At Microsoft, security innovations are purpose-built to help every organization protect end-to-end with the speed and scale of AI. Our vision is simple: security should be ambient and autonomous, just like the AI it protects. As organizations accelerate AI adoption, security teams are navigating new blind spots created by the broad distribution of agents, data, and identities across different tools and platforms. Microsoft Security’s latest updates extend visibility, control, and protection across your expanding ecosystem, from third-party apps like Claude to your cloud environments and multi-cloud infrastructure. Together, these updates help your team secure what matters most—agents, data, and identities—without slowing your own innovation. Here’s what’s new:

Microsoft Purview visibility now extends to Anthropic’s Claude

Security and compliance teams can now detect and investigate Claude usage alongside other cloud applications in their broader AI ecosystem. The new Claude Compliance API for Microsoft Purview delivers centralized visibility and oversight for Claude Enterprise activity enabling Microsoft Purview to provide insights on Claude interactions and audit log signals. This integration will provide visibility across Claude Enterprise, extending the Microsoft Purview experience and helping your teams protect sensitive data across your AI estate.  

New data security posture management experience in Microsoft Purview

The new Microsoft Purview Data Security Posture Management (DSPM) experience is now generally available. This solution unifies and streamlines DSPM across scenarios, from discovery to protection, all the way to remediation, allowing teams to investigate risks and take actions on the same workflow. The new experience delivers goal-oriented flows, deeper remediation, expanded reporting, and third-party visibility. Your teams can efficiently discover sensitive data, assess risk, and take action at scale.

Microsoft Purview Data Security Investigations extends investigative depth with custom examinations

Microsoft Purview Data Security Investigations now includes optical character recognition (OCR) and custom examination capabilities to extend investigative depth. OCR extracts text from images, bringing previously inaccessible visual content into scope for AI-powered deep content analysis. In addition to existing examination types that identify credentials, risk, and personally identifiable data, and help inform mitigation, investigators can define their own analysis with custom examination, enabling more tailored and flexible investigations based on their unique needs. 

Microsoft Entra ID Account recovery securely restores account access

Microsoft Entra ID Account recovery is an advanced authentication recovery mechanism that enables users to regain access to their organizational accounts when they’ve lost access to all registered authentication methods. Unlike traditional password reset capabilities, Account recovery focuses on identity verification and trust re-establishment prior to replacement of authentication methods rather than simple credential recovery.

Windows 365 for Agents delivers a secure AI agent execution environment

Windows 365 for Agents, now expanding in public preview, and Microsoft Agent 365 work together to provide a consistent, secure environment to run and govern agents. Agent 365 determines the work an agent is authorized to do, using shared organizational policies and identity to govern agent behavior and access. Windows 365 for Agents defines where an agent executes the work, providing Cloud PCs that enable agents to operate their own desktops and applications within a fully managed and auditable environment. Read our blog for more details.

Stay In the Loop

Microsoft Security continually ships meaningful innovations across our portfolio and research-driven insights and reports for the security community. In the Loop posts are your reliable source of what’s new across Microsoft Security and what it means for your security strategy. Check back for the next drop and connect with us at Microsoft Build, June 2-3, 2026, in San Francisco, to hear directly from Microsoft Security experts and learn more about today’s releases.

---

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity.

The post What’s new in Microsoft Security: May 2026 appeared first on Microsoft Security Blog.

At Microsoft, security innovations are purpose-built to help every organization protect end-to-end with the speed and scale of AI. Our vision is simple: security should be ambient and autonomous, just like the AI it protects. As organizations accelerate AI adoption, security teams are navigating new blind spots created by the broad distribution of agents, data, and identities across different tools and platforms. Microsoft Security’s latest updates extend visibility, control, and protection across your expanding ecosystem, from third-party apps like Claude to your cloud environments and multi-cloud infrastructure. Together, these updates help your team secure what matters most—agents, data, and identities—without slowing your own innovation. Here’s what’s new:

Microsoft Purview visibility now extends to Anthropic’s Claude

Security and compliance teams can now detect and investigate Claude usage alongside other cloud applications in their broader AI ecosystem. The new Claude Compliance API for Microsoft Purview delivers centralized visibility and oversight for Claude Enterprise activity enabling Microsoft Purview to provide insights on Claude interactions and audit log signals. This integration will provide visibility across Claude Enterprise, extending the Microsoft Purview experience and helping your teams protect sensitive data across your AI estate.  

New data security posture management experience in Microsoft Purview

The new Microsoft Purview Data Security Posture Management (DSPM) experience is now generally available. This solution unifies and streamlines DSPM across scenarios, from discovery to protection, all the way to remediation, allowing teams to investigate risks and take actions on the same workflow. The new experience delivers goal-oriented flows, deeper remediation, expanded reporting, and third-party visibility. Your teams can efficiently discover sensitive data, assess risk, and take action at scale.

Microsoft Purview Data Security Investigations extends investigative depth with custom examinations

Microsoft Purview Data Security Investigations now includes optical character recognition (OCR) and custom examination capabilities to extend investigative depth. OCR extracts text from images, bringing previously inaccessible visual content into scope for AI-powered deep content analysis. In addition to existing examination types that identify credentials, risk, and personally identifiable data, and help inform mitigation, investigators can define their own analysis with custom examination, enabling more tailored and flexible investigations based on their unique needs. 

Microsoft Entra ID Account recovery securely restores account access

Microsoft Entra ID Account recovery is an advanced authentication recovery mechanism that enables users to regain access to their organizational accounts when they’ve lost access to all registered authentication methods. Unlike traditional password reset capabilities, Account recovery focuses on identity verification and trust re-establishment prior to replacement of authentication methods rather than simple credential recovery.

Windows 365 for Agents delivers a secure AI agent execution environment

Windows 365 for Agents, now expanding in public preview, and Microsoft Agent 365 work together to provide a consistent, secure environment to run and govern agents. Agent 365 determines the work an agent is authorized to do, using shared organizational policies and identity to govern agent behavior and access. Windows 365 for Agents defines where an agent executes the work, providing Cloud PCs that enable agents to operate their own desktops and applications within a fully managed and auditable environment. Read our blog for more details.

Stay In the Loop

Microsoft Security continually ships meaningful innovations across our portfolio and research-driven insights and reports for the security community. In the Loop posts are your reliable source of what’s new across Microsoft Security and what it means for your security strategy. Check back for the next drop and connect with us at Microsoft Build, June 2-3, 2026, in San Francisco, to hear directly from Microsoft Security experts and learn more about today’s releases.

---

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity.

The post What’s new in Microsoft Security: May 2026 appeared first on Microsoft Security Blog.

Today’s enterprise executives are navigating a complex landscape of AI-driven challenges, but none is more urgent than the rapid escalation of AI-generated fraud.

Fraudsters are weaponizing generative AI to automate impersonation and mass-produce synthetic identities at a scale and pace that is rendering enterprises’ long-standing defenses obsolete. This is no longer a slow-moving game of cat and mouse; it is a high-velocity arms race.

To protect the integrity of their platforms, enterprise leaders — particularly in critical infrastructure sectors — must move beyond periodic risk assessments and begin leveraging a new generation of tools that enable defenses to iterate in days rather than months.

Generative AI as a fraud multiplier

While legitimate businesses use generative AI for efficiency, fraudsters exploit it to scale their attacks. We are witnessing a 100-fold increase in synthetic identities and a sevenfold rise in deepfake-driven impersonations over the past 24 months. Deloitte’s Center for Financial Services predicts AI-enabled fraud losses could reach $40 billion in the U.S. by 2027, up from $12.3 billion in 2023.

This is no longer just a back-office technical issue; it has become a top concern for leadership across banks, fintechs, and telcos. Three-quarters (72%) of business leaders anticipate AI-generated fraud, including deepfakes, will be a top operational challenge in 2026, according to an Experian report. Nearly half (46%) of businesses surveyed by Incode in 2025 reported an annual increase in deepfake and generative AI fraud.

Bad actors can now perpetrate fraud at scale by targeting multiple victims at the same time using the same or fewer resources. Consequently, the stakes have escalated rapidly. Enterprises must now find more effective ways to distinguish between reality and fiction before these attacks compromise trust, revenue, and operational continuity.

The new arms race

Fraud prevention has always been a constant game of leapfrog. Now, however, enterprises must adopt highly advanced defenses as they work to thwart fraudsters who have access to the same AI tools and no legal guardrails.

By some estimates, 80% of fraud is easily detectable, while the remaining 20% requires high-level expertise. That’s where most vendors’ performance fails. Sophisticated fraudsters are not only more capable of impersonating identities but are also increasingly networked, sharing intelligence on how to bypass specific company defenses.

Agility as the primary security metric

In this environment, the “7-Day Benchmark” is essential. A defense model must be able to identify a new attack vector, retrain its data sets, and deploy an updated mitigation model within 7 to 10 days. 

One reason so many organizations remain vulnerable to this new generation of attacks is that they rely on third-party vendors whose update cycles can take months to test and deploy. Modern defense requires an approach like Deepsight: a combination of machine learning, behavior checks, and device checks that identify camera injections and synthetic document fraud and verify that the user is a real person.

Defense checklist: 4 questions for every vendor

To narrow this “velocity gap,” executives need to take a closer look at how well equipped their providers are to address this new generation of threats.  Here are four pointed questions to explore:

1. “How accurate is your facial recognition capability? And what third-party certifications do you hold for mobile environments?” Executives should look for solutions that have been independently validated against the most rigorous international standards for biometric spoof testing—such as iBeta Level 3 compliance on both iOS and Android—that simulate well-resourced attackers using professional-grade, hyper-realistic masks.
   • While many providers struggle with consistency across various devices, a top-tier solution will achieve a 0% error rate. (In a 2024 National Institute for Standards and Technology (NIST) evaluation of 158 different developers, using galleries of mugshot, Visa, and Border images, Incode ranked #1 out of all full solution identity verification providers.) 
   • Also, assess the accuracy and performance of algorithms used in facial analysis across a range of use cases, including age estimation, ensuring the technology is unbiased and highly accurate across diverse user populations. (Once again, Incode scored top marks in NIST’s Face Analysis Technology Evaluation for achieving the lowest error and false-positive rates.)
2. “How do you measure and report your own error rates?” Demand a rigorous, audited approach that provides clear metrics on false positives and false negatives for every session.
3. “Do you own your technology or license it?” This determines the speed of iteration. Updates should happen internally in days, not over months-long development cycles dictated by a third party.
4. “How does your network share intelligence to flag repeat offenders?” Inquire whether the vendor can cross-share biometric, VPN, and network data across their entire client base to proactively block known fraudsters before they hit your system.

(For a more complete guide on selecting an identity verification vendor, we recommend getting a complimentary copy of the Gartner Magic Quadrant for Identity Verification.)

Secure your defenses against AI-enabled fraudsters

The era of treating identity verification as a static compliance checkbox is over. As the internet makes identity spoofing easier than ever before, the burden is on leadership to ensure their defenses can evolve at the speed of the adversary.

Audit your vendor ecosystem today: Demand proprietary technology that iterates in days, insist on top-tier independent certifications for mobile environments, and prioritize networks that share real-time intelligence. Organizations that treat trust as a core strategic capability will thrive; those that remain reactive will find themselves increasingly vulnerable in a world where reality is becoming ever more malleable.

Fernanda Sottil is Senior Director of Strategy at Incode Technologies, a leading identity verification company.

Learn more: Find out how Incode helps leading organizations eliminate fraud before it happens.

The post Weaponized AI: The new frontier of fraud and identity spoofing appeared first on CyberScoop.