Artificial intelligence (AI) has become increasingly prominent across various sectors, showcasing its transformative potential. For instance, generative AI technologies, such as language models, are now being utilised in various fields and organisations. Additionally, concerns regarding the security of AI workloads have sparked significant discussions. Developers are particularly concerned as attackers increasingly seek to exploit applications to manipulate AI workloads, thereby heightening the risks of data breaches and denial-of-service attacks.

Microsoft Defender for Cloud – Azure AI Services

Microsoft (Azure) has launched a Defender service designed to protect Azure AI workloads. This service addresses threats specific to AI services and applications, including data exposure and suspicious access patterns, among others. The detection mechanisms utilise insights from Microsoft Threat Intelligence and Azure AI Prompt Shields, leveraging machine learning and AI to enhance the security of workloads. The service is generally available from May 2025.

The Defender for AI services offers an extensive suite of security features meticulously crafted to meet the unique needs of Artificial Intelligence applications, serving both developers and security administrators. Key elements of its robust offering include:

• Continuous discovery of all components within Generative AI (GenAI) applications, encompassing everything from code to cloud infrastructure, ensuring comprehensive visibility and management.
• Proactive identification and mitigation of potential risks, facilitated by built-in recommendations that guide users toward secure practices.
• Advanced detection of harmful combinations through sophisticated attack path analysis, empowering teams to anticipate and counteract security threats effectively.
• In-depth monitoring of GenAI applications through the implementation of Azure AI Content Safety prompt shields, integration of Microsoft threat intelligence, and analysis of contextual activity to enhance overall application safety and resilience.

This suite not only fortifies AI applications but also fosters a culture of security awareness among developers and administrators alike.

How to enable Defender for AI Services?

This feature has been added to Defender Cloud Workload Protection (CWP) and is specifically designed for AI workloads or services in Azure. You can enable threat protection for AI workloads in Microsoft Defender for Cloud for each subscription. To enable protection for AI workloads, follow these steps:

1. Open the Environment Settings and select the relevant Azure subscription.
2. Navigate to the Azure Portal and select the Defender plans.
3. Enable the toggle for AI workloads. Once the toggle is turned on, the protection for AI workloads will be activated.

The Defender for AI services can be enabled using Azure Policy across subscriptions. A built-in policy is available to enforce these services.

As new capabilities are continuously added to threat protection for AI workloads, which may require the user’s explicit enablement. While writing this blog, we have two additional extensions and To enable these additional features, click edit settings to enable the defender plan [Refer to the above screenshot]:

• Enable suspicious prompt evidence – This highlights prompts exchanged between the user and the model for analysing AI-related alerts. It includes only suspicious segments of the user prompt or model response relevant for security classification. Sensitive data will be redacted, but customer conversations may still be deemed sensitive. Evidence will be available in the Defender portal with each alert.
• Enable Data Security for AI Interactions (Preview) – Allow Microsoft Purview to access, process, and store prompts and responses, including metadata, for data security and compliance purposes. This covers sensitive info type classification, reporting in Data Security Posture Management (DSPM) for AI, Audit, Insider Risk Management, Communication Compliance, and eDiscovery. Note that this capability requires a paid Microsoft Purview subscription and is not included in the Defender for AI Services plan. Please refer to the technical documentation for details about this. Microsoft Purview DSPM for AI.

Pricing

Defender for AI services, pricing models operate on a basis related to token usage. In this system, costs are determined by the number of tokens processed, meaning that charges reflect the volume of tokens managed by the AI application during its operations. Below is the cost of Defender for AI services:

Microsoft Defender for AI Services

$0.002/1K tokens/month [USD)

Microsoft has introduced a Defender cost calculator to explore cost options for Defender for Cloud. To learn more, visit my previous blog.

These alerts can be effectively managed within Defender for Cloud using the Azure portal or directly through Defender XDR, fostering a streamlined and centralised approach to incident management. These functionalities enhance the security posture of AI applications, ensuring safer development and deployment practices.