The technology landscape is ever-changing, and within the last year, we have witnessed the emergence of new powerful technologies such as generative artificial intelligence. These advances have prompted the development of more sophisticated cyberattacks, and Microsoft has plans to tackle the issue.
On Thursday, Microsoft announced its Secure Future Initiative, the company's next generation of cybersecurity protection.
"In recent months, we've concluded within Microsoft that the increasing speed, scale, and sophistication of cyberattacks call for a new response," said Brad Smith, Microsoft Vice Chair and President in the blog post.
"Therefore, we're launching today across the company a new initiative to pursue our next generation of cybersecurity protection – what we're calling our Secure Future Initiative (SFI)."
The company-wide initiative is focused on three pillars: AI-based cyber defenses, advances in fundamental software engineering, and advocacy for strong application of international norms to protect civilians from cyber threats.
1. AI-based cyber defense
The AI-based Cyber Defense pillar refers to Microsoft's commitment to leveraging its global network of data centers and advanced foundation AI models to build an AI-based cyber shield that customers and countries can use as protection against cyber attacks.
First, Microsoft is using its AI tools and techniques to advance its threat intelligence and improve how it detects and analyzes cyber threats.
"While threat actors seek to hide their threats like a needle in a vast haystack of data, AI increasingly makes it possible to find the right needle even in a sea of needles," said Smith.
The company is also using AI to improve the speed at which organizations can defeat cyberattacks, helping the limited amount of cybersecurity professionals maximize their capabilities.
An example is Microsoft's Security Copilot, which combines a large language model with a security-specific model to provide the user with natural language insights and recommendations to make their workflow more efficient.
Lastly, Microsoft reassures users that the implementation of these AI services will be done in accordance with the company's Responsible AI principles to ensure that the proper security safeguards are in place.
2. New engineering advances
According to Microsoft, another key aspect of a secure future includes advances in software engineering, including advancing the way Microsoft builds, designs, tests, and operates its technology.
The changes in engineering approach were shared with employees in an email authored by Charlie Bell, Executive Vice President of Security at Microsoft, and his engineering colleagues Scott Guthrie, and Rajesh Jha, delineating the next steps for software engineering as part of the Secure Future Initiative.
Specifically, the email highlighted three key steps, the first being the implementation of automation and AI into software development. This implementation will include applications such as AI-powered secure code analysis, and the use of GitHub Copilot to audit and test source code against threats.
In light of identity-based threats such as password attacks increasing tenfold in the past year, Microsoft also plans to strengthen identity protection against highly sophisticated attacks by creating more advanced identity protection, migrating to a new and fully automated consumer and enterprise managing system, and more.
"What we need today for cyberspace is not a single convention or treaty but rather a stronger, broader, and public commitment by the community of nations to stand more strongly against cyberattacks on civilians and the infrastructure on which we all depend," said Smith in the post.
Microsoft urges states to recognize cloud services as critical infrastructure, protected against attack by international law.
In said convention, the states would commit to not engage or allow any person within their territory to engage in malignant cyber operations that compromise cloud services, not compromise the security of cloud services for the purposes of espionage, and construct cyber operations to avoid imposing costs non-targets.
Microsoft also calls for governments to foster greater accountability for nation-states that cross the abovementioned commitments.