Think of your company’s security center as an airport control tower. Traditional tools watch planes (devices, users, emails). This use of AI threat hunting in Defender XDR adds new radar that also watches the AI copilots and automations you’ve deployed—so if someone hijacks your AI assistant or uses it to sneak in malware, security can see and stop it.
Modern enterprises are rapidly deploying AI copilots, chatbots, and automated workflows, but most security tooling does not see or understand these new AI-driven activities. This creates an ‘invisible’ attack surface where attackers can abuse AI agents, prompts, and data connections to exfiltrate data or move laterally without being detected. AI-aware threat hunting in Defender XDR aims to bring these behaviors into the security visibility plane and correlate them with existing endpoint, identity, email, and SaaS signals.
Deep integration into the broader Microsoft security and productivity ecosystem (Defender XDR, Entra ID, Microsoft 365, and Microsoft’s own copilots), plus access to large-scale telemetry across endpoints, identities, and cloud services that is difficult for point-solution competitors to replicate.
Hybrid
Vector Search
High (Custom Models/Infra)
Context window cost and latency for inspecting large volumes of AI interactions and logs, plus the telemetry scale required to correlate AI events with broader XDR signals.
Early Adopters
Positioned as an AI-aware layer inside an existing, widely deployed XDR platform, rather than a standalone AI security product. This allows Microsoft to correlate AI behaviors with rich endpoint, identity, email, and collaboration data, and to instrument its own copilots and productivity tools natively.