Microsoft Security reposted this
New Release: AI Investigator Playbook AI systems are now embedded in everyday work and security teams need a structured way to investigate what happens inside them. Today I'm sharing the AI Investigator Playbook, a practical guide for reconstructing AI activity across Microsoft 365 Copilot and Azure AI services using telemetry you already have. The playbook introduces a repeatable scope–context–signal sequence: identify who interacted with AI systems, understand what was accessed, and evaluate detection signals within that broader chain of activity. Inside you'll find: ✅ Schema references and KQL queries ✅ Detection logic for prompt injection, anomalous usage, and credential exposure ✅ Coverage for agent-based systems including deployment, configuration, and authorization ✅ A single working model that reduces ad hoc pivots during investigations The goal: move from isolated alerts to a coherent, reconstructed account of what occurred. 📥 Get the playbook → https://lnkd.in/g25sTDpW #CyberSecurity #AISecurity #IncidentResponse #ThreatDetection #Microsoft #SecurityOperations