Microsoft Security Days 2026
I spent the last two days at Microsoft R&D Security Days 2026 in Paris. It was a very tight event, with only around ten people from Greece allowed in, and I was lucky to be one of them. The AI and identity parts were strong, but not surprising: more of the good work Microsoft has already been doing. What stood out was the work around agentic security: virtual security teams where agents play blue, red, and purple roles, continuously testing an environment to find what attackers would find first. The simulation side was genuinely thoughtful and will clearly challenge some of the existing solutions in the market.
Still, while watching the demos, I kept coming back to the same thought: we are still treating symptoms. We are doing vulnerability discovery, exploitation, detection, and response faster, more automatically, and with better tools. That is useful, but it is not the cure. We keep fighting the same battle, only with more compute and automation, while the industry keeps bleeding money. Maybe the more interesting agent is not the one that attacks your environment, but the one that understands it.
That agent would read your infrastructure documentation, SBOM, AIBOM, IaC, security schemas, and asset state, and create them where they do not exist. It would compare what you say you have with what changed today, then tell you what is now exposed. No attack required. Cheaper to run, faster to react, and probably better when combined with automatic shielding. Simulation agents are flashy and valuable, but state-aware agents may be the boring answer that works better. Overall, Microsoft R&D Security Days 2026 was an excellent conference with highly experienced participants and a clear signal of where security automation is heading.
