Security in hybrid and multicloud environments is no longer a marginal topic: it’s a strategic priority. The numbers are clear: the average cost of a breach has reached $4.44 million; 86% of decision-makers believe their cybersecurity strategy isn’t keeping pace with multicloud complexity; over 40% expect a skills shortage precisely in security administration roles. In this scenario, the attack surface expands, dependencies multiply, and SecOps teams must interpret fragmented signals coming from different platforms—often with limited resources.
A shift in perspective is needed, and AI itself makes it possible: an approach that combines real-time visibility, shared context, and intelligent automation, capable of keeping up with the speed of the cloud and the evolution of threats.
This article provides an overview of the evolutions of Microsoft Defender for Cloud and how the solution helps strengthen AI security in hybrid and multicloud environments.
How AI Enables a Paradigm Shift
AI is not simply a new tool: even in security, if adopted judiciously, it becomes an operational amplifier capable of transforming posture assessment, incident analysis, and collaboration across teams. In particular, it enables you to:
-
Continuously assess and improve security posture, with real-time visibility and context at “hyper-cloud” scale, thanks to automatic correlations between assets, identities, configurations, and risks.
-
Investigate and respond to threats with unprecedented speed and expertise, with AI-driven detections and strategies, risk-based prioritization, automated playbooks, and operational guidance.
-
Increase productivity and collaboration through natural-language workflows, using, for example, Copilot for triage, research, queries, runbooks, and reporting.
AI Attack Surface: Where Risks Lurk
Before implementing any controls, it’s essential to map the most exposed areas across the entire lifecycle of AI solutions—identities, network, data, models, supply chain, and operations—because that’s where risks accumulate and often go unnoticed.
-
Identity & access. Threats arise from unprotected keys, excessive privileges that pile up over time, and the absence of JIT/PIM mechanisms to limit access and permission duration.
-
Network. AI endpoints exposed to the internet, uncontrolled egress, and the lack of Private Endpoints open avenues an attacker can probe.
-
Data. In RAG architectures with unclassified sources, risk increases: loss of ACLs during indexing and leakage in prompts or logs can expose sensitive information.
-
Models. The use of unapproved families/versions, absence of content safety, and lack of anti-abuse testing expose you to harmful responses, jailbreaking, and non-compliant outputs.
-
ML supply chain. Dataset poisoning, unverified dependencies, and unsigned container images compromise upstream integrity, contaminating the entire training and release process.
-
Cost masking. Anomalous token/RPM usage, key scraping, and abuse by bots/scripts generate unexpected expenses and can mask fraudulent activity.
-
Operations. The lack of SLOs, absence of effective rollbacks, and weak BC/DR strategies make service continuity fragile and extend recovery times.
Mapping these weaknesses is not a theoretical exercise: it’s the prerequisite for designing targeted, measurable, and sustainable controls over time. It’s also about balancing costs and the level of security you aim to achieve.
How Microsoft Defender for Cloud Intervenes
To reduce risk and gain visibility in hybrid and multicloud environments, Defender for Cloud acts on multiple levels:
-
CSPM (Cloud Security Posture Management). It starts with posture: evaluates configurations, maps assets and dependencies, highlights deviations, and proposes concrete remediations. All with a unified multicloud view to compare criteria and priorities across different providers.
-
Workload protection (CWPP). Extends coverage to workloads—VMs, containers/Kubernetes, and PaaS services (databases, storage, app services)—combining hardening recommendations and detections on runtime and configurations.
-
AI detections and recommendations. Makes AI workloads visible and flags risks across configurations, identities, network, and logging, aligning with emerging best practices for AI security and governance.
-
SecOps integration. Closes the loop with operations: forwards events and alerts to Microsoft Sentinel and Defender XDR, enables automated playbooks, and supports guided investigations to reduce MTTD/MTTR.
The result is coordinated defense: from prevention to detection to response, with ready-to-use insights that speak the same language across all clouds.
AI Security Posture Management (CSPM): “Code-to-Cloud” Visibility for Generative AI
With the Defender Cloud Security Posture Management (CSPM) plan in Microsoft Defender for Cloud, security spans enterprise on-premises environments and hybrid/multicloud scenarios (Azure, AWS, Google Cloud), covering the entire lifecycle of generative AI applications: from code, to pipelines, to production runtime.
AI Bill of Materials (AI BOM)
Defender for Cloud discovers AI workloads and reconstructs the AI BOM: application components, data, and AI artifacts, from code to cloud. This end-to-end visibility makes it possible to identify vulnerabilities, prioritize risks, and protect generative applications with targeted interventions.
Continuous discovery of AI workloads is available for major services:
-
Azure OpenAI Service
-
Azure AI Foundry
-
Azure Machine Learning
-
Amazon Bedrock
-
Google Vertex AI (Preview)
In addition, Defender for Cloud detects vulnerabilities in dependencies of generative AI libraries (e.g., TensorFlow, PyTorch, LangChain) by analyzing source code (IaC misconfigurations) and container images (vulnerabilities).
Contextual Insights and Recommendations
Defender CSPM provides recommendations on identities, data security, and internet exposure, helping identify and prioritize critical issues.
DevOps security & IaC misconfigurations intercept misconfigurations that expose generative apps (excessive permissions, unintentionally published services), reducing breaches, unauthorized access, and compliance problems.
Examples of IaC controls for AI
-
Use of Private Endpoints for Azure AI Service.
-
Restricting Azure AI Service Endpoints.
-
Managed Identity for Azure AI service accounts.
-
Identity-based authentication for Azure AI service accounts.
In addition, the attack path analysis feature detects and helps mitigate risks to AI workloads, even when data and compute are distributed across Azure, AWS, and GCP.
What’s New: Defender for AI Services (Runtime Protection for Azure AI Services)
Defender for AI Services introduces runtime protection for Azure AI services (formerly threat protection for AI workloads). It is designed for risks specific to generative AI and combines Microsoft Threat Intelligence and Azure AI Content Safety (Prompt Shields) with real-time analytics to detect data leakage, data poisoning, jailbreaks, credential theft, wallet abuse, suspicious access patterns, and other malicious behaviors.
Overview — Protection Against AI Threats
The solution makes it possible to identify threats to generative AI applications in real time and assists in response with context-rich alerts and recommendations. It provides coverage for endpoints and AI resources present in subscriptions, highlighting risks that can impact applications.
Integration with Defender XDR
Protection for AI services integrates with Defender XDR, allowing you to centralize alerts related to AI workloads in the XDR portal and correlate alerts and incidents with identities, endpoints, network, and applications along the entire kill chain.
Evidence from User Prompts
With the protection plan active, it is optionally possible to include in alerts suspicious segments of user prompts and/or model responses originating from apps or AI resources. This evidence is customer data and helps with triage, classification, and intent analysis. It is available in the Azure portal, Defender portal, and via specific integrations.
Application and User Context in Alerts
To maximize actionability, the solution propagates to API calls to Azure AI the context of the user and application (e.g., userId, userIp, sessionId, appId, environment, requestId). This makes it possible to block users, correlate incidents, prioritize, and distinguish suspicious activity from expected behavior for a specific app.
Data and AI Security Dashboard: Unified View, Faster Decisions
The Data and AI Security Dashboard in Microsoft Defender for Cloud offers a centralized platform to monitor and manage data and AI resources, associated risks, and protection status. It highlights critical issues, resources requiring attention, and internet-exposed assets, enabling proactive mitigation. It also provides insights on sensitive data within data services and AI workloads.
Key Benefits
-
Unified view of all data and AI resources in a single interface.
-
Insights into data location and the types of resources that host it.
-
Assessment of protection coverage for data and AI resources.
-
Attack paths, recommendations, and data threat analysis in one place.
-
Mitigation of critical risks and continuous posture improvement.
-
Security explorer highlighting useful queries to uncover insights.
-
Identification and synthesis of sensitive data in cloud resources and AI assets.
Data Security with Microsoft Purview
To rigorously manage data used in AI applications, you can enable integration with Microsoft Purview. This feature requires a Microsoft Purview license and is not included in the Microsoft Defender for Cloud plan for AI services.
By enabling Purview, you allow the platform to access, process, and store request and response data—including associated metadata—originating from Azure AI services. In this way, you enable key data security and compliance scenarios, such as:
-
Sensitive Information Type (SIT) classification.
-
Analysis and reporting with Microsoft Purview DSPM for AI.
-
Insider risk management.
-
Communications compliance.
-
Microsoft Purview auditing.
-
Data lifecycle management.
-
Electronic discovery (eDiscovery).
In practice, this integration makes it possible to govern and monitor AI-generated data in alignment with corporate policies and regulatory requirements, fostering responsible, traceable, and compliant use of AI throughout the entire information lifecycle.
Conclusions
AI security in hybrid and multicloud environments requires a continuous, measurable, risk-oriented posture. Microsoft Defender for Cloud provides the tools to move from visibility to operational protection: discovery of workloads and AI BOM, contextual recommendations and attack path analysis, through to runtime protection with Defender for AI Services and incident correlation in Defender XDR and Microsoft Sentinel. Integration with Microsoft Purview makes it possible to govern the data that fuel models, ensuring traceability and compliance throughout the entire lifecycle.
The recommended path is clear: map the AI attack surface; enable CSPM and essential IaC controls; extend coverage to key workloads (VMs, containers, PaaS); activate runtime protection for Azure AI services; and centralize detection and response. Only then does AI become a multiplier of resilience rather than a new vector of risk. Finally, remember that absolute security in IT does not exist (except for systems that are powered off and completely isolated): it is therefore essential to balance costs, operational impact, and the desired level of protection, based on the value of assets and acceptable risk.
