WEBVTT

00:00:03.679 --> 00:00:06.240
Welcome to the Azure Security Podcast, where

00:00:06.240 --> 00:00:08.759
we discuss topics relating to security, privacy,

00:00:09.039 --> 00:00:11.480
reliability, and compliance on the Microsoft

00:00:11.480 --> 00:00:15.880
Cloud Platform. Hey everyone, welcome to episode

00:00:15.880 --> 00:00:19.100
112. This week it's just myself, Michael. Everyone

00:00:19.100 --> 00:00:22.079
else is busy. And our guest this week is Ryan

00:00:22.079 --> 00:00:24.920
Munch, who's here to talk to us about security

00:00:24.920 --> 00:00:27.920
co -pilots and security co -pilot agents. But

00:00:27.920 --> 00:00:30.140
before we get to our guest, I just want to take

00:00:30.140 --> 00:00:31.300
a little lap around the news. I actually have

00:00:31.300 --> 00:00:34.759
some pretty important items to talk about. The

00:00:34.759 --> 00:00:37.179
first one, this is honestly just from my old

00:00:37.179 --> 00:00:40.200
stomping ground in Azure Data, but this is actually

00:00:40.200 --> 00:00:41.939
really important. I really want to stress this

00:00:41.939 --> 00:00:44.780
one. There's a blog post written by one of my

00:00:44.780 --> 00:00:47.179
old colleagues about why it's time to migrate

00:00:47.179 --> 00:00:51.060
from system .data .sqlclient to microsoft .data

00:00:51.060 --> 00:00:55.100
.sqlclient. It's not just about adding features.

00:00:55.179 --> 00:00:58.719
It's also about the fact that Microsoft .data

00:00:58.719 --> 00:01:02.859
.sqlclient will support more security capabilities

00:01:02.859 --> 00:01:06.079
moving forward. So for example, things like TLS

00:01:06.079 --> 00:01:08.780
being enabled by default, that's all enforced

00:01:08.780 --> 00:01:12.560
in the client. So if you've got managed code

00:01:12.560 --> 00:01:15.799
that is currently running on system .data .sqlclient,

00:01:15.900 --> 00:01:18.879
you need to start moving across to Microsoft

00:01:18.879 --> 00:01:24.590
.data .sqlclient. Next one is if you're using

00:01:24.590 --> 00:01:28.530
Azure DevTest Labs, we now support Generation

00:01:28.530 --> 00:01:32.349
2 VMs using Trusted Launch. So this will give

00:01:32.349 --> 00:01:36.750
you much higher kind of robustness and basically

00:01:36.750 --> 00:01:39.810
just more secure workloads because it will support

00:01:39.810 --> 00:01:43.430
things like secure boot, virtual TPM, virtualization

00:01:43.430 --> 00:01:45.890
-based security or VPS, as well as Microsoft

00:01:45.890 --> 00:01:49.000
Defender for cloud integration. Next one is virtual

00:01:49.000 --> 00:01:52.140
network tap. So we now support a virtual network

00:01:52.140 --> 00:01:55.120
terminal access point or a tap that allows you

00:01:55.120 --> 00:01:58.099
to continuously stream virtual machine network

00:01:58.099 --> 00:02:01.000
traffic to a network packet collector or analysis

00:02:01.000 --> 00:02:04.400
tool. Very, very cool. Very commonly used, but

00:02:04.400 --> 00:02:07.980
now we support it in our VMs. Azure Front Door

00:02:07.980 --> 00:02:10.960
Web Application Firewall, or the WAF, now supports

00:02:10.960 --> 00:02:13.800
Capture. This is actually in preview, but it's

00:02:13.800 --> 00:02:15.879
great that they've now added Capture support,

00:02:16.199 --> 00:02:18.939
which is there to help block malicious automated

00:02:18.939 --> 00:02:24.060
requests. Next item is in public preview. We

00:02:24.060 --> 00:02:27.460
have inbound private endpoint support for standard

00:02:27.460 --> 00:02:31.500
version 2 tier of API management. I mean, I've

00:02:31.500 --> 00:02:34.000
talked about this many times, but there are certain

00:02:34.000 --> 00:02:35.860
things that are happening across Microsoft, things

00:02:35.860 --> 00:02:38.250
like customer managed key support versus system

00:02:38.250 --> 00:02:41.590
managed keys, managed identities versus usernames

00:02:41.590 --> 00:02:44.270
and passwords. Another big one is better support

00:02:44.270 --> 00:02:47.229
for private endpoints. So it's great to see that

00:02:47.229 --> 00:02:50.590
API management is now supporting that for standard

00:02:50.590 --> 00:02:53.689
V2. Another one which is kind of a little bit

00:02:53.689 --> 00:02:55.069
what we're going to talk about for the rest of

00:02:55.069 --> 00:02:57.990
the day is Azure Firewall is now integrated with

00:02:57.990 --> 00:03:01.240
Microsoft Security Copilot. I'm sure that Ryan

00:03:01.240 --> 00:03:02.860
will explain this in a little bit more detail,

00:03:03.139 --> 00:03:04.759
but this is something we're certainly seeing

00:03:04.759 --> 00:03:06.240
across the board. I probably should add to the

00:03:06.240 --> 00:03:09.699
list, managed identities, CMK, and private endpoints.

00:03:10.039 --> 00:03:12.219
We're seeing more support for Copilot across

00:03:12.219 --> 00:03:16.139
various security workloads. Next one is that

00:03:16.139 --> 00:03:20.400
the April 2025 progress report for our Microsoft

00:03:20.400 --> 00:03:24.080
Secure Future Initiative is now available. It's

00:03:24.080 --> 00:03:26.800
not only available as a document, it's also available

00:03:26.800 --> 00:03:29.020
as a recording as well. So you can listen to

00:03:29.020 --> 00:03:31.430
it for those who, who have vision impairments

00:03:31.430 --> 00:03:33.530
or prefer to listen to it, it's available for

00:03:33.530 --> 00:03:36.110
you to listen to as well. And the last item,

00:03:36.169 --> 00:03:39.189
before we finally get to Ryan, there's now versionless

00:03:39.189 --> 00:03:41.569
customer managed key support in Azure Database

00:03:41.569 --> 00:03:44.090
for PostgreSQL. There's a blog post written by

00:03:44.090 --> 00:03:46.210
my old colleague and actually co -author as well,

00:03:46.270 --> 00:03:49.150
Heinrich Gantenbein, that explains the rationale

00:03:49.150 --> 00:03:52.330
why it was done and how that is supported in

00:03:52.330 --> 00:03:54.409
Azure Database for PostgreSQL. So again, here's

00:03:54.409 --> 00:03:57.370
another example of a product using customer managed

00:03:57.370 --> 00:03:59.909
keys. All right, so that's the news out the way.

00:04:00.569 --> 00:04:03.270
Now let's turn our attention to our guest. As

00:04:03.270 --> 00:04:05.469
I mentioned at the top, our guest this week is

00:04:05.469 --> 00:04:08.090
Ryan Munch. Ryan, we'd like to take a moment

00:04:08.090 --> 00:04:10.909
and introduce yourself to our listeners. Thanks

00:04:10.909 --> 00:04:12.590
for having me on, Michael. It's great to be back.

00:04:13.000 --> 00:04:16.220
I'm part of the Microsoft Security Copilot product

00:04:16.220 --> 00:04:19.100
team. So in the team, I'm focused on a few different

00:04:19.100 --> 00:04:21.740
things. One, growing out our partner ecosystem,

00:04:22.040 --> 00:04:24.600
specifically our MSSPs and how they think about

00:04:24.600 --> 00:04:27.279
building agents. And then a myriad of different

00:04:27.279 --> 00:04:30.500
functionalities, such as logging within Security

00:04:30.500 --> 00:04:34.120
Copilot and agents. All right, so let's get stuck

00:04:34.120 --> 00:04:36.639
into the agenda. Look, so I mean, you hear sort

00:04:36.639 --> 00:04:39.019
of Security Copilot or the term Security Copilot

00:04:39.019 --> 00:04:42.660
kind of thrown around almost with abandon. So

00:04:42.660 --> 00:04:45.300
what is going on with security co -pilot and

00:04:45.300 --> 00:04:47.319
agents, which is what we're here to talk about?

00:04:47.560 --> 00:04:50.360
So what should our listeners know about? What's

00:04:50.360 --> 00:04:52.100
the elevator pitch? If you were to walk out of

00:04:52.100 --> 00:04:54.079
an elevator after talking to somebody, what would

00:04:54.079 --> 00:04:56.000
they know about security co -pilot and agents?

00:05:00.430 --> 00:05:03.129
We have moved fast in the past year and a half.

00:05:03.230 --> 00:05:06.069
We were the first solution out to market. We

00:05:06.069 --> 00:05:08.610
have learned a lot, and we have now evolved into

00:05:08.610 --> 00:05:11.410
what I think you see typical across a lot of

00:05:11.410 --> 00:05:13.550
different Microsoft AI solutions, and that is

00:05:13.550 --> 00:05:18.009
we are now an agent -based AI platform. All right,

00:05:18.069 --> 00:05:20.970
so a really, really dumb question. When would

00:05:20.970 --> 00:05:23.329
people use this? Why would they use agents? There

00:05:23.329 --> 00:05:26.399
are examples of where it's being used. I really

00:05:26.399 --> 00:05:28.819
want to keep it super practical. What can people

00:05:28.819 --> 00:05:30.839
walk away with understanding how it can actually

00:05:30.839 --> 00:05:34.860
help them? Yeah, and we've seen an incredible

00:05:34.860 --> 00:05:37.600
journey of our customers over the past year and

00:05:37.600 --> 00:05:40.279
a half since our private preview and even our

00:05:40.279 --> 00:05:44.339
launch. And it started with customers going in

00:05:44.339 --> 00:05:46.620
and looking at things like scripts and email

00:05:46.620 --> 00:05:49.100
headers and trying to see what AI could do for

00:05:49.100 --> 00:05:51.939
them in a security context. We started off working

00:05:51.939 --> 00:05:55.379
pretty broadly. And where it's evolved and what

00:05:55.379 --> 00:05:58.620
we've seen from our customers is that they are

00:05:58.620 --> 00:06:00.920
still workflow and very much task -oriented.

00:06:01.540 --> 00:06:03.899
And where we can help the most and where agents

00:06:03.899 --> 00:06:07.420
help the most is, we believe, with specific tasks

00:06:07.420 --> 00:06:10.600
that are either mundane, repetitive in nature,

00:06:10.660 --> 00:06:13.300
or take a lot of manual effort. Stuff that really

00:06:13.300 --> 00:06:15.899
pairs well with a human and needs a... analysts

00:06:15.899 --> 00:06:18.300
in the loop, but stuff that you don't necessarily

00:06:18.300 --> 00:06:22.339
want to do. So a good example of this is user

00:06:22.339 --> 00:06:25.160
-submitted phishing email triage. That's one

00:06:25.160 --> 00:06:28.060
good case. Vulnerability analysis with whether

00:06:28.060 --> 00:06:30.220
or not you patched a system or patched different

00:06:30.220 --> 00:06:33.720
applications. That's another practical and pragmatic

00:06:33.720 --> 00:06:37.100
use case. The other one that I really like as

00:06:37.100 --> 00:06:39.120
well, it kind of gets into more of something

00:06:39.120 --> 00:06:41.860
you don't always need, but something that a lot

00:06:41.860 --> 00:06:44.649
of security practitioners maybe aren't necessarily

00:06:44.649 --> 00:06:46.990
as familiar with as those that live it and breathe

00:06:46.990 --> 00:06:49.790
it every day, which is threat intelligence. And

00:06:49.790 --> 00:06:52.509
knowing what a threat actor is, how they operate,

00:06:52.670 --> 00:06:55.709
or how they specifically would attack your organization

00:06:55.709 --> 00:06:58.490
isn't something that everyone is always up to

00:06:58.490 --> 00:07:01.709
date on. So that becomes something that can empower

00:07:01.709 --> 00:07:04.250
people in a way that would otherwise take a lot

00:07:04.250 --> 00:07:06.170
of time. I mean, there are lots of tools that

00:07:06.170 --> 00:07:11.310
people use outside of the Microsoft. Are there

00:07:11.310 --> 00:07:14.029
integrations with other services that people

00:07:14.029 --> 00:07:18.089
may use on a daily basis? Yeah, and this is a

00:07:18.089 --> 00:07:20.509
great question. And candidly, it's one of my

00:07:20.509 --> 00:07:23.649
favorites because I think it represents a philosophical

00:07:23.649 --> 00:07:26.850
shift of how people perceive what Microsoft is

00:07:26.850 --> 00:07:30.449
doing, but also reflects a lot of what we passionately

00:07:30.449 --> 00:07:32.910
believe that security should do and how it should

00:07:32.910 --> 00:07:36.779
operate across any ecosystem. When we look at

00:07:36.779 --> 00:07:38.899
what we're trying to achieve with Security Copilot,

00:07:38.920 --> 00:07:42.519
we recognize that a workflow could exist in any

00:07:42.519 --> 00:07:44.740
state. You could be starting it. You could be

00:07:44.740 --> 00:07:46.740
beginning it. You could need to augment it anywhere

00:07:46.740 --> 00:07:50.139
in between. And a workflow could persist across

00:07:50.139 --> 00:07:52.879
any number of different systems, and it could

00:07:52.879 --> 00:07:56.060
exist exclusively outside of a Microsoft system.

00:07:56.639 --> 00:07:59.439
So what this means is that we have to build out

00:07:59.439 --> 00:08:03.560
a solution, a platform that accounts for all

00:08:03.560 --> 00:08:06.430
of that and provides for that possibility. Otherwise,

00:08:06.589 --> 00:08:10.569
as a good steward of a solution provider in the

00:08:10.569 --> 00:08:13.430
security community, if we're providing a solution

00:08:13.430 --> 00:08:16.589
that doesn't allow that expansion, we're creating

00:08:16.589 --> 00:08:18.509
another security gap. We're creating a blind

00:08:18.509 --> 00:08:22.110
spot. So we are creating and working with agents

00:08:22.110 --> 00:08:24.649
from the mindset that this could tie into any

00:08:24.649 --> 00:08:27.730
solution in any workflow state. So this ties

00:08:27.730 --> 00:08:31.230
into the exact philosophy that we're trying to

00:08:31.230 --> 00:08:34.870
part. There's a lot of significant news we've

00:08:34.870 --> 00:08:37.129
announced over the past few months, both at Securin

00:08:37.129 --> 00:08:41.269
and as well as at RSA. But for me, I think ServiceNow

00:08:41.269 --> 00:08:44.269
was a bit of the most significant bits because

00:08:45.019 --> 00:08:47.299
it backs up exactly what we've been saying in

00:08:47.299 --> 00:08:49.620
that we have to work with partners and we have

00:08:49.620 --> 00:08:51.980
to meet users where they are and however they

00:08:51.980 --> 00:08:54.860
work. So with ServiceNow, they released a plugin,

00:08:54.940 --> 00:08:57.139
but more significantly, they also integrated

00:08:57.139 --> 00:08:59.940
Security Co -Pilot into their security operations

00:08:59.940 --> 00:09:02.580
center. And that's now something that their customers

00:09:02.580 --> 00:09:05.120
in a private preview can go out and enable and

00:09:05.120 --> 00:09:07.759
begin to work with. And what this reflects and

00:09:07.759 --> 00:09:10.460
what you'll start to see across more and more

00:09:10.460 --> 00:09:15.230
different platforms and Microsoft partners, is

00:09:15.230 --> 00:09:16.950
you will see security co -pilot live in more

00:09:16.950 --> 00:09:19.309
interfaces. You will see agents that are more

00:09:19.309 --> 00:09:21.929
accessible. And you will see agents that then

00:09:21.929 --> 00:09:24.710
are able to work with you in whatever workflow

00:09:24.710 --> 00:09:27.289
you are tasked with. And so it becomes something

00:09:27.289 --> 00:09:29.830
that's hands -on and right there for you. Now,

00:09:29.830 --> 00:09:33.490
specifically for ServiceNow, what this allows

00:09:33.490 --> 00:09:36.710
is kind of exactly what you'd think. Immediate

00:09:36.710 --> 00:09:40.360
incident triage. and ability to then advance

00:09:40.360 --> 00:09:43.000
it using the power of the security copilot platform.

00:09:43.379 --> 00:09:46.299
So sort of keeping with that topic, I mean, why

00:09:46.299 --> 00:09:49.919
is it better to use agents than what we've been

00:09:49.919 --> 00:09:53.740
using before? And that sounds really silly. Can

00:09:53.740 --> 00:09:55.399
you give us some examples of what we were using

00:09:55.399 --> 00:09:58.320
before? I mean, what sort of things can using

00:09:58.320 --> 00:10:00.580
agents improve over what people are currently

00:10:00.580 --> 00:10:04.940
using? Great question that you raised there,

00:10:04.960 --> 00:10:06.960
Michael, for a few different reasons. I think

00:10:06.960 --> 00:10:09.600
it splits into two facets for me. One is like

00:10:09.600 --> 00:10:12.159
the journey of AI, and two, it's the traditional

00:10:12.159 --> 00:10:15.019
journey of how you solve solutions in a security

00:10:15.019 --> 00:10:17.700
context. So if you think about the AI journey

00:10:17.700 --> 00:10:20.340
and where Security Copilot started, we launched

00:10:20.340 --> 00:10:24.659
a chat GPT -style interface. And we did so building

00:10:24.659 --> 00:10:27.399
on top of what now everyone refers to as a compound

00:10:27.399 --> 00:10:30.080
AI system before people even really knew what

00:10:30.080 --> 00:10:33.620
that was. We built a stateful AI. We had session

00:10:33.620 --> 00:10:37.200
memory. And we worked with multiple LLMs based

00:10:37.200 --> 00:10:39.860
on what we decided was relevant for a particular

00:10:39.860 --> 00:10:43.820
task that needed to be done. At the core of this,

00:10:43.879 --> 00:10:46.279
we built what was called an orchestrator. In

00:10:46.279 --> 00:10:48.860
a lot of ways, it was a precursor to what agents

00:10:48.860 --> 00:10:52.279
are today. And agents effectively are a means

00:10:52.279 --> 00:10:55.419
to decide what system to use against the task

00:10:55.419 --> 00:10:58.879
at hand and to provide the end -to -end solutioning,

00:10:58.879 --> 00:11:01.100
if you will, of whatever you're trying to achieve

00:11:01.100 --> 00:11:04.610
or what the agent is designed to achieve. And

00:11:04.610 --> 00:11:07.830
so with agents, in a lot of ways, it represents

00:11:07.830 --> 00:11:11.330
an evolution of what we started with, with Security

00:11:11.330 --> 00:11:13.950
Co -Pilot and the Orchestrator, to probably what

00:11:13.950 --> 00:11:17.090
is something that is more robust, more evolved,

00:11:17.230 --> 00:11:20.889
and has a greater industry support. Then if you

00:11:20.889 --> 00:11:23.470
pair that with, well, should I build an agent?

00:11:23.509 --> 00:11:26.789
And should I work with agents in a security context?

00:11:27.370 --> 00:11:30.889
And I would say, and this is a cop -out, I get

00:11:30.889 --> 00:11:34.529
it, I would say it depends. It depends on where

00:11:34.529 --> 00:11:38.129
you can insert the value of either non -deterministic

00:11:38.129 --> 00:11:42.169
solutions, meaning agents can work really well

00:11:42.169 --> 00:11:44.649
in a way where it needs to consider different

00:11:44.649 --> 00:11:47.190
inputs to provide the ultimate goal and ultimate

00:11:47.190 --> 00:11:50.029
output. So if you are looking across, let's just

00:11:50.029 --> 00:11:53.210
say, a phishing email triage scenario where you

00:11:53.210 --> 00:11:54.870
maybe need to look at a handful of different

00:11:54.870 --> 00:11:56.830
indicators, the indicator types are different,

00:11:56.870 --> 00:11:59.450
and you need to consider, we'll call it N number

00:11:59.450 --> 00:12:01.990
of different sources based on the type of indicator.

00:12:02.720 --> 00:12:05.320
Well, if you were to build one standard agent

00:12:05.320 --> 00:12:07.519
and you were to deploy that against 50 different

00:12:07.519 --> 00:12:10.460
customers, or let's say you were a security provider

00:12:10.460 --> 00:12:14.799
and you're working with all your different customer

00:12:14.799 --> 00:12:17.080
environments, that could mean that you're working

00:12:17.080 --> 00:12:19.000
with any number of different threat intelligence

00:12:19.000 --> 00:12:21.580
sources, any number of different vulnerability

00:12:21.580 --> 00:12:26.000
scanners, any number of different endpoint systems

00:12:26.000 --> 00:12:29.289
that would need to perform the analysis of. does

00:12:29.289 --> 00:12:32.029
this phishing email impact my environment? And

00:12:32.029 --> 00:12:35.429
if so, how? And what an agent can do in that

00:12:35.429 --> 00:12:37.850
case is provide the means in which it can decide

00:12:37.850 --> 00:12:41.570
what is available in this deployment, what should

00:12:41.570 --> 00:12:44.269
I use to solve and triage this phishing email,

00:12:44.429 --> 00:12:46.610
and then provide an output for human review.

00:12:47.370 --> 00:12:51.990
Now, if you contrast that to what you have currently

00:12:51.990 --> 00:12:54.980
with email triage, You're going to have maybe

00:12:54.980 --> 00:12:56.879
some type of script or a SOAR that's going to

00:12:56.879 --> 00:12:59.039
go through, pull out those indicators, and enrich

00:12:59.039 --> 00:13:01.659
them. But you're going to build that very specifically

00:13:01.659 --> 00:13:04.379
for maybe one customer, or maybe you provide

00:13:04.379 --> 00:13:06.840
enough branching logic where you cover all those

00:13:06.840 --> 00:13:10.019
possibilities. The point is that it becomes something

00:13:10.019 --> 00:13:14.179
that's static in nature and also is difficult

00:13:14.179 --> 00:13:18.179
or more challenging to maintain over time. The

00:13:18.179 --> 00:13:20.700
other part too is when I look at SOARs and when

00:13:20.700 --> 00:13:23.200
I think about tips, they generally fall into

00:13:23.200 --> 00:13:26.519
the category for me of automate it and forget

00:13:26.519 --> 00:13:28.580
it. You're scripting it and you have an input

00:13:28.580 --> 00:13:31.580
and output. Agents aren't really built like that.

00:13:31.639 --> 00:13:34.080
They are built more from the consideration of

00:13:34.080 --> 00:13:37.799
based on how we have gone to solve this particular

00:13:37.799 --> 00:13:40.840
task, we want your input to validate the solution.

00:13:41.120 --> 00:13:44.049
And that becomes... That becomes a means through

00:13:44.049 --> 00:13:46.750
which it takes some of the mundane analysis,

00:13:46.909 --> 00:13:50.029
like of a user -submitted phish, automates the

00:13:50.029 --> 00:13:53.009
process, and allows for human input. The final

00:13:53.009 --> 00:13:54.970
thing that I'd tack on to that scenario, I think

00:13:54.970 --> 00:13:58.610
that is also different from a traditional automation

00:13:58.610 --> 00:14:01.740
versus what agents can do. is at any point along

00:14:01.740 --> 00:14:04.159
the way they can invoke LLMs in a meaningful

00:14:04.159 --> 00:14:07.000
way to solve a solution. So the other reason

00:14:07.000 --> 00:14:09.980
why an email is a really good articulation of

00:14:09.980 --> 00:14:13.799
this emerging and evolution of agents in a security

00:14:13.799 --> 00:14:17.019
context is that LLMs can look at the context

00:14:17.019 --> 00:14:20.299
of an email and decide the semantics of the language

00:14:20.299 --> 00:14:23.940
used. Is this business venture from Nigeria something

00:14:23.940 --> 00:14:26.500
I should invest in? Can I really trust this prince?

00:14:27.289 --> 00:14:28.850
Those are the things that it's really good at

00:14:28.850 --> 00:14:31.429
pointing out and saying, you know what? This

00:14:31.429 --> 00:14:33.909
is a phishing email, even though I don't have

00:14:33.909 --> 00:14:37.190
any indicators that match. Based on the other

00:14:37.190 --> 00:14:39.309
attributes that don't match any known indicators,

00:14:39.669 --> 00:14:42.350
we can classify this email as a phishing email.

00:14:42.529 --> 00:14:45.730
And then in that moment, what you have that what

00:14:45.730 --> 00:14:47.990
you wouldn't have before in a traditional automation

00:14:47.990 --> 00:14:52.509
scenario is validation of a phishing email with

00:14:52.509 --> 00:14:56.820
net new indicators that you can then keep. store

00:14:56.820 --> 00:14:59.120
for any other future analysis. And that becomes

00:14:59.120 --> 00:15:01.019
something that's meaningful and impactful in

00:15:01.019 --> 00:15:04.159
a security context. You mentioned before you

00:15:04.159 --> 00:15:07.320
used the word compound. Does that mean you use

00:15:07.320 --> 00:15:09.580
multiple LLMs? Is that the origin of the term?

00:15:09.639 --> 00:15:11.620
Is that what's inferred by the word compound

00:15:11.620 --> 00:15:13.860
or is it something different than that? Yeah,

00:15:13.919 --> 00:15:17.039
great question. So there's a paper that was put

00:15:17.039 --> 00:15:20.679
out by the Berkeley AI Research Center or BEAR.

00:15:21.129 --> 00:15:23.149
And I probably just killed the acronym, but if

00:15:23.149 --> 00:15:25.169
you Bing that, you'll get right there. So they

00:15:25.169 --> 00:15:28.190
have this great paper that details a compound

00:15:28.190 --> 00:15:30.870
AI system if you want to read the full academic

00:15:30.870 --> 00:15:33.629
breakdown. But if you distill it down simply

00:15:33.629 --> 00:15:36.710
to what it represents, when AI systems were first

00:15:36.710 --> 00:15:38.970
built, they were monolithic in nature. Let's

00:15:38.970 --> 00:15:43.230
train an LLM, let's set that loose on a particular

00:15:43.230 --> 00:15:47.279
problem, and let's see what it can do. What they

00:15:47.279 --> 00:15:49.759
found out is that in the edge cases, especially

00:15:49.759 --> 00:15:52.679
in security or in things like healthcare or other

00:15:52.679 --> 00:15:54.440
industries that have a lot of specialization

00:15:54.440 --> 00:15:58.700
and a lot of unique language or context that's

00:15:58.700 --> 00:16:02.889
used, LLMs don't really work. And they don't

00:16:02.889 --> 00:16:05.590
work because they miss that information. So compound

00:16:05.590 --> 00:16:08.090
AI systems started to address that problem by

00:16:08.090 --> 00:16:11.330
integrating or starting to establish more traditional

00:16:11.330 --> 00:16:14.250
paradigms of system architecture around the LLM.

00:16:14.629 --> 00:16:18.470
So you have to find a way to either take an LLM

00:16:18.470 --> 00:16:21.009
and source it with data. So that's what's called

00:16:21.009 --> 00:16:23.710
retrieval augmented generation, where a data

00:16:23.710 --> 00:16:26.529
store can be used to then infuse the result or

00:16:26.529 --> 00:16:28.889
produce a better result for the LLM, where the

00:16:28.889 --> 00:16:31.610
LLM can not only... rationalize the information

00:16:31.610 --> 00:16:34.629
being retrieved, match it against the context,

00:16:34.830 --> 00:16:37.070
and then provide an output. And so that's what,

00:16:37.129 --> 00:16:39.169
for Security Copilot, that's why we created the

00:16:39.169 --> 00:16:41.730
session. And for everyone's own edification,

00:16:42.090 --> 00:16:44.549
that's also why Security Copilot does things

00:16:44.549 --> 00:16:46.950
like includes all of Microsoft's threat intelligence

00:16:46.950 --> 00:16:49.710
as part of the core product, because we believe

00:16:49.710 --> 00:16:51.690
that that should be part of what's included in

00:16:51.690 --> 00:16:54.549
any solution. The other thing that it refers

00:16:54.549 --> 00:16:57.799
to is that... In a compound AI system, you're

00:16:57.799 --> 00:17:00.120
right. You can use multiple LLMs, and you can

00:17:00.120 --> 00:17:03.019
be specialized in how you invoke an LLM based

00:17:03.019 --> 00:17:06.019
on the need, the context, or otherwise. It gives

00:17:06.019 --> 00:17:08.380
some flexibilities in terms of the architecture

00:17:08.380 --> 00:17:12.680
to use a smaller LLM in size and training data

00:17:12.680 --> 00:17:17.099
or specialization, ultimately. Or in some cases

00:17:17.099 --> 00:17:19.940
where you maybe need to process more data. have

00:17:19.940 --> 00:17:22.700
a greater token limit, which can be computationally

00:17:22.700 --> 00:17:25.039
more expensive and take longer to produce a result,

00:17:25.200 --> 00:17:28.019
you can do so. Or if you just need to do a simple

00:17:28.019 --> 00:17:31.079
task and you can use a base model and do that

00:17:31.079 --> 00:17:33.480
faster and more efficiently. So it gives greater

00:17:33.480 --> 00:17:36.119
flexibility for what you'd expect. And that is

00:17:36.119 --> 00:17:39.240
addressing the task at hand in the most relevant

00:17:39.240 --> 00:17:42.599
way and efficient way possible. Yeah, I'd seen

00:17:42.599 --> 00:17:44.579
the term compound thrown around and I just wasn't

00:17:44.579 --> 00:17:49.039
sure of the context. So, I mean, at Microsoft,

00:17:49.220 --> 00:17:50.720
look, I'm going to be honest, I think at Microsoft

00:17:50.720 --> 00:17:53.400
we have a lot of AI solutions right now. And

00:17:53.400 --> 00:17:55.660
honestly, for me, it seems a little confusing

00:17:55.660 --> 00:18:01.259
as to what does what and so on. So why are agents

00:18:01.259 --> 00:18:05.480
different than, say, using Copilot Studio? I

00:18:05.480 --> 00:18:08.319
mean, do I use Copilot Studio to create these?

00:18:08.500 --> 00:18:10.740
I mean, I don't understand the relationship between

00:18:10.740 --> 00:18:15.289
security agents or security Copilot agents. and

00:18:15.289 --> 00:18:17.809
all the other sort of AI offerings that we have

00:18:17.809 --> 00:18:21.190
at Microsoft. Can you spend just a few minutes

00:18:21.190 --> 00:18:23.750
and just sort of compare and contrast? Yeah,

00:18:23.769 --> 00:18:26.170
good news, Michael. You're not the only one that

00:18:26.170 --> 00:18:29.150
has this same confusion. I was just at RSA, and

00:18:29.150 --> 00:18:31.730
I was in a room full of CISOs from Spain, and

00:18:31.730 --> 00:18:35.569
they all had similar questions in terms of what

00:18:35.569 --> 00:18:37.829
is this agent thing from security co -pilot,

00:18:37.869 --> 00:18:39.549
and how is it different than all these other

00:18:39.549 --> 00:18:42.009
co -pilot solutions? And I get it. Microsoft

00:18:42.009 --> 00:18:45.299
at this point probably has a... a full air show

00:18:45.299 --> 00:18:49.420
squadron full of co -pilots. But we have a general

00:18:49.420 --> 00:18:53.359
philosophy across Microsoft to learn, to innovate,

00:18:53.519 --> 00:18:56.019
and report back across no matter what engineering

00:18:56.019 --> 00:18:58.720
group we are to see what we can do to advance

00:18:58.720 --> 00:19:01.680
AI solutions. And so what this means is that

00:19:01.680 --> 00:19:04.619
in Microsoft, we have different solutions that

00:19:04.619 --> 00:19:07.599
are... built for a specific purpose. So for example,

00:19:07.680 --> 00:19:10.819
if you wanted to build an AI service yourself

00:19:10.819 --> 00:19:13.299
or an AI solution yourself, you would work with

00:19:13.299 --> 00:19:15.480
one of our AI services, whether it's Azure AI

00:19:15.480 --> 00:19:18.720
Foundry, which deals in AI primitives, or Azure

00:19:18.720 --> 00:19:20.819
Open AI Service if you just want to work maybe

00:19:20.819 --> 00:19:23.779
with some off -the -shelf models. That's there

00:19:23.779 --> 00:19:25.960
if you have the developer mindset and are looking

00:19:25.960 --> 00:19:28.500
to build something on your own. If you look to

00:19:28.500 --> 00:19:30.710
Copilot Studio, It's a way in which you have,

00:19:30.730 --> 00:19:32.809
like, this sea of agents and all these different

00:19:32.809 --> 00:19:35.769
business logic solutions that you can use. But

00:19:35.769 --> 00:19:38.549
it's generally designed to operate in a business

00:19:38.549 --> 00:19:42.230
context for office -related responsibilities.

00:19:43.250 --> 00:19:45.710
Now, you can do things, and this is one of the

00:19:45.710 --> 00:19:48.109
interesting things I like to point out. Like,

00:19:48.170 --> 00:19:52.390
you can, in Copilot Studio, you can call back

00:19:52.390 --> 00:19:55.470
to Security Copilot and invoke a prompt and retrieve

00:19:55.470 --> 00:19:58.779
that prompt response. And for me, that's significant

00:19:58.779 --> 00:20:01.579
because it underscores the point. The reason

00:20:01.579 --> 00:20:04.859
why Security Copilot is its own platform is that

00:20:04.859 --> 00:20:07.559
we have to build agents in a security context

00:20:07.559 --> 00:20:11.299
that can operate across an enterprise in a way

00:20:11.299 --> 00:20:15.779
that demands a high level of workload capability,

00:20:16.259 --> 00:20:20.680
reliability, but also security. And that means

00:20:20.680 --> 00:20:22.380
we have to build it a little bit differently

00:20:22.380 --> 00:20:25.960
to handle all those specific use cases. Copilot

00:20:25.960 --> 00:20:28.039
Studio, if you're going out to summarize a document

00:20:28.039 --> 00:20:30.900
or summarize a Teams chat, you're usually operating

00:20:30.900 --> 00:20:34.460
in a user context that's like one or a few. But

00:20:34.460 --> 00:20:37.819
if you're looking at, for example, find me all

00:20:37.819 --> 00:20:40.259
these user -submitted phishing emails and triage

00:20:40.259 --> 00:20:42.220
them, well, you can be talking about anywhere

00:20:42.220 --> 00:20:44.880
from one email to potentially a few hundred or

00:20:44.880 --> 00:20:47.200
thousand. And that becomes a different way in

00:20:47.200 --> 00:20:50.130
which we have to think about architecture. It's

00:20:50.130 --> 00:20:51.589
interesting you should bring up that you're talking

00:20:51.589 --> 00:20:54.809
to people at RSA. I see that at RSA we announced

00:20:54.809 --> 00:20:59.029
a book of news that talked about partner agents

00:20:59.029 --> 00:21:01.430
and so on. Could you sort of explain that in

00:21:01.430 --> 00:21:04.019
a bit more detail, like what was announced? Yeah,

00:21:04.059 --> 00:21:06.519
at RSA, we announced a few things. We followed

00:21:06.519 --> 00:21:10.079
up on Microsoft Secure and highlighted the partner

00:21:10.079 --> 00:21:12.539
agents across Microsoft that we've built. So,

00:21:12.579 --> 00:21:15.339
for example, there's a conditional access agent

00:21:15.339 --> 00:21:17.500
that exists for Microsoft Intra where you can

00:21:17.500 --> 00:21:19.980
activate in the Intra portal. There's a threat

00:21:19.980 --> 00:21:22.720
intel briefing agent, a vulnerability remediation

00:21:22.720 --> 00:21:25.440
agent from Intune. And then I talked about a

00:21:25.440 --> 00:21:27.440
little bit of the phishing use case. Well, sure

00:21:27.440 --> 00:21:30.420
enough, the Defender team saw the value, too,

00:21:30.440 --> 00:21:32.670
and they built out their agent. to do exactly

00:21:32.670 --> 00:21:36.069
that. And there's also an alert triage agent

00:21:36.069 --> 00:21:39.670
for Microsoft Purview. Now, on the other end,

00:21:39.710 --> 00:21:42.309
we have a ton of stuff that was released by partners.

00:21:42.750 --> 00:21:45.750
We have initial five that came out from both

00:21:45.750 --> 00:21:48.930
across what we call our partner developers as

00:21:48.930 --> 00:21:52.720
well as our MSSPs. We had seven agents announced

00:21:52.720 --> 00:21:55.160
there, and we had a few different plugins as

00:21:55.160 --> 00:21:57.720
well. In addition to ServiceNow, we had Splunk

00:21:57.720 --> 00:22:01.619
and HP and Census all provide some plugins. And

00:22:01.619 --> 00:22:04.640
I'm going to quickly differentiate or call out

00:22:04.640 --> 00:22:07.000
plugins are what we used initially with Security

00:22:07.000 --> 00:22:11.039
Copilot to connect to systems. Plugins are now

00:22:11.039 --> 00:22:13.579
something that we can use in agents and use in

00:22:13.579 --> 00:22:17.200
an agent runtime. So it's all complementary architecture

00:22:17.200 --> 00:22:20.559
and complementary solutions. But the significance

00:22:20.559 --> 00:22:23.099
of this news, in addition to what I talked about

00:22:23.099 --> 00:22:27.220
earlier of ServiceNow, is that it shows the depth

00:22:27.220 --> 00:22:30.319
of the ecosystem that's emerging and our desire

00:22:30.319 --> 00:22:32.920
to continue to expand across solutions that are

00:22:32.920 --> 00:22:35.119
most impactful and relevant for our customers

00:22:35.119 --> 00:22:37.559
to solve real -world problems that they deal

00:22:37.559 --> 00:22:39.880
with every day. Okay, let's just bring it back

00:22:39.880 --> 00:22:43.539
to sort of my neck of the woods, which is development.

00:22:45.189 --> 00:22:48.990
So if I want to use one of these security copilot

00:22:48.990 --> 00:22:53.230
agents in my code, what do I need to do? Is this

00:22:53.230 --> 00:22:55.309
something that developers would do? Or is there

00:22:55.309 --> 00:22:57.630
like some drag and drop interface that a non

00:22:57.630 --> 00:23:02.109
-developer can do? Like the current sort of coding

00:23:02.109 --> 00:23:04.049
du jour, you know, vibe coding? I mean, is that

00:23:04.049 --> 00:23:06.670
a possibility? Or is this really something from

00:23:06.670 --> 00:23:08.490
a development, like from a producing something?

00:23:08.690 --> 00:23:10.349
Is this something that a developer would have

00:23:10.349 --> 00:23:12.690
to do writing, say, code in, say, C Sharp or

00:23:12.690 --> 00:23:15.059
Python or something like that? Well, I think

00:23:15.059 --> 00:23:16.799
vibe coding is generally something you could

00:23:16.799 --> 00:23:19.019
do at any time in any interface. I think you

00:23:19.019 --> 00:23:22.359
just need a beer and a lot of will to do whatever.

00:23:23.640 --> 00:23:26.059
Now, for what we're going to do with Security

00:23:26.059 --> 00:23:29.299
Copilot, this is where I got to be careful here

00:23:29.299 --> 00:23:31.839
not to get ahead of some of our news that's coming

00:23:31.839 --> 00:23:35.180
up at Build and other events. But what I'd stress

00:23:35.180 --> 00:23:39.480
is that in our recognition that we are heading

00:23:39.480 --> 00:23:42.660
down the direction of being a... agentic platform

00:23:42.660 --> 00:23:46.400
for a security context, we need to provide different

00:23:46.400 --> 00:23:49.599
ways for the Michaels of the world to go out

00:23:49.599 --> 00:23:52.640
and develop agents effectively. So we've had

00:23:52.640 --> 00:23:55.579
conversations against low code and no code and

00:23:55.579 --> 00:24:00.819
we'll call it, I guess, hardcore coding experiences

00:24:00.819 --> 00:24:03.200
and how you would go out and build agents and

00:24:03.200 --> 00:24:06.420
build agents effectively. Today, what you'd see

00:24:06.420 --> 00:24:08.799
is like at minimum, you could still work with

00:24:08.799 --> 00:24:12.140
a manifest file like you do with plugins. But

00:24:12.140 --> 00:24:14.619
we want to make some of that stuff more accessible

00:24:14.619 --> 00:24:18.160
in ways that people would then extend the security

00:24:18.160 --> 00:24:20.980
copilot and build and bring agent functionality

00:24:20.980 --> 00:24:24.180
more readily in ways that empower them to work

00:24:24.180 --> 00:24:27.190
with their preferred tools. All right, so Ryan,

00:24:27.430 --> 00:24:28.970
I think it's probably time to start bringing

00:24:28.970 --> 00:24:32.309
this episode to an end. One thing we ask all

00:24:32.309 --> 00:24:36.109
our guests is what does a typical day in Ryan's

00:24:36.109 --> 00:24:39.930
day look like? So day in the life of me, it's

00:24:39.930 --> 00:24:42.190
just as chaotic as what you'd think. Working

00:24:42.190 --> 00:24:45.609
in a product team that works on AI, launching

00:24:45.609 --> 00:24:49.329
agents and expanding in the way that we are means

00:24:49.329 --> 00:24:50.990
I'm pretty busy with a lot of different things.

00:24:52.220 --> 00:24:54.599
First and foremost, there's a good amount of

00:24:54.599 --> 00:24:56.940
time that I spend each day trying to stay up

00:24:56.940 --> 00:25:00.559
with what is going on with AI, how I can stay

00:25:00.559 --> 00:25:04.519
smart, remain smart, and anchor in both current

00:25:04.519 --> 00:25:06.819
conversations as well as future ones and future

00:25:06.819 --> 00:25:10.220
designs and how we continue to evolve our AI

00:25:10.220 --> 00:25:13.019
solution and continue to meet the needs of our

00:25:13.019 --> 00:25:15.619
partners and customers. The other thing I spend

00:25:15.619 --> 00:25:18.299
a lot of time on in my day is talking to our

00:25:18.299 --> 00:25:21.259
partners. what they want to build, how they want

00:25:21.259 --> 00:25:23.259
to build it, how they can best service their

00:25:23.259 --> 00:25:25.519
customers so that they can build agents and think

00:25:25.519 --> 00:25:28.740
about how they want to deliver agents to their

00:25:28.740 --> 00:25:31.599
customers to empower them in practical security

00:25:31.599 --> 00:25:35.259
workflows. With agents, it's been something that

00:25:35.259 --> 00:25:38.180
is net new to them, and it represents an exciting

00:25:38.180 --> 00:25:41.220
opportunity. And so for me, as well as them,

00:25:41.359 --> 00:25:43.900
we get to talk about a lot of just general AI

00:25:43.900 --> 00:25:46.859
philosophy, and I love that. And then the final

00:25:46.859 --> 00:25:48.660
bit I think that probably the non -work stuff

00:25:48.660 --> 00:25:51.759
is a good way for me to relax and get out of

00:25:51.759 --> 00:25:54.039
the AI headspace for a bit or maybe think a little

00:25:54.039 --> 00:25:56.740
bit more clearly is I usually will end my day

00:25:56.740 --> 00:26:01.480
with a swim at an outdoor pool for a good 3 ,000

00:26:01.480 --> 00:26:04.400
yards to wrap it up. And once I do that, then

00:26:04.400 --> 00:26:06.740
I'm usually ready for a bit more AI things before

00:26:06.740 --> 00:26:08.880
I call it a day. It's funny you should mention

00:26:08.880 --> 00:26:11.059
sort of staying on top of things and constantly

00:26:11.059 --> 00:26:13.900
learning. I think that's so critically important

00:26:13.900 --> 00:26:16.769
in this. not just today, but also in the area

00:26:16.769 --> 00:26:19.910
of security and AI. And one thing that sort of

00:26:19.910 --> 00:26:21.849
really hit me the other day, just how true this

00:26:21.849 --> 00:26:26.230
is, I was in a call with a corporate VP, actually

00:26:26.230 --> 00:26:28.710
a bunch of corporate VPs, and we were explaining

00:26:28.710 --> 00:26:31.269
a vulnerability class. And this particular VP

00:26:31.269 --> 00:26:33.569
in question didn't understand all the nuances

00:26:33.569 --> 00:26:36.029
of it. It would have been very easy as a corporate

00:26:36.029 --> 00:26:38.890
VP for that person to say, hey, I know about

00:26:38.890 --> 00:26:42.259
this, but he didn't. and he ended up setting

00:26:42.259 --> 00:26:46.240
up a meeting called Make John Smart. And it was

00:26:46.240 --> 00:26:48.299
basically a 30 -minute meeting with a bunch of

00:26:48.299 --> 00:26:50.279
us to go through this vulnerability class so

00:26:50.279 --> 00:26:53.859
that he fully understood the vulnerability and

00:26:53.859 --> 00:26:56.980
all the implications of it. That, to me, is a

00:26:56.980 --> 00:26:59.099
really good example of someone who's incredibly

00:26:59.099 --> 00:27:01.759
senior in the company recognizing they don't

00:27:01.759 --> 00:27:04.319
know something, but also recognizing they kind

00:27:04.319 --> 00:27:06.579
of need to know it, too, and doing whatever it

00:27:06.579 --> 00:27:08.559
takes to make sure that they learn that thing.

00:27:10.059 --> 00:27:12.180
My hat's off to people who want to continually

00:27:12.180 --> 00:27:14.660
learn. I think that's just absolutely just so,

00:27:14.799 --> 00:27:18.059
so, so critical, especially now with AI. So one

00:27:18.059 --> 00:27:21.319
thing we always ask our guests is if you had

00:27:21.319 --> 00:27:23.519
just one final thought to leave our listeners

00:27:23.519 --> 00:27:26.259
with, what would it be? I think it's going to

00:27:26.259 --> 00:27:29.420
be the approach for how everyone... rationalizes

00:27:29.420 --> 00:27:33.559
agents and AI. Having walked the show floor of

00:27:33.559 --> 00:27:36.599
RSA just over the past week, everyone is talking

00:27:36.599 --> 00:27:39.099
about it. It's literally the talk of security

00:27:39.099 --> 00:27:42.700
and the talk of, well, our industry, the broader

00:27:42.700 --> 00:27:45.920
tech industry. So when you rationalize agents,

00:27:46.140 --> 00:27:47.680
you should think about how you're going to adopt

00:27:47.680 --> 00:27:49.640
them and what are your criteria to adopt them.

00:27:50.180 --> 00:27:52.759
And at its core of that, I would say think about

00:27:52.759 --> 00:27:55.880
agent transparency, how you can see what they

00:27:55.880 --> 00:27:58.230
decide. how you can see how they handle data,

00:27:58.390 --> 00:28:01.509
what outputs of data they provide, and probably

00:28:01.509 --> 00:28:03.490
most importantly, what they're doing to show

00:28:03.490 --> 00:28:06.630
you it's logging an activity. Through all of

00:28:06.630 --> 00:28:09.009
that, and I believe fundamentally, you should

00:28:09.009 --> 00:28:12.609
not implicitly trust a new system without getting

00:28:12.609 --> 00:28:15.490
a good handle and understanding of it. When it

00:28:15.490 --> 00:28:18.789
comes to AI, establishing a trust framework is

00:28:18.789 --> 00:28:21.630
even more important. And so as you think about

00:28:21.630 --> 00:28:23.869
adopting agents, make sure you have that trust

00:28:23.869 --> 00:28:27.019
framework in mind. Work to achieve transparency

00:28:27.019 --> 00:28:30.119
and through transparency, learn to understand

00:28:30.119 --> 00:28:32.619
how agents operate and how you can trust them

00:28:32.619 --> 00:28:35.000
or work to trust them inside of your environment.

00:28:36.039 --> 00:28:39.700
Yeah, and on that topic, make sure if you're

00:28:39.700 --> 00:28:41.039
listening, people listening to this and you're

00:28:41.039 --> 00:28:44.099
not sure kind of what Ryan's alluding to, go

00:28:44.099 --> 00:28:46.039
and listen to our previous episode on that very

00:28:46.039 --> 00:28:49.880
topic about trusting agents, you know, because

00:28:49.880 --> 00:28:52.180
the things that you do need to be aware of. All

00:28:52.180 --> 00:28:54.829
right. So let's bring this episode to an end.

00:28:54.910 --> 00:28:56.829
Orion, thank you so much for joining us this

00:28:56.829 --> 00:28:59.430
week. I learned a ton. I learned a ton on all

00:28:59.430 --> 00:29:01.509
the episodes, but this one very, very much so.

00:29:02.170 --> 00:29:05.170
I think that the intersection of security and

00:29:05.170 --> 00:29:11.210
agents is just mind -blowing. I think the possibilities,

00:29:11.529 --> 00:29:14.210
especially when we're dealing with AI -based

00:29:14.210 --> 00:29:17.170
attacks as well, we're putting up some sort of

00:29:17.170 --> 00:29:19.529
defensive mechanisms, so that's huge as well.

00:29:19.710 --> 00:29:22.529
So again, thank you for joining us. And to all

00:29:22.529 --> 00:29:23.950
our listeners out there, we hope you found this

00:29:23.950 --> 00:29:26.309
episode of use. Stay safe, and we'll see you

00:29:26.309 --> 00:29:26.750
next time.