Microsoft has announced a raft of new AI features for Sentinel SIEM and Security Copilot as part of its push to turn them into fully “agentic platforms.”
The announcement has several parts, starting with perhaps the biggest news: Sentinel, the company’s cloud SIEM platform first released nearly seven years ago in public preview, is getting the first of what might be a series of AI upgrades.
This process began in July with the public preview of Sentinel data lake for customer evaluation, which this week has reached general availability (GA).
However, this week that platform also gains significant new capabilities in the form of Sentinel graph, and Sentinel Model Context Protocol (MCP) Server, both in Public Preview versions that let customers evaluate new features before the GA launch.
As its name implies, Sentinel data lake gives customers a place to store large volumes of structured and unstructured Sentinel log data they might otherwise have to dispose of for reasons of cost or practicality.
Underlying this is the general-purpose Azure Data Lake Storage system, which makes Sentinel data lake a managed version of that oriented towards long-term data retention for up to 12 years.
Sentinel graph gives defenders a system for mapping and visualizing the relationship between SIEM log data to better understand where an attacker might have left traces of entry.
Instead of manually relating dozens of separate alerts, graph will correlate these automatically. The idea behind graph is to make these connections easier to see. Importantly, the graphs it generates can be ingested by AI agents, a pointer to the importance of these for the platform’s future.
The new Sentinel MCP Server is an open protocol connector that ties Sentinel to its AI capabilities. This makes it possible for AI agents to hook into things like Sentinel graph using MCP as the communication protocol. As Microsoft said in its announcement, “MCP standardizes how an AI talks to systems. Instead of developers writing custom connectors for each application, the MCP server presents a menu of available actions to the AI in a language it understands. Any AI application that speaks MCP can connect.”
Microsoft and its partners already offer a range of pre-built AI agents as part of Security Copilot. Now customers will be able to build their custom agents without the need to code this from scratch. Instead, through the Security Copilot portal, it will be possible to build an agent using natural language prompts to connect with wider infrastructure via MCP Server. Customers will be able to find third-party agents through a revamped Microsoft Security Store.
Agent saviors?
Microsoft is marketing the new features as the moment when its SIEM enters the agentic AI era, but does this stand up to scrutiny?
Although Sentinel is still in the early days of its development as an agentic platform, an outline of where it wants to go with the technology is starting to emerge.
Even with automation, security tools can be complex to manage, consuming precious skills and time. Agentic AI is Microsoft’s answer: Use agents to do more of the hard work and, in some cases, make decisions. These agents will communicate with established platforms and tools using MCP, allowing organizations to program them using time-saving prompts backed by vibe coding tools.
According to Clive Watson, solutions director for UK Microsoft MSSP Quorum Cyber, the Sentinel announcements marked the biggest update to the platform since its launch.
Quorum’s customers were already using the Sentinel data lake: “This benefits both ourselves and our customers as we can encourage them to store data that they may have decided not to keep in the past due to the costs,” said Watson.
“Another benefit of the data lake is the separation of the storage from the query costs, ideal for the common type of data that data lake is designed for. Customers only pay for queries they use — storage costs are decoupled from query and compute costs.”
“Storing data in the right classification or tier also aids Sentinel graph because the more data we have the better solutions like graph will be to show relationships,” he said.
Commentators have long speculated that Microsoft might turn into a cyber security company by the back door. The latest announcement doesn’t go that far – it’s still a cloud and applications platform backed by a legacy OS – but it shows how AI-based cyber security services could turn into an important part of its evolving ecosystem.
Agentic AI is emerging as the next big thing in security management. But despite its benefits, it still has limitations today, including a tendency to create noise and false positives.
The other risk with machine-dominated security is that agentic AI itself becomes a new attack surface that inadvertently exposes data or assets. Bad actors will build their own agents, exploiting the same access to MCP or Google’s Agent-to-Agent (A2A) protocol, and will attempt to poison or socially engineer agents with hidden malicious prompts.
This has already happened as a proof of concept. In June, researchers uncovered a way of tricking Microsoft 365 Copilot into revealing sensitive data in the first ever ‘no-click’ attack targeting agents (CVE-2025-32711) using prompts hidden in the metadata of an email.
No Responses