Recently released: Updates to the SqlPackage and the DacFx ecosystem
April 30, 2025[Launched] Generally Available: Azure Firewall integration in Security Copilot
April 30, 2025
The world is transforming with AI right in front of our eyes — reshaping how we work, build, and defend. But as AI accelerates innovation, it’s also amplifying the threat landscape. The rise of adversarial AI is empowering attackers with more sophisticated, automated, and evasive tactics, while cloud environments continue to be a prime target due to their complexity and scale. From prompt injection and model manipulation in AI apps to misconfigurations and identity misuse in multi-cloud deployments, security teams face a growing list of risks that traditional tools can’t keep up with.
As enterprises increasingly build and deploy more AI applications in the cloud, it becomes crucial to secure not just the AI models and platforms, but also the underlying cloud infrastructure, APIs, sensitive data, and application layers. This new era of AI requires integrated, intelligent security that continuously adapts—protecting every layer of the modern cloud and AI platform in real time.
This is where Microsoft Defender for Cloud comes in. Defender for Cloud is an integrated cloud native application protection platform (CNAPP) that helps unify security across the entire cloud app lifecycle, using industry-leading GenAI and threat intelligence. Providing comprehensive visibility, real-time cloud detection and response, and proactive risk prioritization, it protects your modern cloud and AI applications from code to runtime.
Today at RSAC™ 2025, we’re thrilled to unveil innovations that further bolster our cloud-native and AI security capabilities in Defender for Cloud.
Extend support to Google Vertex AI: multi-model, multi-cloud AI posture management
In today’s fast-evolving AI landscape, organizations often deploy AI models across multiple cloud providers to optimize cost, enhance performance, and leverage specialized capabilities. This creates new challenges in managing security posture across multi-model, multi-cloud environments. Defender for Cloud already helps manage the security posture of AI workloads on Azure OpenAI Service, Azure Machine Learning, and Amazon Bedrock. Now, we’re expanding those AI security posture management (AI-SPM) capabilities to include Google Vertex AI models and broader support for the Azure AI Foundry model catalog and custom models — as announced at Microsoft Secure. These updates make it easier for security teams to discover AI assets, find vulnerabilities, analyze attack paths, and reduce risk across multi-cloud AI environments. Support for Google Vertex AI will be in public preview starting May 1, with expanded Azure AI Foundry model support available now.
Strengthen AI security with a unified dashboard and real-time threat protection
At Microsoft Secure, we also introduced a new data and AI security dashboard, offering a unified view of AI services and datastores, prioritized recommendations, and critical attack paths across multi-cloud environments. Already available in preview, this dashboard simplifies risk management by providing actionable insights that help security teams quickly identify and address the most urgent issues.
As AI applications introduce new security risks like prompt injection, sensitive data exposure, and resource abuse, Defender for Cloud has also added new threat protection capabilities for AI services. Based on the OWASP Top 10 for LLMs, these capabilities help detect emerging AI-specific threats including direct and indirect prompt injections, ASCII smuggling, malicious URLs, and other threats in user prompts and AI responses. Integrated with Microsoft Defender XDR, the new suite of detections equips SOC teams with evidence-based alerts and AI-powered insights for faster, more effective incident response. These capabilities will be generally available starting May 1. To learn more about our AI security innovations, see our Microsoft Secure announcement.
Unlock next level prioritization for cloud-to-code remediation workflows with expanded AppSec partnerships
As we continue to expand our existing partner ecosystem, we’re thrilled to announce our new integration between Defender for Cloud and Mend.io — a major leap forward in streamlining open source risk management within cloud-native environments. By embedding Mend.io’s intelligent Software Composition Analysis (SCA) and reachability insights directly into Defender for Cloud, organizations can now prioritize and remediate the vulnerabilities that matter most—without ever leaving Defender for Cloud.
This integration gives security teams the visibility and context they need to focus on the most critical risks. From seeing SCA findings within the Cloud Security Explorer, to visualizing exploitability within runtime-aware attack paths, teams can confidently trace vulnerabilities from code to runtime. Whether you work in security, DevOps, or development, this collaboration brings a unified, intelligent view of open source risk — reducing noise, accelerating remediation, and making cloud-native security smarter and more actionable than ever.
Advance cloud-native defenses with security guardrails and agentless vulnerability assessment
Securing containerized runtime environments requires a proactive approach, ensuring every component — services, plugins, and networking layers — is safeguarded against vulnerabilities. If ignored, security gaps in Kubernetes runtime can lead to breaches that disrupt operations and compromise sensitive data. To help security teams mitigate these risks proactively, we are introducing Kubernetes gated deployments in public preview. Think of it as security guardrails that prevent risky and non-compliant images from reaching production, based on your organizational policies. This proactive approach not only safeguards your environment but also instills confidence in the security of your deployments, ensuring that every image reaching production is fortified against vulnerabilities in Azure. Learn more about these new capabilities here.
Additionally, we’ve enhanced our agentless vulnerability assessment, now in public preview, to provide comprehensive monitoring and remediation for container images, regardless of their registry source. This enables organizations using Azure Kubernetes Service (AKS) to gain deeper visibility into their runtime security posture, identifying risks before they escalate into breaches. By enabling registry-agnostic assessments of all container images deployed to AKS we are expanding our coverage to ensure that every deployment remains secure. With this enhancement, security teams can confidently run containers in the cloud, knowing their environments are continuously monitored and protected. For more details, visit this page.
Uncover deeper visibility into API-led attack paths
APIs are the gateway to modern cloud and AI applications. If left unchecked, they can expose critical functionality and sensitive data, making them prime targets for attackers exploiting weak authentication, improper access controls, and logic flaws. Today, we’re announcing new capabilities that uncover deeper visibility into API risk factors and API-led attack paths by connecting the dots between APIs and compute resources. These new capabilities help security teams to quickly catch critical API misconfigurations early on to proactively address lateral movement and data exfiltration risks.
Additionally, Security Copilot in Defender for Cloud will be generally available starting May 1, helping security teams accelerate remediation with AI-assisted guidance.
Learn more
Defender for Cloud streamlines security throughout the cloud and AI app lifecycle, enabling faster and safer innovation. To learn more about Defender for Cloud and our latest innovations, you can:
- Visit our Cloud Security solution page.
- Join us at RSAC™ and visit our booth N – 5744.
- Learn how you can unlock business value with Defender for Cloud.
- Get a comprehensive guide to cloud security.
- Start a 30-day free trial.