Microsoft Security Blog notes that AI threat modeling is used to identify misuse, emergent risks, and failure modes in probabilistic and agentic AI systems.
Microsoft reports a developer-targeting campaign that used malicious Next.js repositories to achieve remote code execution and establish command-and-control via normal build workflows, aiming to blend into routine development activity.
· security
· timeframe: 2026-02
· tags: Microsoft Defender, SOC, autonomous defense, managed security services, AI security
Guide-style post arguing that manual SOC processes and legacy tools can’t keep up with AI-enabled attacks, and positioning Microsoft Defender’s autonomous capabilities plus expert-led services as the proposed approach.
Microsoft published a new e-book positioned as a maturity-based guide for adopting Microsoft Security Exposure Management. It focuses on moving from fragmented, reactive security practices to a unified exposure management approach intended to support proactive defense.
Microsoft Security Blog outlines risks of self-hosted agent runtimes (like OpenClaw) that execute untrusted input while holding long-lived credentials, creating compounded supply-chain exposure. It emphasizes governance plus identity controls and runtime isolation to reduce credential and execution risk in enterprise deployments.
· security
· timeframe: 2026-02
· tags: Microsoft Copilot Studio, agent security, Microsoft Defender, configuration, access control, orchestration, risk management
Microsoft outlines 10 common security risks in Copilot Studio agents and pairs each with suggested detection and mitigation approaches using Microsoft Defender. The focus is on preventing exposure from configuration, access, and orchestration weaknesses.
Microsoft announced its presence at the RSAC 2026 Conference and positioned its show-floor content around “Frontier Firms,” described as human-led and agent-operated organizations.
Microsoft Security Blog published a post promoting a new buyer’s guide for selecting a unified, AI-ready SIEM platform aimed at supporting “agentic” AI-era security operations.
Microsoft Security Blog post promoting its Cyber Pulse report, focused on cybersecurity risks related to active AI agents and the need for observability, governance, and security.
Microsoft security researchers describe a growing pattern of “AI Recommendation Poisoning,” where attackers poison an AI system’s memory to manipulate future recommendations for promotional gain.
Microsoft reports active exploitation of SolarWinds Web Help Desk using CVE-2025-40551 and CVE-2025-40536 that can lead to domain compromise, and provides guidance to patch, hunt, and mitigate.
· security
· timeframe: 2026-02
· tags: security, malware, phishing/social-engineering, RAT, python, windows, living-off-the-land, persistence, microsoft
Microsoft reports a new ClickFix variant, “CrashFix,” that intentionally crashes browsers to trick users into running commands that install a Python-based remote access trojan (RAT). The campaign abuses built-in utilities (finger.exe) and a portable Python runtime to reduce detection and maintain persistence on targeted systems.
Microsoft explains that many incidents stem from inconsistent implementation of known security controls and describes its support for Operation Winter SHIELD to help organizations close this “implementation gap.”
Microsoft published research on detecting backdoors in open-weight language models and described a scanner intended to identify backdoored models at scale.
Microsoft describes an updated Secure Development Lifecycle (SDL) approach aimed at securing AI systems, combining internal policy, security research, and enablement activities.
· security
· timeframe: 2026-02
· tags: macOS, infostealer, Python malware, credential theft, malware distribution, platform abuse, Microsoft Security Blog
Microsoft describes recent infostealer activity targeting macOS, highlighting Python-based stealers and distribution techniques that abuse trusted platforms and common utilities.