AI agents that catch cyberattacks humans miss

Security analysts spend most of their time reacting to alerts rather than proactively hunting threats. Microsoft built DTDA, an AI agent that runs continuously in Microsoft Defender, investigating security incidents by building unified timelines, generating attack hypotheses, gathering evidence, and automatically creating detailed alerts when it finds hidden threats. In live testing across 120 days, the system caught malicious activity humans missed in roughly 1 of every 7 incidents, with 80% precision feedback from customers, while processing each case in under 30 minutes for about $2.