Microsoft Defender Security Research Team, Author at Microsoft Security Blog

Research
January 30
4 min read

Case study: Securing AI application supply chains

Securing AI-powered applications requires more than just safeguarding prompts.

Man in focused work using a Surface tablet while holding a mobile device.

Research
January 29
6 min read

Turning threat reports into detection insights with AI

Security teams often spend days manually turning long incident reports and threat writeups into actionable detections by extracting TTPs.

A man and woman explore risks associated with their AI agents and how to address them at runtime.

Research
January 23
8 min read

From runtime risk to real‑time defense: Securing AI agents

Why securing AI agents at runtime is essential as attackers find new ways to exploit generative orchestration.

Man in focused work; able to do secure banking on a laptop at home or at the office.

Research
January 21
7 min read

Resurgence of a multi‑stage AiTM phishing and BEC campaign abusing SharePoint

Microsoft Defender Researchers uncovered a multi‑stage AiTM phishing and business email compromise (BEC) campaign targeting multiple organizations in the energy sector.

Photo of an executive reviewing a report on AI agents.

Research
January 21
7 min read

A new era of agents, a new era of posture

AI agents are transforming how organizations operate, but their autonomy also expands the attack surface.

Female and male developers at work and collaborating. Some standing and some sitting using PC multi-monitor set ups.

Research
December 15, 2025
16 min read

Defending against the CVE-2025-55182 (React2Shell) vulnerability in React Server Components

CVE-2025-55182 (also referred to as React2Shell and includes CVE-2025-66478, which was merged into it) is a critical pre-authentication remote code execution (RCE) vulnerability affecting React Server Components and related frameworks.

Developer manager collaborates with developer colleague in developer work space.

Research
December 9, 2025
10 min read

Shai-Hulud 2.0: Guidance for detecting, investigating, and defending against the supply chain attack

The Shai‑Hulud 2.0 supply chain attack represents one of the most significant cloud-native ecosystem compromises observed recently.

Abstract visualization of AI technology with interconnected, colorful data blocks.

News
November 7, 2025
8 min read

Whisper Leak: A novel side-channel attack on remote language models

Microsoft has discovered a side-channel attack on language models which allows adversaries to conclude model conversation topics, despite being encrypted.

CISO (chief information security officer) collaborating with practitioners in a security operations center.

News
July 16, 2025
7 min read

Protecting customers from Octo Tempest attacks across multiple industries

To help protect and inform customers, Microsoft highlights protection coverage across the Microsoft Defender security ecosystem to protect against threat actors like Octo Tempest.

Research
August 27, 2020
6 min read

Stopping Active Directory attacks and other post-exploitation behavior with AMSI and machine learning

Microsoft Defender ATP leverages AMSI’s visibility into scripts and harnesses the power of machine learning to detect and stop post-exploitation activities that largely rely on scripts.

Research
July 23, 2020
11 min read

Seeing the big picture: Deep learning-based fusion of behavior signals for threat detection

Learn how we’re using deep learning to build a powerful, high-precision classification model for long sequences of wide-ranging signals occurring at different times.

Research
June 24, 2020
12 min read

Defending Exchange servers under attack

Exchange servers are high-value targets.

Microsoft Defender Security Research Team posts