Microsoft’s Vasu Jakkal explains how artificial intelligence is redefining cybersecurity

VentureBeat recently met (virtually) with Vasu Jakkalcorporate vice president of security, compliance, identity, management and privacy at Microsoft, to gain insights into how artificial intelligence, machine learning (ML), generative AI, and emerging technologies are redefining cybersecurity.

The jackal leads Microsoft Securityone of the fastest growing divisions Microsoft has achieved $20 billion of revenue early last year. He previously served as executive vice president and chief marketing officer at FireEye and vice president of corporate marketing at Brocade.

A key takeaway from her interview with VentureBeat is that AI is core to Microsoft’s security DNA, and she and the senior leadership team see Generation AI as a must-have technology to reduce barriers to a more inclusive, productive and diverse industry . For them last fiscal year, Microsoft reported record annual revenue of more than $245 billion, up 16% year over year, and operating profit of more than $109 billion, up 24%.

CEO Nadella: Security is Microsoft’s top priority

During Microsoft’s Q1 FY25 earnings statementpresident e CEO Satya Nadella stated that “we continue to prioritize safety above all else. Nadella continued: “Security Copilot, for example, is used by companies across every industry, including Clifford Chance, Intesa Sanpaolo and Shell, to execute SecOps tasks more quickly and accurately. And we’re also helping customers secure their AI implementations. Customers have used Defender to discover and protect more than 750,000 generation AI app instances; and used Purview to audit over a billion Copilot interactions to meet their compliance obligations.”

Write your letter this year annual reportNadella emphasized how critical security is to Microsoft’s future, saying that “security underpins every layer of our technology stack.” Nadella writes emphatically, “We are doubling down on our Secure Future Initiative as we implement our principles of security by design, security by default, and secure operations. And we are focused on continued progress across the initiative’s six pillars: protecting tenants and isolating production systems; protect identities and secrets; protect networks; protect engineering systems; monitor and detect threats; and accelerate response and repair.

Nadella says, “as part of this commitment, all Microsoft employees now make security a “top priority,” holding each of us accountable for creating secure products and services.”

The following is an excerpt from VentureBeat’s interview with Jakkal.

VentureBeat: Can you start by sharing how Microsoft’s Secure Future Initiative (SFI) has reshaped the company’s approach to cybersecurity and culture?

Jackal: THE Initiative for a secure future it’s not just about technology: it’s about transformation. With more than 34,000 equivalent engineers dedicated to this effort, it is one of the largest engineering efforts in cybersecurity. We focus on being secure by design, secure by default, and secure in operations. But it’s also about changing the way we think: security is now the responsibility of everyone at Microsoft, not just a specialized team. This is how we make progress.

I think it’s our job and our duty to provide these platforms. I came to Microsoft because of our mission and to empower everyone, and I love security because I think this is a great place for everyone to make an impact. When we launched our Secure Future Initiative last November, yes, the goal was to secure Microsoft and create a resilient Microsoft, but it’s much more than that. It’s about protecting the world in the age of artificial intelligence, creating fairness, equality and opportunity so everyone can participate. Because when I go around and meet not just women, men, women, all people, all facets and they say, look, you can have a very meaningful career tied to purpose. You can have a great career.

VB: How does generative AI empower defenders and what role does Security Copilot play?

Jackal: I think the AI ​​generation will be a turning point in this industry. I’ll share some statistics with you. Three years ago, in 2021, we saw 567 identity-related attacks, that is, password-related attacks; That’s a lot of attacks per second. Today, that number is 7,000 password attacks per second and over 1,500 threat actors monitored. Security Copilot helps level the playing field. Use Microsoft security data and OpenAI GPT models to simplify tasks, whether analyzing incidents or automating reports. For early career defenders, he improved speed by 26% and accuracy by 35%. For experienced professionals, it’s 22% faster and 7% more accurate. But the most significant statistic for me? Over 90% of users said they wanted to reuse it. This is what we call the “joy statistic.” That’s why I love the AI ​​generation because I think this tool will make it easy for everyone to become an advocate. And this is a turning point for me.

VB: Could you explain how exposure management and how the combination of artificial intelligence, human collaboration and threat management orchestrated in your new exposure management direction will optimize security operations center (SOC) performance ?

Jackal: For a couple of years we have been marching in the direction of what we call unified SOC or unified SecOps and this has been one of our visions: it’s difficult for defenders when there are too many alarms. I mean, the noise-to-signal ratio is pretty high. And so the idea behind our SOC was to take extended detection and response, our XDR capabilities, which is really Defender, which is our tool, and to take our SIEM capabilities, which is Sentinel, and bring them together. So we have a unified dashboard and exposure management fits right into that because along with our extended detection response, so not just looking at endpoints but looking at endpoints and identity, data security and cloud security, all of these things , exposure management is simply integrated into that. So you can access Defender and your SOC teams have our exposure management capabilities and it helps your teams just like your threat protection tools help you detect and respond. Our exposure management tools help you map out all the potential paths that attackers take because I think defense is great, but I like to think prevention is the best defense.

VB: Why has Microsoft made exposure management a cornerstone of its proactive defense strategy?

Jackal: Attackers think in graphs, defenders in lists or silos. Defenders need to think in graphs. For the AI ​​generation, this is extremely critical and this is what exposure management is. We are actively integrating graphics capabilities into our security products. Exposure management it is our first product together obviously with the AI ​​generation, which uses these graphics features. And it allows you for the first time to offer attack surface management and attack path analysis, such as seeing your digital assets the way an attacker would see your digital assets and starting to look at all the paths potential and how an attacker could enter it. I also have this cool thing where you can find the choke points. Are there many attack paths that pass through a point and what does that look like? And this uses these graph capabilities. We already have 70,000 tenants where exposure management is enabled. And we’re working with the third-party ecosystem because security is a team sport.

VB: How does exposure management improve defender capabilities within a unified SOC?

Jackal: Exposure management fits perfectly into our vision of a unified Security Operations Center (SOC). It brings together tools like Defender for detection and Sentinel for response into one cohesive system. By integrating exposure insights, defenders get a clear map of attack paths and risks. It’s about making prevention as seamless as detection and response, giving defenders unique, actionable insight.

VB: What role does diversity play in Microsoft’s cybersecurity vision?

Jackal: We talk about critical graphs and artificial intelligence, but ultimately cybersecurity is about people and empowering them to use these technologies so they can change cultures. The Secure Future Initiative, graph-based capabilities, AI generation, and all other initiatives are driving a massive cultural transformation that includes everyone. I think you heard me say that safety should be for everyone and it should be for everyone. And that’s what we’re up to. Cybersecurity thrives on diverse perspectives because attackers are diverse and our defenders should be too. It’s about creating opportunities and giving everyone the chance to be part of the solution.

VB: How does Microsoft ensure that AI tools are accessible and fair to defenders?

Jackal: Accessibility is key. We design tools like Security Copilot to be intuitive and allow defenders of all levels to use them effectively. By democratizing advanced features, we ensure that even the smallest organizations can access the same powerful tools as large enterprises.
Because imagine how many people will have access to all these tools, no matter who you are, no matter where you are, you can get started. And our attackers are quite different. Our world is quite diverse. So if our advocates don’t reflect the diversity of our world, how can we expect to stay ahead of the curve? So I think these tools, whether it’s generative AI or the graph that we’re building or the platform, will help us do that as well.

VB: What is your ultimate vision for Microsoft’s cybersecurity initiatives?

Jackal: Our goal is to empower defenders and build a safer digital world. With tools like Security Copilot and Exposure Management, we’re transforming the way organizations approach cybersecurity, ensuring they stay ahead of evolving threats. It’s about making cybersecurity accessible to all and creating a resilient and inclusive future.