Query Details
Copilot Defender Threat Protection
Query
# Copilot - Microsoft Defender - AI agent threats   ## Query Information ### MITRE ATT&CK Technique(s) | Technique ID | Title | Link | | ------------ | ------------------------------------ | -------------------------------------------------------------------------------------------- | | AML.T0051 | Prompt Injection | [https://atlas.mitre.org/techniques/AML.T0051](https://atlas.mitre.org/techniques/AML.T0051) | | AML.T0015 | Data Extraction / Model Data Leakage | [https://atlas.mitre.org/techniques/AML.T0015](https://atlas.mitre.org/techniques/AML.T0015) | | AML.T0054 | Tool Manipulation | [https://atlas.mitre.org/techniques/AML.T0054](https://atlas.mitre.org/techniques/AML.T0054) | | AML.T0007 | AI System Reconnaissance | [https://atlas.mitre.org/techniques/AML.T0007](https://atlas.mitre.org/techniques/AML.T0007) | ### Description This query retrieves Microsoft Defender for AI agent protection events related to blocked or suspicious AI agent activity, including detections such as secret leakage, suspicious knowledge access, unsafe tool invocation, prompt injection attempts, and other runtime protection actions triggered during AI agent execution. #### References - [Detect, block, and investigate threats to AI agents using Microsoft Defender (Preview)](https://learn.microsoft.com/en-us/defender-xdr/security-for-ai/ai-agent-detection-protection) - [Real-time protection during agent runtime](https://derkvanderwoude.medium.com/real-time-protection-for-ai-agents-a335274b640c) ### Author - **Alex Verboon** ## Defender XDR ```kql CopilotActivity | extend Parsed = parse_json(LLMEventData) | mv-expand Resource = Parsed.AccessedResources | extend Action = tostring(Resource.Action) | extend Id = tostring(Resource.id) | extend Name = tostring(Resource.Name) | extend Type = tostring(Resource.Type) | where Name == "Block" | extend DetectionName = extract(@"blocked by ['""]([^'""]+)['""] detection", 1, Action) | project TimeGenerated, DetectionName, Action, Id, Name, Type, SrcIpAddr, Workload, AppHost, AppIdentity, LLMEventData | sort by TimeGenerated ```
Explanation
This KQL query is designed to analyze events from Microsoft Defender related to AI agent activities. It focuses on identifying and retrieving information about blocked or suspicious actions performed by AI agents. Here's a simple breakdown of what the query does:
-
Data Source: It starts by looking at the
CopilotActivitydata, which contains logs of AI agent activities. -
Parsing: The query extracts and parses JSON data from a field called
LLMEventDatato get detailed information about the resources accessed by the AI agents. -
Expanding Data: It expands the list of accessed resources to analyze each one individually.
-
Extracting Details: For each resource, it extracts specific details such as the action taken, resource ID, name, and type.
-
Filtering: The query filters the results to only include events where the action name is "Block", indicating that the activity was blocked.
-
Detection Name: It extracts the name of the detection that caused the block from the action details.
-
Projection: The query selects and displays relevant fields such as the time the event was generated, detection name, action, resource ID, name, type, source IP address, workload, application host, application identity, and the original event data.
-
Sorting: Finally, it sorts the results by the time the event was generated to provide a chronological view of the blocked activities.
Overall, this query helps security analysts monitor and investigate potential threats to AI agents by identifying and detailing blocked or suspicious activities.
Details
Alex Verboon
Released: May 15, 2026
Tables
Keywords
Operators