Microsoft’s post argues that AI agents change security posture because they’re not “passive” apps: they can reason, invoke tools, pull data from knowledge sources, and act on behalf of users—often built quickly by teams that may not fully model the security implications. The core idea of “AI agent posture” is to keep innovation moving while reducing risk through comprehensive visibility + context: knowing what agents exist, what data they can access, what tools they can call, and which configurations create exploitable paths (for example, an internet-exposed API leading to an agent that’s connected to sensitive storage). Microsoft frames this as a holistic problem across layers (models, platforms, tools, data/grounding sources, guardrails, identities), where missing just one weak link can expose the whole system.

The article then walks through practical scenarios where Microsoft Defender’s posture management is meant to help. It highlights finding agents connected to sensitive data (and mapping “attack paths” to show how a compromise could lead to data exposure), identifying agents at elevated risk of indirect prompt injection (malicious instructions hidden in external content like emails or webpages that the agent processes), and spotting high-impact coordinator agents that control other agents and therefore have a larger “blast radius” if compromised. Defender assigns dedicated risk factors and generates hardening recommendations—like adding guardrails, reducing autonomy, or introducing human-in-the-loop checks—so teams can prioritize fixes before incidents occur. Microsoft also positions this as multi-cloud posture management via AI Security Posture Management (AI-SPM) in Defender for Cloud, covering major AI platforms (e.g., Azure AI Foundry, AWS Bedrock, and Google Vertex AI).

Source: https://www.microsoft.com/en-us/security/blog/2026/01/21/new-era-of-agents-new-era-of-posture/