Microsoft unveils a new wave of security innovation—delivering an agentic platform to protect organizations at scale
We are living through a turning point in how organizations work and defend themselves. Across industries, “Frontier Firms” are emerging; these are businesses where humans and AI agents collaborate in real time to solve problems, innovate, and build resilient organizations.
For security teams, this shift brings new opportunities and challenges. The complexity and speed of modern cyberthreats demand solutions that go beyond traditional tools. To address these needs, Microsoft is introducing new agentic security capabilities to empower defenders to innovate boldly and safely in this new AI era.
Microsoft Sentinel: The security platform for the agentic era
Defenders need to protect AI end-to-end and for that they need a platform that brings together data, context, automation, and intelligent agents, enabling them to defend and adapt at AI speed. That platform is Microsoft Sentinel.
Secure your multicloud, multiplatform environment with Microsoft Sentinel
Sentinel started as a cloud-native security information and event management (SIEM) and expanded to also include a unified security data lake in July. Today, it is expanding into an agentic platform with the general availability of Sentinel data lake, and the public preview of Sentinel graph and Sentinel Model Context Protocol (MCP) server. With graph-based context, semantic access, and agentic orchestration, Sentinel gives defenders a single platform to ingest signals, correlate across domains, and empower AI agents built in Security Copilot, VS Code using GitHub Copilot, or other developer platforms.
Sentinel ingests signals, either structured or semi-structured, and builds a rich, contextual understanding of your digital estate through vectorized security data and graph-based relationships. By integrating these insights with Microsoft Defender and Microsoft Purview, Sentinel brings graph-powered context to the tools security teams already use, helping defenders trace attack paths, understand impact, and prioritize response—all within familiar workflows.
With Microsoft Security and Sentinel data lake, we’ve unified silos, scaled operations, automated processes, and expanded coverage—transforming how we detect patterns and prepare for the future with a unified, agile security posture.
—Bernard Knaapen, Chief Product Owner, Monitoring and Incident Response, ABN AMRO
Sentinel also organizes and enriches your security data, making it ready for AI agents to detect issues faster, investigate with more clarity, and respond automatically when needed. And Sentinel’s graph-based approach powers Security Copilot agents to reason over your environment with precision and speed, thanks to the built-in MCP server, which uses open standards for easy agent access and action. For advanced teams, Sentinel MCP server enables extensibility for predefined and custom agents, allowing AI-powered reasoning over unified data. This shifts security from reactive to predictive, helping teams anticipate threats and automate response at scale.
