What is the purpose of the Agent 365 SDK?

The Agent 365 SDK helps developers build secure, enterprise-ready AI agents by default, integrating controls directly into development workflows to ensure observability, access controls, and compliance enforcement.

Microsoft Build 2026: Integrating Security Across the Development Lifecycle

Q: How does the integration between Microsoft Defender and GitHub Code Security benefit developers?

This integration brings runtime context into development workflows, allowing teams to prioritize and address code vulnerabilities early, minimizing the impact on human resources and ensuring faster remediation.

Discover how Microsoft's latest security tools announced at Build 2026 are embedding security into every stage of development to combat AI-driven threats.

Published: June 3, 2026

Share this on:

Executive Summary

At Microsoft Build 2026, held on June 2, 2026, Microsoft unveiled a comprehensive suite of security tools and capabilities aimed at integrating security throughout the development lifecycle. Key announcements included the introduction of the Microsoft Security multi-model agentic scanning harness (codename MDASH), designed to proactively identify and validate exploitable vulnerabilities in codebases, and the integration between Microsoft Defender and GitHub Code Security to prioritize and remediate code vulnerabilities efficiently. Additionally, Microsoft introduced the Agent 365 SDK to help developers build secure, enterprise-ready AI agents by default, and announced Defender AI model scanning to verify the integrity of AI models before deployment. These initiatives reflect Microsoft's commitment to embedding security into the development process, enabling faster and more secure innovation without compromising control. (microsoft.com)

The relevance of these announcements is underscored by the increasing complexity and sophistication of cyber threats, particularly those leveraging AI to exploit vulnerabilities. By integrating advanced security measures directly into development tools and workflows, Microsoft aims to empower developers and security teams to stay ahead of emerging threats, ensuring that security is a foundational aspect of the development process rather than an afterthought.

Why This Matters Now

The rapid evolution of AI technologies has introduced new security challenges, including the potential for AI-driven exploitation of vulnerabilities. Microsoft's proactive integration of security tools into the development lifecycle addresses these challenges by enabling developers to identify and remediate risks early, ensuring that innovation proceeds without compromising security.

Attack Path Analysis

An attacker exploited a misconfigured AI agent to gain initial access, escalated privileges by manipulating agent execution policies, moved laterally by compromising interconnected agents, established command and control through covert channels, exfiltrated sensitive data processed by the agents, and caused impact by deploying malicious models into production.

Kill Chain Progression

Initial Compromise

Mediuminferred

Privilege Escalation

Mediuminferred

Lateral Movement

Mediuminferred

Command & Control

Mediuminferred

Exfiltration

Mediuminferred

Impact

Mediuminferred

Initial Compromise

Description

The attacker exploited a misconfigured AI agent to gain unauthorized access to the development environment.

Confidence:

Medium

MITRE ATT&CK® Techniques

Reconnaissance

T1682

Query Public AI Services

Resource Development

T1588.007

Obtain Capabilities: Artificial Intelligence

Execution

T1204.001

User Execution: Malicious Link

Execution

AML.T0051

LLM Prompt Injection

Persistence

AML.T0080.000

AI Agent Context Poisoning: Memory

Potential Compliance Exposure

Mapping incident impact across multiple compliance frameworks.

NIST SP 800-53 – System Monitoring

Control ID: SI-4

The incident highlights the need for continuous monitoring of AI systems to detect and respond to security events promptly.

PCI DSS 4.0 – Security Testing of Applications

Control ID: 6.4.1

The use of AI in code development necessitates rigorous security testing to identify and remediate vulnerabilities introduced by AI-generated code.

NYDFS 23 NYCRR 500 – Cybersecurity Policy

Control ID: 500.03

Organizations must update their cybersecurity policies to address risks associated with AI technologies, ensuring comprehensive governance.

DORA – ICT Risk Management Framework

Control ID: Article 5

The integration of AI into development processes requires robust ICT risk management to maintain operational resilience.

NIS2 Directive – Cybersecurity Risk Management Measures

Control ID: Article 21

Entities must implement measures to manage risks arising from AI systems, ensuring the security of network and information systems.

CISA ZTMM 2.0 – Data

Control ID: Pillar 3

The incident underscores the importance of implementing zero trust principles to protect data processed by AI systems.

Sector Implications

Industry-specific impact of the vulnerabilities, including operational, regulatory, and cloud security risks.

Computer Software/Engineering

Critical exposure to AI-powered vulnerability discovery and agentic security systems requiring immediate adoption of multi-model scanning harnesses and secure development lifecycle integration.

Financial Services

High-risk sector facing AI agent data exposure threats, requiring enhanced Zero Trust segmentation, encrypted traffic controls, and compliance with banking regulatory frameworks.

Health Care / Life Sciences

Severe HIPAA compliance risks from insecure AI agents accessing sensitive patient data, demanding immediate implementation of runtime DLP and microsegmentation controls.

Government Administration

Critical national security implications from shadow AI and vulnerable code exploitation, requiring comprehensive agentic security frameworks and multi-cloud visibility controls.

Sources

Microsoft Build 2026: Securing code, agents, and models across the development lifecyclehttps://www.microsoft.com/en-us/security/blog/2026/06/02/microsoft-build-2026-securing-code-agents-and-models-across-the-development-lifecycle/
Verified

Defense at AI speed: Microsoft’s new multi-model agentic security system tops leading industry benchmarkhttps://www.microsoft.com/en-us/security/blog/2026/05/12/defense-at-ai-speed-microsofts-new-multi-model-agentic-security-system-finds-16-new-vulnerabilities/

Verified

GenAI-Driven Threat Detection with Microsoft Security Copilothttps://arxiv.org/abs/2605.20896

Verified

Frequently Asked Questions

MDASH is Microsoft's multi-model agentic scanning harness that orchestrates over 100 specialized AI agents to proactively discover, validate, and prove exploitability across codebases, enhancing security by identifying real risks over theoretical noise.

Cloud Native Security Fabric Mitigations and ControlsCNSF

Aviatrix Zero Trust CNSF is pertinent to this incident as it embeds security directly into the cloud fabric, likely reducing the attacker's ability to move laterally and exfiltrate data by enforcing strict segmentation and identity-aware controls.

Initial Compromise

Control: Cloud Native Security Fabric (CNSF)

Mitigation: The attacker's ability to exploit misconfigured AI agents would likely be constrained, limiting unauthorized access to the development environment.

Privilege Escalation

Control: Zero Trust Segmentation

Mitigation: The attacker's ability to escalate privileges by manipulating execution policies would likely be limited, reducing the scope of unauthorized access.

Lateral Movement

Control: East-West Traffic Security

Mitigation: The attacker's lateral movement between interconnected agents would likely be restricted, limiting the spread of the compromise.

Command & Control

Control: Multicloud Visibility & Control

Mitigation: The attacker's establishment of covert command and control channels would likely be detected and disrupted, reducing the effectiveness of their control over compromised agents.

Exfiltration

Control: Egress Security & Policy Enforcement

Mitigation: The attacker's ability to exfiltrate sensitive data would likely be constrained, limiting data loss.

Impact (Mitigations)

The attacker's deployment of malicious models into production would likely be limited, reducing operational disruption.

Impact at a Glance

Affected Business Functions

Software Development
Security Operations
Data Governance

Operational Disruption

Estimated downtime: N/A

Financial Impact

Estimated loss: N/A

Data Exposure

No specific data exposure reported.

Recommended Actions

• Implement Zero Trust Segmentation to restrict agent-to-agent communications and limit lateral movement.
• Enforce strict execution policies and runtime controls for AI agents to prevent unauthorized privilege escalation.
• Utilize Multicloud Visibility & Control to monitor agent activities and detect anomalous behaviors.
• Apply Egress Security & Policy Enforcement to control and monitor data exfiltration attempts from agents.
• Deploy Threat Detection & Anomaly Response mechanisms to identify and respond to suspicious agent activities in real-time.

Secure the Paths Between Cloud Workloads

A cloud-native security fabric that enforces Zero Trust across workload communication—reducing attack paths, compliance risk, and operational complexity.

Stop Advanced Threats Get a Free Workload Attack Path Assessment Under Active Attack?

Microsoft Build 2026: Integrating Security Across the Development Lifecycle

Executive Summary

Why This Matters Now

Attack Path Analysis

Kill Chain Progression

Initial Compromise

Description

MITRE ATT&CK® Techniques

Query Public AI Services

Obtain Capabilities: Artificial Intelligence

User Execution: Malicious Link

LLM Prompt Injection

AI Agent Context Poisoning: Memory

Potential Compliance Exposure

NIST SP 800-53 – System Monitoring

PCI DSS 4.0 – Security Testing of Applications

NYDFS 23 NYCRR 500 – Cybersecurity Policy

DORA – ICT Risk Management Framework

NIS2 Directive – Cybersecurity Risk Management Measures

CISA ZTMM 2.0 – Data

Sector Implications

Computer Software/Engineering

Financial Services

Health Care / Life Sciences

Government Administration

Sources

Frequently Asked Questions

Cloud Native Security Fabric Mitigations and ControlsCNSF

Impact at a Glance

Affected Business Functions

Recommended Actions

Key Takeaways & Next Steps

Secure the Paths Between Cloud Workloads