Brief IA

Microsoft Enhances AI Agent Security with Agent 365 and ASSERT

🛠️ AI Tools·Tom Levy·

Microsoft Enhances AI Agent Security with Agent 365 and ASSERT

Microsoft Enhances AI Agent Security with Agent 365 and ASSERT
Key Takeaways
1Microsoft unveiled Agent 365 at Build 2026 to secure AI agents in the enterprise, integrating Entra, Defender, and Purview.
2The open-source project ASSERT allows for testing AI agents against predefined security policies, detecting behavioral discrepancies.
3MDASH, a multimodal system, mobilizes over 100 agents to identify software vulnerabilities and propose fixes.
💡Why it mattersThe security of AI agents is becoming crucial as they access sensitive data and perform critical actions in the enterprise.
Le brief IA que lisent les pros

Le brief IA que les pros lisent chaque soir

Les 7 actus IA du jour, décryptées en 5 min. Gratuit.

Inclus dès l'inscription : notre sélection des meilleurs guides & comparatifs IA.

Choisis ton rythme

Gratuit · Pas de spam · Désabonnement en 1 clic

📄
Full Analysis

Microsoft Strengthens AI Agent Security in the Workplace

At the Build 2026 conference, Microsoft unveiled an ambitious strategy to secure AI agents in professional environments. Aware of the rapid advancement of agent-based AI, the company presented a series of tools designed to monitor these agents, regulate their access, and mitigate the risks associated with their deployment. These increasingly autonomous systems are moving away from the traditional framework of assistants that wait for a command before responding. In businesses, they are already connected to files, messaging systems, business tools, code repositories, or cloud environments. Microsoft has therefore laid the groundwork for structured oversight to track these agents, control their actions, and integrate them into existing security circuits.

Agent 365: The Guardian of AI Agents

Microsoft's direct response to these challenges is called Agent 365. This service is designed to extend the capabilities of Entra, Defender, and Purview to observe, govern, and secure AI agents, whether they are executed locally or in the cloud. The goal is to prevent each team from deploying its own agents without a usable overview. Microsoft aims to link every new active object in the information system to rules of identity, compliance, and oversight. AI agents can inherit rights, access data, and act on behalf of a user, a team, or a business process. This approach is reinforced by Microsoft Execution Containers (MXC), which governs the local execution of agents in system-isolated environments. MXC imposes technical limits when these agents manipulate code, files, or network resources, while Agent 365 provides a broader view of their presence, rights, and behavior.

ASSERT and Agent Control Specification: Framing and Testing Agents

To support Agent 365, Microsoft offers two open-source projects. ASSERT (Adaptive Spec-driven Scoring for Evaluation and Regression Testing) allows for testing an AI agent, verifying that it adheres to expected rules, and identifying any behavioral discrepancies. Agent Control Specification complements this approach by defining where to place safeguards during the execution of agents. An agent does not always produce a response in a single step. It may retrieve context, establish a plan, call a tool, produce an intermediate result, and then adjust its trajectory based on what it obtains. Therefore, checks must be able to intervene before sensitive actions, such as when an agent accesses a resource or is about to launch an operation, rather than afterward.

MDASH: Detecting Vulnerabilities with the Help of AI Agents

Finally, Microsoft introduced MDASH, a multimodal agent system that mobilizes over 100 agents to detect software vulnerabilities. MDASH analyzes data flows and identifies potential exploitation chains. The proposed patches are then integrated into the Microsoft Defender portal, allowing for the linking of analysis and remediation to the tools already used by security teams. This approach aims to enhance software security by using the AI agents themselves to identify and rectify potential flaws, thereby ensuring proactive and continuous protection of information systems.

Brief IA — L'actualité IA en français

L'essentiel de l'actualité de l'intelligence artificielle, décrypté et expliqué chaque jour.