between humans and technology. If done successfully, it could make for a powerful team.