Krux
March 21, 2026
Microsoft Adds 700 AI Security Controls to Zero Trust
Published: March 21, 2026 at 12:38 AM
Updated: March 21, 2026 at 12:38 AM
100-word summary
Microsoft just folded AI security into its Zero Trust framework with 700 controls spanning the full lifecycle, from data ingestion to how your chatbot actually behaves. The new AI pillar treats models like employees: verify every action, grant minimum access, assume something will break. Security teams now get a concrete checklist instead of vague advice about "securing AI responsibly." The framework tracks who controls what across cloud models (if you're using SaaS, Microsoft owns more of the security than you think). Full AI-specific assessments arrive this summer, but the workshop is live now. Translation: your CISO finally has a way to audit AI risk without inventing the playbook from scratch.
What happened
Microsoft just folded AI security into its Zero Trust framework with 700 controls spanning the full lifecycle, from data ingestion to how your chatbot actually behaves. The new AI pillar treats models like employees: verify every action, grant minimum access, assume something will break. Security teams now get a concrete checklist instead of vague advice about "securing AI responsibly." The framework tracks who controls what across cloud models (if you're using SaaS, Microsoft owns more of the security than you think). Full AI-specific assessments arrive this summer, but the workshop is live now.
Why it matters
Translation: your CISO finally has a way to audit AI risk without inventing the playbook from scratch.