In response to the mounting cybersecurity challenges, Microsoft announced plans to incorporate automation and artificial intelligence into its software development process as part of the Secure Future initiative, aiming to enhance the security of its cloud services, expedite the resolution of vulnerabilities, deliver better out-of-the-box security settings, and fortify its infrastructure.
The decision comes after a major breach targeted Microsoft’s Azure platform, leading to allegations of negligence in the company’s cybersecurity practices. Microsoft sent an internal email to the engineering department detailing its revamped cybersecurity strategy.
One of the key changes revolves around how Microsoft develops its software. The company intends to leverage automation and AI to identify security risks and vulnerabilities during the development phase proactively. This includes the utilisation of CodeQL, GitHub’s code analysis engine, to automate security checks during the software development process.
This AI and automation push by the company won’t be limited to just software development. Microsoft aims to build an AI-based cyber shield to “protect customers and countries worldwide.”
“Our global network of AI-based data centres and use of advanced foundation AI models puts us in a strong position to put AI to work to advance cybersecurity protection,” said Brad Smith, Vice Chair and President at Microsoft.
Microsoft’s Secure Future initiative aims to work on multiple fronts:
- Use of AI for threat detection and intelligence. “While threat actors seek to hide their threats like a needle in a vast haystack of data, AI increasingly makes it possible to find the right needle even in a sea of needles,” wrote Brad Smith.
- Use of AI to leverage the shortage of trained cybersecurity experts. Here, tools like Microsoft Security Copilot can come in handy.
- Use of AI responsibly, that is, based on Microsoft’s Responsible AI principles.
Along with that, Microsoft is implementing certain engineering protocols as part of this initiative:
- Development of software with automation and AI.
- Strengthen identity protection by managing and verifying identities and access rights of customers, devices, and services.
- A quick vulnerability response by reducing the time taken to patch the vulnerabilities in cloud platforms by 50%.
Recently, Microsoft has faced many attacks and breaches. In September, Storm-0558, a Chinese threat actor, acquired a Microsoft account consumer key and forged tokens to gain access to the Outlook Web app and other platforms.
In February, Microsoft disabled multiple fake Microsoft Partner Network accounts after a phishing attempt.
“As we enter the age of AI, it has never been more important for us to innovate, not only concerning today’s cyber threats but also anticipating those to come. We are confident making these changes will improve the security, availability and resilience of our systems and increase our speed of innovation,” said the internal memo by Charlie Bell, Executive VP at Microsoft Security.
In the News: Malicious WhatsApp mod targets 5 Middle Eastern countries
