[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fhOxVUYeqOaWgIDiKGr7JFZzVuOOkcFsT6f3O9j191C8":3},{"article":4,"iocs":56},{"id":5,"title":6,"slug":7,"summary":8,"ai_summary":9,"brief":10,"full_text":11,"url":12,"image_url":13,"published_at":14,"ingested_at":15,"relevance_score":16,"entities":17,"category_id":33,"category":34,"article_tags":38},"bd0dd399-7a49-4021-a4c4-ccf6b005f152","Reconstructing AI activity in investigations","reconstructing-ai-activity-in-investigations-fff4a9","Learn how to investigate AI activity in Microsoft 365 Copilot and Azure AI services using a structured, telemetry-driven approach. This playbook helps security teams reconstruct events, assess data exposure, and detect potential threats faster. The post Reconstructing AI activity in investigations appeared first on Microsoft Security Blog.","Microsoft has published a new playbook to help security teams investigate AI activity within Microsoft 365 Copilot and Azure AI services. The playbook provides a structured, telemetry-driven approach to reconstruct events, assess data exposure, and detect threats by analyzing data from Microsoft Purview, Defender, and Sentinel. It aims to enable faster and more coherent investigations into AI interactions, including prompt injection attempts and anomalous data access.","Microsoft releases playbook for investigating AI activity in M365 Copilot and Azure AI.","Share Link copied to clipboard! Content types Research Topics Actionable threat insightsAI and agents AI systems are now part of everyday work. Investigators need a consistent way to reconstruct what happened within them. Security teams are already investigating activity involving Microsoft 365 Copilot and Azure AI services—from prompt injection attempts to unexpected data access. Those signals are observable. Without structure, they do not form a coherent account of what occurred. AI interactions generate telemetry across Microsoft Purview, Defender, and Sentinel. That telemetry captures who initiated an interaction, when it occurred, and which resources were involved. It provides the foundation for reconstructing AI activity in enterprise environments. It’s turning those signals into an investigation. To help address that challenge, we’ve published a new investigator playbook for Microsoft 365 Copilot and Azure AI services. The playbook provides a structured approach for investigating AI-related activity using the telemetry already available across Microsoft security products. The methodology follows a scope–context–signal sequence. Investigations begin by identifying who interacted with AI systems, when the activity occurred, and which services were involved. From there, investigators expand into resource context: what the system accessed, what data may have been exposed, and how that activity aligns with expected behavior. Detection signals, including prompt injection attempts, anomalous usage patterns, or credential exposure alerts, are then evaluated within that broader chain of activity. AI telemetry is constructed metadata-first, providing identity, time, and resource context across interactions. That structure is what moves investigations from isolated signals to a coherent account of what occurred. When analyzed together, those elements allow investigators to establish what happened, understand the impact, and determine whether activity reflects normal usage, policy violations, or indicators of compromise. The playbook operationalizes this approach across Microsoft 365 Copilot and Azure AI services. It brings together the required configuration, queries, and detection patterns into a single working model — covering schema references, KQL queries, and detection logic — enabling investigators to follow AI activity across tools with fewer ad hoc pivots. It also extends that model to agent-based systems, where the investigative picture expands: which agents are deployed, how they are configured, what data they are authorized to access, and whether that authorization was used as expected. The outcome is practical. Response teams can move from isolated signals to a reconstructed account of observed activity: scoping AI usage, understanding what data was accessed during interactions, and assessing whether observed behavior is consistent with normal usage, policy violations, or indicators of active threat conditions across Microsoft security services. As AI becomes part of everyday business workflows, response teams need the same investigative rigor they apply to endpoints, identities, and cloud infrastructure. The ability to determine what happened, what data was involved, and whether activity was authorized is quickly becoming a core incident response capability. The playbook gives you the tools to answer it. Download it here: https:\u002F\u002Faka.ms\u002FAIIRplaybook Related posts June 8 17 min read AI brands as bait: How threat actors are using the AI hype in social engineering As threat actors operationalize AI to accelerate attacks, they are also leveraging the wider global interest around AI itself as a social engineering lure. June 5 10 min read Securing CI\u002FCD in an agentic world: Claude Code Github action case Microsoft Threat Intelligence identified a prompt injection pathway in Claude Code GitHub Action that allowed access to workflow secrets under specific conditions. June 4 6 min read Updating the taxonomy of failure modes in agentic AI systems: What a year of red teaming taught us A surge in real-world attacks against agentic AI systems is reshaping how we think about risk.","https:\u002F\u002Fwww.microsoft.com\u002Fen-us\u002Fsecurity\u002Fblog\u002F2026\u002F06\u002F09\u002Freconstructing-ai-activity-investigations\u002F","https:\u002F\u002Fwww.microsoft.com\u002Fen-us\u002Fsecurity\u002Fblog\u002Fwp-content\u002Fuploads\u002F2026\u002F05\u002FMS_Actional-Insights_AI.png","2026-06-09T17:35:06+00:00","2026-06-09T20:00:24.617506+00:00",7,[18,21,23,26,29,31],{"name":19,"type":20},"Microsoft 365 Copilot","product",{"name":22,"type":20},"Azure AI services",{"name":24,"type":25},"Microsoft","vendor",{"name":27,"type":28},"AI","technology",{"name":30,"type":20},"Microsoft Purview",{"name":32,"type":20},"Microsoft Defender","c5eccf7c-abbc-4bd3-bbed-e6da5cba8e73",{"id":33,"icon":35,"name":36,"slug":37},null,"Incident Response","incident-response",[39,44,49,51],{"category":40},{"id":41,"icon":35,"name":42,"slug":43},"02371804-cf6d-4449-98de-f1a2d4d9b266","Tools","tools",{"category":45},{"id":46,"icon":35,"name":47,"slug":48},"839da5c1-3c34-47e2-9499-f7201640e3ac","AI Security","ai-security",{"category":50},{"id":33,"icon":35,"name":36,"slug":37},{"category":52},{"id":53,"icon":35,"name":54,"slug":55},"e7b231c8-5f79-4465-8d38-1ef13aea5a14","Threat Intelligence","threat-intelligence",[]]