Microsoft Security Copilot, AI comes to cybersecurity

A few weeks ago Microsoft announced the launch of Security Copilot, a tool that, as they explained: “Security Copilot can help detect what other approaches might miss and augment an analyst’s work.


Security Copilot works with artificial intelligence to focus on the cybersecurity domain, to help and facilitate professionals in the early detection of attacks, analyzing large amounts of data, and detecting possible indications of cyber threats. This is done by combining Microsoft’s extensive experience in the cybersecurity industry with an extensive language model (LLM).

Security Copilot is Copilot’s first specialized tool and the first security product that will allow defenders to move at the speed and scale of AI.

This tool utilizes the power of GPT-4 generative AI, which is a type of artificial intelligence that uses large datasets and linguistic models to generate patterns and content such as images and/or videos.


What Microsoft tells us is that they have designed it to work seamlessly with security teams. This tool will make it easier for them to see what is happening in their environment, being able to learn from the intelligence reports they have, correlate threat activity and make decisions more efficiently.

In addition, Security Copilot integrates with other Microsoft security tools such as Sentinel, Defender, and Intune to provide customized guidance for each organization.

A user query is what triggers the Security Copilot, similar to ChatGPT. Microsoft has limited the use of chat to security-related queries, allowing it to focus on the main objective by continuously learning from interactions to adapt to each business environment.

Let’s take a look at the main features of Microsoft Security Copilot.


It has a central notification bar, where you can ask questions.


For example, we can ask about suspicious user logins, which threats are currently the most prevalent, or how to improve our web security.


Security Copilot allows us to attach files, URLs, and code fragments so that it can analyze them and give us information about incidents or alerts. The tool will search for known vulnerabilities and security holes by examining the assets in the environment one by one.

How-Microsoft-Security-Copilot-threat-search-Itequia works


We can also ask the tool to produce security reports, which can be customized to the needs of our organization.




Security Copilot is designed to be constantly evolving. The tool will be updated with the latest versions of threat intelligence to ensure that companies are always protected against current threats.

The tool will provide continuous access to the most advanced OpenAI models, to support security tasks and applications with a high level of security.


Microsoft, however, warns us that the answers we receive from Security Copilot may contain errors. As it is a closed-loop learning system, which means that it will continuously learn from users. That’s why it allows us to add comments and indicate if the answer was incorrect, unclear, or incomplete.

From Microsoft they ask for patience. As they learn from user feedback, they’ll fine-tune responses to create more consistent, relevant, and valuable new responses. Security Copilot is not just a large language model, but a learning system. To allow organizations to defend themselves at the speed of the machine.


At the same time, they make it clear to us that our data is our data and always remains under our control. Won’t use our questions and answers to train basic artificial intelligence models. They have implemented the most comprehensive and stringent security and compliance controls to protect this information.

Even though we keep it private, we can share interactions with other team members. To expedite incident response, enhance collaboration on complex issues, and develop collective skills.

In addition, if any of the responses are of interest to us and we think we might need them in the future, we can pin them to the Pin Board. With the “Pin” button below.


The Pin Board will contain the answers as you work on an investigation. We will be able to share, export, and collaborate with other users.

There is the “Prompt Book”, which is where we can collect the notices. A set of steps or automations that we or someone on our team has developed that allows us to automate complex tasks and share them with the security team.


What we have been able to see is enough to tell us that it is a very powerful tool. Although Security Copilot is currently in a preview version and is not open to the public, and there is no set date for its final release.

Because it is so intuitive, easy to use, and customizable. It makes it a perfect choice for companies that want to protect themselves against potential cybersecurity threats. Whether or not they have a specialized cybersecurity or IT team.

Sandra Cabrera García – Software Developer at Itequia