Check Point and Microsoft Forge AI Security Pact for Copilot Studio

• Share

On November 18, 2025, during Microsoft Ignite 2025Seattle, Check Point Software Technologies and Microsoft unveiled a deep technical integration that could redefine how enterprises secure their AI workflows. The partnership embeds Check Point’s AI Guardrails, Data Loss Prevention (DLP), and Threat Prevention tools directly into Microsoft Copilot Studio—a move that turns the platform from a builder’s sandbox into a fortified production environment. For companies racing to deploy custom AI agents, this isn’t just an upgrade. It’s a necessity.

Why This Matters Now

Organizations are no longer asking whether to use generative AI—they’re asking how to use it without risking a data breach, regulatory fine, or reputational collapse. Last year, over 60% of enterprises reported at least one AI-related security incident, according to IBM’s 2025 Cybersecurity Report. Prompt injection attacks, where malicious actors manipulate AI behavior through cleverly crafted inputs, jumped 300% in the past 12 months. Meanwhile, data leakage via AI tools has become the silent killer: employees feeding customer lists, financial forecasts, or IP into chatbots that then spit out summaries—or worse, store them.

Check Point’s solution doesn’t wait for threats to materialize. It prevents them before they happen. Think of it like a seatbelt that auto-deploys the moment you start driving. The integration works in real time across every tool call, every API connection, and every user interaction inside Copilot Studio. No manual policies. No lag. Just silent, continuous protection.

The Four Pillars of Protection

The integration delivers four concrete capabilities, each targeting a known vulnerability:

• Runtime AI Guardrails: Blocks prompt injection attempts and stops AI agents from hallucinating or leaking sensitive data mid-conversation.
• Integrated DLP and Threat Prevention: Scans every output, every file upload, every external API call—whether it’s to Salesforce, SharePoint, or a custom database—for PII, PHI, or proprietary code.
• Enterprise-Grade Scale: Designed for Fortune 500 deployments, with low-latency enforcement that doesn’t slow down agent performance—even under heavy load.
• Seamless Productivity: No extra steps for developers. No training for end users. Security is baked in, invisible, and always on.

"We’re not adding another firewall," said David Blyth, VP Engineering for Copilot Studio at Microsoft. "We’re rewriting the rules of trust. With Check Point, we’re building AI agents that are secure by design, not by patchwork. That’s the difference between playing defense and playing to win."

Who’s Really Affected?

This isn’t just for IT teams. It’s for legal, compliance, HR, finance—any department building AI tools to automate tasks. A hospital using Copilot Studio to draft patient summaries? Now its system automatically redacts names and diagnoses. A bank creating an AI assistant for loan applications? It blocks attempts to extract customer credit scores. A manufacturing firm automating supply chain reports? It prevents the AI from pulling in proprietary schematics.

Check Point, headquartered in Tel Aviv, has spent the last two years building its AI security stack after noticing a pattern: companies were rushing to adopt AI tools, but security vendors were still using legacy models. Their approach—prevention-first, not detection-based—set them apart. Microsoft, for its part, has been quietly expanding Copilot Studio’s reach across Microsoft 365, Dynamics 365, and Power Platform. Without robust security, that expansion would’ve been a liability.

The Bigger Picture: Microsoft’s AI Ecosystem

This partnership is a cornerstone of Microsoft’s broader "Frontier Firm" initiative, announced at Ignite 2025. The goal? To help large enterprises transform operations using AI—not just for efficiency, but for competitive advantage. But as Microsoft pushes Copilot deeper into workflows, the stakes rise. Every AI agent becomes a potential data gateway. Every API call, a risk vector.

Microsoft’s documentation confirms administrators can now choose between Defender, custom tools, or third-party platforms like Check Point during agent runs. That flexibility is key. It’s not about locking customers into one vendor—it’s about giving them control. Check Point’s integration doesn’t replace Microsoft’s tools; it complements them. And that’s why this deal feels different from past partnerships.

What’s Next?

The integration is rolling out in phases. The real-time monitoring feature is currently in preview, expected to reach general availability by March 2026. Check Point says it’s already working with over 15 enterprise customers on pilot deployments, including a global pharmaceutical company and a Tier-1 financial institution. Both declined to be named, but confirmed the solution blocked multiple attempted data exfiltration events during testing.

What’s unclear? The financial terms. No dollar amount was disclosed. But analysts at Gartner estimate the enterprise AI security market will hit $22.3 billion by 2028. Check Point’s move into Copilot Studio could capture a significant slice.

Historical Context: AI Security’s Turning Point

Three years ago, AI security was an afterthought. Most tools relied on post-hoc monitoring. Then came the rise of LLM jailbreaking, hallucination exploits, and supply chain attacks targeting training data. In 2024, OpenAI’s internal red team found that 70% of custom AI agents built by enterprise developers had at least one critical vulnerability. Microsoft responded by launching its AI Security Framework in early 2025. Check Point’s integration is the first major third-party validation of that framework.

It’s also a signal. If Microsoft—a company with its own security division—chooses to partner with Check Point, it’s telling the market: the best AI defense isn’t built in-house. It’s built by specialists.

• Tags
• AI security
• Check Point Software Technologies
• Microsoft Copilot Studio
• enterprise cybersecurity
• prompt injection attacks