Microsoft announced its new AI-powered assistant, developed to help cybersecurity workers identify both active and potential threats or breaches, as well as interpret overwhelming amounts of incoming data and signals.
Dubbed Microsoft Security Copilot, the company made the announcement at its inaugural Microsoft Secure Event on Tuesday.
The tool will combine the power of OpenAI’s latest ChatGPT-4 generative intelligence and Microsoft’s “cyber-trained model” to bolster cybersecurity while delivering high security and data privacy — all while running on Microsoft’s “Azure hyperscale infrastructure,” the company said.
Users who remember Microsoft’s famous ‘Clippy’ know that the company likes its virtual assistants. Microsoft revealed in January that it would be investing billions in ChatGPT to revive Clippy in a cutting-edge light.
Security Copilot is enterprise-only, though, Microsoft said in a blog post. Aesthetically, it looks like other chatbots and offers a user prompt box for queries. A Wednesday YouTube presentation about Security Copilot explained that the tool helps security professionals speed up and offload their work and collaborate in a shared workspace.
Copilot “uses AI to generate a response to the prompt, using what if finds externally and internally to your organization,” Director of Security Research at Microsoft Holly Stewart explained in the video.
Microsoft added that Copilot is a “paradigm shift” that will help reduce the stress of securing organizations caused by “a global shortage of skilled security professionals.”
The tool follows the release of Microsoft’s Copilot assistant for its Office apps in mid-March. On March 16, a Twitter user demonstrated how Copilot for Office can automatically create a Powerpoint presentation.
Copilot Aids Organizations’ Cybersecurity
Security Copilot is “informed by Microsoft’s unique global threat intelligence and more than 65 trillion daily signals,” Microsoft said, adding that it allows organizations to better detect threats and strengthen their security posture.
Microsoft went on to say that Copilot security professionals can respond to threats within minutes, heed guidance from the tool via a “natural language-based investigation experience,” as well as summarize and report findings intelligently.
Furthermore, the tool can discover obfuscated threats faster and it can anticipate “a threat actor’s next move with continuous reasoning,” together with Microsoft’s threat intelligence database.
Vulnerability Management and Reverse-Engineering Capability
The tool can also manage vulnerabilities better than its human counterparts, reducing the load on human security teams. For instance, users can ask the tool about the well-known Log4j vulnerability and share results with others on a team via a “pinboard.”
Copilot can also “reverse-engineer” code scripts, which is essential for cybersecurity investigations, Microsoft’s video explained. Users can then share this data with others via a “Prompt Book.”
Copilot was also able to reverse-engineer a malicious Powershell script and explain what it did step-by-step so that anyone could understand the process, Microsoft’s video said.
Cybersecurity firm Sophos confirmed GPT-3’s threat-hunting ability through three projects it had announced on March 16, including searching for malicious “powershell.exe” system processes.
Copilot Transparency and Data Privacy Compliancy
Microsoft also said they are committed to protecting user data privacy with Copilot, that it will not use any data “to train or enrich foundation AI models,” and that this data will be end-to-end encrypted.
“Security Copilot also integrates with the end-to-end Microsoft Security products, and over time it will expand to a growing ecosystem of third-party products,” Microsoft added.
Copilot’s Current Limitations
Microsoft Security Copilot also has its limitations, Microsoft said. ChatGPT’s parent company OpenAI had already said upon unveiling GPT-4 on March 14 via its blog that “GPT-4 has similar limitations as earlier GPT models,” adding that “it is still not fully reliable (it ‘hallucinates’ facts and makes reasoning errors).”
The tool is now in technical preview mode and only available to select customers who had early access via OpenAI’s website at this time, however, interested parties can still contact Microsoft Security for more details and check out GitHub Copilot.
