Secure AI with Defender for Cloud
How Defender for Cloud secures AI workloads through posture management and runtime detection
Microsoft Defender for Cloud has seen significant updates to its AI Security Posture Management (AI-SPM) and AI-focused cloud detection and response capabilities.
These changes are aimed at addressing the real security risks that come with running AI workloads in the cloud. Microsoft has extended Defender for Cloud to help organisations understand how their AI systems are configured, identify exposure early, and detect threats while those systems are running. This post looks at what those capabilities actually do, how they work.
Why AI Needs Dedicated Security Controls
AI workloads introduce risks that don’t exist in standard cloud services.
Models depend on data pipelines, APIs, identity permissions, plugins, and external services. A single weak configuration can expose sensitive data or allow unintended behaviour. On top of that, AI systems can be targeted in ways that don’t apply to traditional apps, such as prompt injection or data poisoning.
Defender for Cloud’s AI capabilities exist to close that gap.
AI Security Posture Management (AI-SPM)
AI-SPM extends Defender for Cloud’s posture management to focus specifically on AI workloads.
Its job is simple: help you understand what AI resources you have, how they’re configured, and where the security risks are.
How AI-SPM Works
AI-SPM continuously discovers AI-related resources across supported cloud services. This includes services like Azure OpenAI, Azure Machine Learning, and supported third-party AI platforms.
From this discovery, Defender for Cloud builds an AI bill of materials. This gives you visibility into:
AI models in use
Connected resources and dependencies
Exposure points such as endpoints and identities
Once discovered, Defender for Cloud evaluates these AI resources against security best practices.
This includes checks around:
Identity and access configuration
Network exposure
Data protection and permissions
Secure deployment patterns
Where issues are found, Defender for Cloud generates security recommendations. These are the same type of recommendations used elsewhere in Defender for Cloud, but scoped specifically to AI workloads.
AI-SPM also feeds into attack path analysis. This shows how a weakness in an AI service could be combined with other misconfigurations to reach sensitive data or critical resources.
The Impact of AI-SPM
The biggest value of AI-SPM is visibility.
Most organisations don’t have a clear picture of where AI is being used or how it’s wired into the rest of their cloud environment. AI-SPM makes AI assets visible and assessable in the same way as VMs, containers, and databases.
It also allows teams to catch risky configurations early, before they become incidents. Instead of reacting to an AI-related breach, security teams can fix exposure issues during design or deployment.
AI Threat Protection and Detection & Response
Posture management only covers part of the problem. AI systems also need protection while they’re running.
Defender for Cloud provides AI-focused threat protection that plugs into its broader cloud detection and response capabilities.
How AI Threat Detection Works
Defender for Cloud monitors AI workloads for suspicious or malicious activity using Microsoft threat intelligence and behavioural analysis.
This includes detection of:
Abuse of AI endpoints
Attempts to extract sensitive data
Suspicious access patterns tied to identities or APIs
Indicators of compromise across connected cloud resources
When a threat is detected, alerts are generated and sent into the Defender security ecosystem. This allows analysts to investigate AI-related threats alongside signals from compute, containers, identities, and networks.
Detection and Response in Practice
Defender for Cloud doesn’t treat AI alerts in isolation.
AI detections can be correlated with other cloud signals to show the full attack chain. For example, a compromised identity accessing an AI service can be traced back to its original entry point.
Response actions can then be taken using existing Defender tooling, such as isolating affected resources or triggering automated workflows.
The Impact of AI Detection and Response
The main benefit here is speed and context.
Instead of discovering AI abuse through logs or customer reports, threats are detected as they happen. Security teams get context about what was accessed, how it happened, and what else may be affected.
This reduces investigation time and helps prevent small incidents from becoming larger breaches.
How It All Fits Together
AI-SPM and AI threat protection are designed to work together.
AI-SPM focuses on preventing issues by reducing exposure and misconfiguration. Detection and response focus on containing and stopping attacks when something goes wrong.
Together, they allow Defender for Cloud to secure AI workloads across their full lifecycle:
Design and deployment
Configuration and exposure
Runtime behaviour
Incident response
This brings AI security into the same operational model organisations already use for cloud security.
Overview of AI security posture management: https://learn.microsoft.com/en-us/azure/defender-for-cloud/ai-security-posture Microsoft Learn
Discover generative AI workloads and models in Defender for Cloud: https://learn.microsoft.com/en-us/azure/defender-for-cloud/identify-ai-workload-model Microsoft Learn
Overview of AI threat protection for AI services in Defender for Cloud: https://learn.microsoft.com/en-us/azure/defender-for-cloud/ai-threat-protection Microsoft Learn
Enable threat protection for AI services in Defender for Cloud: https://learn.microsoft.com/en-us/azure/defender-for-cloud/ai-onboarding Microsoft Learn
Security alerts for AI workloads: https://learn.microsoft.com/en-us/azure/defender-for-cloud/alerts-ai-workloads Microsoft Learn
Have blog ideas, want to engage on a topic, or explore collaboration? Let’s take it offline reach out on LinkedIn. I’d love to connect and continue the conversation!