Security for AI agents: What companies that use AI agents should consider

Security for AI agents is a Microsoft Defender capability designed to discover, monitor, protect, and investigate artificial intelligence agents in enterprise environments.

Its introduction is particularly relevant for organizations that use or evaluate agents created with tools such as Copilot Studio. These agents do more than just answer queries: they can access data, query systems, invoke tools, and perform actions on behalf of users or processes.

Security for AI agents is not just a technical innovation. It is a sign that AI agents are beginning to require the same level of inventory, governance, monitoring, and protection as other critical infrastructure assets.

In this article, we examine what this capability entails, who it may affect, and what IT teams should begin to evaluate.

AI agents are now assets that require oversight

For a long time, the adoption of artificial intelligence in businesses was viewed primarily through the lens of productivity. The focus was on automating tasks, speeding up responses, or improving the experience for internal and external users.

But AI agents are changing the landscape. They don’t just respond—they can also take action.

This forces IT teams to reevaluate their security model. If an agent has access to internal information, connectors, tools, or operational workflows, it becomes part of the technological environment that must be governed.

The risk isn’t merely that an agent exists. The risk arises when that agent proliferates without being inventoried, without clear accountability, without permission limits, and without sufficient traceability.

For an organization, the key questions are simple:

• What agents exist today?
• Who created them and who manages them?
• What data can they access?
• What tools can they run?
• What actions are logged?
• What happens if they perform a risky action?

Without these answers, the adoption of AI may outpace the ability to control it.

What is Security for AI agents

Security for AI agents is a security capability that enables teams to detect, monitor, and protect AI agents within the Microsoft Defender ecosystem.

In Microsoft’s documentation, these capabilities are associated with agent inventory, Advanced Hunting, real-time protection, alerts, and investigation.

For agents created with Copilot Studio, Microsoft Defender can detect custom agents within the tenant. It also allows you to identify potentially risky configurations and collect data for hunting tasks.

In practical terms, this addresses three key needs:

• Inventory: knowing which agents exist in the organization.
• Monitoring: observing activity, configurations, and potential risk indicators.
• Protection: detecting, blocking, and investigating suspicious or harmful actions.

This visibility is the first step. You cannot protect what you do not know. And in environments where both technical and non-technical users can create agents, inventory ceases to be an administrative task and becomes a security requirement.

Why Microsoft Integrates It with Defender XDR and Agent 365

The integration with Microsoft Defender XDR and Microsoft Agent 365 addresses a specific challenge: AI agents require controls that match their capabilities.

Microsoft describes Agent 365 as an extension of existing security infrastructure to agents. To achieve this, it relies on Microsoft Defender, Microsoft Entra, and Microsoft Purview.

The goal is to provide centralized visibility, identity controls, data security, and protection against specific threats for agents.

This is relevant because agent security cannot be addressed from a single layer. It requires combining:

• Identity and access.
• Permissions and privileges.
• Data protection.
• Activity monitoring.
• Alerts and investigation.
• Governance throughout the agent’s lifecycle.

From an infrastructure perspective, this confirms a clear trend: AI agents are beginning to be integrated into the company’s technology operations. That is why they must be managed as corporate assets, not as isolated experiments.

What Risks It Aims to Mitigate

AI agents can increase the attack surface if not managed properly.

Microsoft identifies several risks: agents with excessive permissions, weak configurations, or misuse of authorized tools. It also mentions threats such as prompt injection and data leakage.

In companies using Copilot Studio or other low-code/no-code platforms, another challenge arises: non-technical users can create and deploy agents without centralized security review.

In such scenarios, an attacker could attempt to inject malicious prompts, trigger unwanted tool executions, or exploit data sources to escalate privileges or extract information.

The most significant risks for IT teams are:

• Shadow AI: agents created without visibility from the technology or security teams.
• Excessive permissions: broader access than necessary.
• Misuse of tools: actions executed outside of expected behavior.
• Data exposure: access to or disclosure of sensitive information.
• Weak configurations: lack of authentication, limits, or adequate controls.
• Lack of traceability: difficulty investigating what an agent did and what the impact was.

The response should not be to slow down the adoption of AI. The response should be to establish adequate controls so that adoption can proceed safely.

What Security for AI agents enables

Microsoft Defender includes capabilities to address different stages of the agent security lifecycle. According to Microsoft’s documentation, protection for AI agents can include:

• detection of agents created with Copilot Studio,
• data integration with Advanced Hunting,
• monitoring of suspicious activity,
• and real-time alerts and protection to block harmful actions initiated by agents.

In operational terms, Security for AI agents enables the discovery of AI agents within the environment. At the same time, it allows users to view relevant information from the Microsoft Defender portal and analyze configurations and risk factors.

It also allows you to:

• use Advanced Hunting to investigate threats or misconfigurations;
• detect suspicious activity;
• block risky actions in specific scenarios; and
• generate alerts integrated into the XDR incident environment.

It is important to note: these capabilities depend on the scenario, platform, license, and enabled settings. They should not be interpreted as universal coverage for any agent or any integration.

Who May Be Affected by This Update

This topic should be reviewed in particular by organizations that are already using or evaluating AI agents with access to internal data, tools, or processes.

The most relevant scenarios are:

• Companies that create agents using Microsoft Copilot Studio.
• Organizations that are deploying agents connected to corporate information.
• Teams that need to track and manage AI agents.
• Security teams already operating with Microsoft Defender XDR.
• Companies looking to scale AI without losing control over permissions, data, and activity.

Not all organizations will have the same level of urgency. A company conducting controlled testing faces different risks than one that has already integrated agents into operational processes or critical workflows.

Therefore, the first step is not to activate tools in isolation. The first step is to understand the actual use of AI agents within the organization.

What You Should Review Before July 1, 2026

July 1, 2026, is a key date for reviewing the licensing and continuity of these capabilities.

Microsoft states that, until that date, organizations can access Copilot Studio’s AI agent inventory and detection without a Microsoft Agent 365 license if they have Microsoft Defender for Cloud Apps and opt for the Preview features of Microsoft Defender for Cloud Apps and Defender XDR.

This does not mean that all companies must immediately purchase new licenses. But it does send a clear signal: Microsoft is moving the visibility and protection of AI agents toward a more specific governance and licensing model.

For IT teams, the recommendation is to plan ahead. If the organization already uses agents, it is advisable to review which capabilities are active, under which licenses, with what scope, and what changes could impact the continuity of monitoring.

What IT teams should review

Before scaling up the use of AI agents, organizations should conduct a technical and governance review. The goal is not only to ensure compliance with a configuration but also to reduce operational and security risks.

An initial checklist should include:

• Inventory: Identify which agents exist and on which platforms they were created.
• Responsibilities: Define technical and functional owners for each agent.
• Permissions: Review access, connectors, tools, and privileges.
• Data: Assess what information each agent can access, process, or share.
• Traceability: Confirm what activity is logged.
• Alerts: Validate whether the security team can detect suspicious behavior.
• Response: Define how to respond to a risky or unauthorized action.
• Licensing: Review which capabilities Agent 365 will require starting in July 2026.

This analysis should involve security, infrastructure, Microsoft 365 administration, Power Platform, and the business areas driving AI use cases.

In this type of review, the value lies not only in enabling a Microsoft capability. It also lies in organizing the governance model: which agents exist, what permissions they have, what risks they introduce, and how they integrate into the organization’s security strategy.

At Wezen, we support this process with a comprehensive view of infrastructure, cybersecurity, continuity, and operations.

Frequently Asked Questions About Security for AI Agents

What is Security for AI Agents?

It is a Microsoft Defender capability designed to discover, monitor, protect, and investigate artificial intelligence agents within corporate environments.

Is Security for AI Agents a standalone product?

It should not be interpreted that way. It is part of a set of security capabilities within the Microsoft Defender ecosystem, linked to Agent 365 and other Microsoft security tools.

Does this affect companies using Copilot Studio?

Yes. Microsoft documents specific capabilities to detect and protect custom agents created with Copilot Studio within the tenant.

What happens on July 1, 2026?

Starting on that date, Microsoft states that organizations will need a Microsoft Agent 365 subscription to continue using protection and visibility capabilities for AI agents.

What should a company review first?

The agent inventory, their permissions, the tools they can use, the data they access, and the actual monitoring and investigation capabilities.

Securing AI agents also means governing the infrastructure

Security for AI agents confirms that AI security can no longer be treated separately from the infrastructure.

When an agent accesses data, invokes tools, or performs actions, it also becomes a point of risk, control, and operational continuity.

For IT leaders, the challenge is not to block innovation. It is to prevent the adoption of AI agents from proceeding without visibility, without clear accountability, and without controls commensurate with their capabilities.

Organizations using Copilot Studio or planning to scale agents should review their security posture now. The central question is straightforward: Do we know which agents we have, what they can do, and how to respond if they act in a risky manner?

In this scenario, having specialized support allows you to assess risks, define controls, and scale these environments with a comprehensive view of infrastructure, cybersecurity, and operations.

Check whether your AI agents have the visibility, permissions, and controls required for secure operations. Write to us.

Image: Generated by AI (DALL·E 3 – GPT-4o), OpenAI, 2026.

Sources

• Microsoft. Discover and protect AI agents with Microsoft Defender (Preview). Microsoft Learn. URL
• Microsoft. Protect your Microsoft Copilot Studio AI agents (Preview). Microsoft Learn. URL
• Microsoft. Discover AI agents and assess security posture using Microsoft Defender (Preview). Microsoft Learn. URL