Solutions  ·  2026-07-01

Microsoft Defender for Endpoint: Discovery of 25+ Local AI Agent Types + MCP Server Runtime Protection Against Prompt Injection

SolutionsHigh impactGlobal
As part of the June 30, 2026 Microsoft Security update, Microsoft Defender now auto-discovers over 25 types of local AI agents and MCP servers on endpoints. The capability adds runtime protection against prompt injection attacks targeting developer coding agents including GitHub Copilot CLI and Claude Code, extending endpoint protection policies to cover the local AI execution plane.
Local AI agents and MCP servers represent a largely unmonitored attack surface on developer workstations. Defender's ability to discover and protect these at runtime is the first mainstream EDR capability to cover this class of threat, directly countering the prompt-injection and tool-poisoning attack patterns disclosed in the same week.
Any enterprise with Defender for Endpoint deployed and developers using AI coding agents (GitHub Copilot, Claude Code, etc.); evaluate now and ensure agent discovery is enabled in Defender settings.
Sources
Microsoft Security Blog — What's new in Microsoft Security: June 2026The Hacker News — Microsoft Warns Poisoned MCP Tool Descriptions Can Make AI Agents Leak Data
See this in the live feed Explore related AI security and governance findings — updated every morning.
Open the feed →