Microsoft Previews Dynamic Threat Detection Agent to Expose Hidden Security Risks with the help of AI
The Dynamic Threat Detection Agent, initially announced at Ignite 2025, is now available for public preview. The new capability runs in Defender with Copilot-sourced alerts to uncover threats that often bypass signature- and rule-based controls. The use of adaptive AI sets the Agent apart because of its ability to find things that rules often miss with a deep integration across the Microsoft security ecosystem. The approach analyzes behavioral signals across identities, endpoints, email and cloud workloads to detect suspicious activity that may not match known attack patterns. The agent continuously adapts detection logic based on observed behavior, helping security teams identify low-and-slow attacks, novel techniques and activity that blends into normal operations.
The preview reflects a broader shift in cybersecurity toward behavior-driven detection as attackers increasingly rely on living-off-the-land techniques and credential abuse. This milestone in adaptive security shows the continued enhancements in coverage and integration with SOC workflows. Microsoft’s approach emphasizes cross-domain correlation within its integrated security stack by bringing gen AI into detection spaces with integration across Defender and Sentinel. For enterprises managing large hybrid environments, Dynamic Threat Detection signals a move toward more adaptive defenses that can evolve alongside attacker behavior rather than relying solely on predefined indicators.
Posted by Redmondmag.com Editors on 01/07/2026