I should have seen this coming. OpenAI GPT-4 is even hotter. A tech buff named Bill Gates calls generative AI “the most important technological advance since graphical user interfaces.” Meanwhile, his GitHub Copilot, Microsoft’s automated pair programming service, is quite popular in its own right. So combining the two was a natural move. The result is the Microsoft Security Copilot.
In fact, GitHub Copilot for Business, an OpenAI Codex extension, was released in February. It included an updated version of the OpenAI Codex and a real-time vulnerability filter for detecting security bugs while coding. A new vulnerability filter uses a large language model (LLM) to “approximate the behavior of static analysis tools.”
This extension also converts natural language to code. This service is available in editors such as Microsoft Visual Studio, Neovim, VS Code, JetBrains IDE.
So OpenAI and Copilot were already working together. Combine all of this with the desperate need for a skilled security professional (Microsoft estimates there are 3.4 million job openings for him), and this is yet another Microsoft money-making offering. may be proved. It goes without saying that you want your code to be more secure, but at the same time to be faster to produce.
Anyway, that’s my hope. Let’s see what we can see.
To do that work, Security Copilot was trained with data from the Cybersecurity and Infrastructure Security Agency (CISA), the NIST vulnerability database, and of course Microsoft’s own threat intelligence database.
Security Copilot works by accepting natural language input. For example, you can request an overview of a specific vulnerability, feed code snippets for analysis, or analyze incident reports. Keep a complete audit trail of all inputs and results. Share the results in a shared workspace.
It all seems very convenient to me.
end-to-end defense
Microsoft Security Copilot is intended to provide end-to-end defense at machine speed and scale. It integrates LLM with Microsoft’s security-specific model. This model incorporates a growing set of security skills, informed by Microsoft’s global threat intelligence and over 65 trillion daily signals. Runs on Azure hyperscale infrastructure,
This AI-powered tool helps security professionals detect threats, improve response times, and strengthen their organization’s security posture. You can’t always get perfect results, but Security Copilot is a closed-loop learning system that continuously learns from user feedback to improve its performance.
Additionally, Security Copilot is integrated with Microsoft Security products. It will eventually be extended to support third party solutions. Microsoft is also committed to being designed around privacy, ensuring that user data remains in control and is not used to train underlying ML models. I’m not sure how it works in a closed-loop learning system.
It will be interesting to see how it works. Despite its popularity, questions remain about whether Copilot’s use of training code is legal or ethical.
In any case, anything that helps programmers write safer code is welcome. Frankly, we need all the help we can get.
However, most likely it will not be available today or tomorrow. Only available for select partners. Microsoft has yet to announce a release date. However, if the beta goes well, I expect Microsoft to release it sooner or later. I know a lot of developer teams who would love to try it.
