Microsoft April 30, 2026 Security Update: Agent 365 Runtime Protection, GitHub, Purview

Microsoft on April 30, 2026, unveiled a suite of security updates focused on protecting AI agents. The announcements include Agent 365 Runtime Protection (public preview), AI Security Posture Management in Defender for Cloud, advanced AI-code scanning in GitHub Advanced Security, and AI Data Security Investigations in Microsoft Purview. These tools aim to address new threats from autonomous software agents and support compliance with emerging AI regulations.

Microsoft dropped a broad set of security announcements on April 30, 2026, headlined by a new runtime protection layer for AI agents across its ecosystem. The releases span Microsoft Agent 365, Defender for Cloud, GitHub Advanced Security, and Microsoft Purview, all tied together by a common thread: countering the growing threat of malicious or misbehaving autonomous software agents.

Agent 365 Runtime Protection, now in public preview, monitors the actions of AI agents built with Microsoft’s Copilot platform. It analyzes agent behavior in real time, flags suspicious operations—like unauthorized data access or unexpected API calls—and can automatically revoke agent permissions. The service integrates with Microsoft Entra ID to enforce least-privilege policies dynamically. A Microsoft security blog post explained that the engine uses behavioral baselines and anomaly detection, not just static rules, to catch novel attack patterns.

Early adopters in the Microsoft 365 Copilot Early Access Program have been testing Agent 365 Runtime Protection since March 2026. One healthcare IT manager, commenting on a private preview forum, reported that the system blocked a misconfigured scheduling agent from forwarding patient data to an external email, a breach that would have violated HIPAA. Such anecdotes underscore the real-world stakes as enterprises deploy thousands of autonomous agents.

Alongside Agent 365, Microsoft Defender for Cloud gained AI Security Posture Management (AI-SPM) capabilities. The new dashboard maps all AI workloads—across Azure OpenAI, Copilot Studio, and custom agent frameworks—and scores them on a dedicated secure score. It checks for misconfigurations like overly permissive model endpoints or missing content filters. The preview also includes threat detection for prompt injection attacks and model theft attempts, feeding alerts directly into Microsoft Sentinel. According to Microsoft, AI-SPM covers both cloud-hosted agents and those running in hybrid environments via Azure Arc.

GitHub Advanced Security received an upgrade that tackles the code supply chain risks introduced by AI-generated code. CodeQL, Microsoft’s semantic analysis engine, now includes a pack of queries specifically designed to find vulnerabilities common in AI-authored code—patterns like unsafe deserialization, hallucinated library calls, and logic flaws that static analyzers previously missed. GitHub’s secret scanning got smarter too: it can now detect API keys and tokens that are dynamically generated by AI agents during development workflows, a scenario that traditional static scans often overlook.

A new feature, Agent Actions Audit, records every code change proposed by Copilot Chat agents in pull requests, along with the prompt context that triggered the change. Developers can review an audit trail, and security teams can set policies that require manual approval for agent-authored code that touches sensitive modules. GitHub’s product manager noted in a community AMA that the feature is an extension of copilot-content-exclusion settings and works with any CI/CD pipeline that consumes GitHub Actions.

Microsoft Purview, the compliance and governance side of the house, introduced AI Data Security Investigations. This tool correlates logs from Microsoft 365, Azure, and third-party AI services to reconstruct the data lifecycle of an AI interaction. An investigator can trace how a marketing agent accessed a customer database, summarized personal data, and shared it with a third-party model—all in a visual timeline. Purview also rolled out AI-sensitive information types, which auto-classify data generated by or fed into AI systems, helping organizations apply retention labels and data loss prevention policies more accurately.

The announcements come as regulators sharpen their focus on AI governance. The EU AI Act’s high-risk system requirements are set to take full effect in August 2026, and these tools directly support compliance demands for transparency, human oversight, and robustness. Microsoft’s security chief, speaking at a virtual press briefing, said, “Agents are the new endpoints. We’re bringing decades of endpoint protection experience to this new attack surface.” The company emphasized that all new capabilities will be available at no additional cost to existing E5 and GitHub Enterprise subscribers through June 2027.

Reaction from the Windows and enterprise IT community has been cautiously optimistic. On Windows Forum, a thread titled “Agent 365 Runtime Protection – finally” gathered over 300 comments within 24 hours. Many praised the integration depth but questioned the performance overhead. One user reported that the agent monitoring service added 15-20ms of latency to Copilot responses in their tests, though Microsoft’s documentation claims a sub-5ms impact for typical configurations. Another concern centered on false positives: a developer recounted that the system temporarily disabled a legitimate troubleshooting agent because it tried to access debug logs in an unusual pattern. Microsoft acknowledged the issue and promised configurable sensitivity tiers by general availability.

The GitHub Advanced Security updates sparked a debate about whether the responsibility for AI code quality should fall on review tools or on the models themselves. Open-source maintainers argued that CodeQL’s AI-focused queries might flag benign patterns, increasing noise. Yet, a platform engineer from a large fintech company shared that the new agent-authored pull request auditing uncovered three instances of an AI-generated SQL injection vulnerability that had slipped through standard reviews—enough to convince their team of the value.

Under the hood, these capabilities rely on a shared telemetry framework codenamed “Odin,” which Microsoft has been building into its security graph since early 2025. Odin normalizes event data from agent runtimes, APIs, and identity providers into a common schema, enabling cross-service correlation. This is why a threat detected in Agent 365 can trigger an automated investigation in Defender for Cloud and a compliance alert in Purview, all within the same console. Microsoft’s commitment to this unified architecture signals a long-term bet that AI agent security will become as foundational as identity and endpoint security.

The previews are accessible now. IT admins can enable Agent 365 Runtime Protection from the Microsoft 365 Defender portal under Settings > Agents. Defender for Cloud’s AI-SPM is opt-in via the Environment Settings blade. GitHub Advanced Security’s new features ship with the latest CodeQL bundle, version 2.18.3, and require no additional configuration beyond updating Action workflows. Purview’s AI Data Security Investigations appear in the new Investigations hub, rolling out to tenants in a phased manner through May 2026.

Microsoft plans to make Agent 365 Runtime Protection generally available in Q3 2026, alongside the next Windows Server release, which will include native support for hosting on-premises agents securely. The company also teased a future capability: “agent firewalling” that would enforce network-level restrictions for agent communications, similar to micro-segmentation in data centers. For now, the April 30 releases mark a significant step in an industry-wide race to secure the agent economy that enterprises are rapidly building.