Google and Microsoft have been racing to add AI capabilities to their security products. The marketing promises are impressive. But what do these features actually mean for a small business?

Let me cut through the buzzwords.

What Microsoft Is Offering

Copilot for Security

Microsoft’s flagship AI security product uses GPT-4 to help security analysts investigate threats, understand alerts, and respond to incidents. It can:

• Summarise security incidents in plain English
• Suggest remediation steps
• Search across your security data using natural language
• Generate reports

The catch: it’s expensive ($4 USD per security compute unit, and investigations can use many units) and assumes you have dedicated security staff to use it. For most SMBs, this isn’t the right tool.

Defender for Business (with AI enhancements)

More relevant for small business. Microsoft has integrated AI into Defender for Business to:

• Automatically investigate alerts (reducing noise)
• Correlate events across devices
• Identify attack patterns
• Suggest response actions

If you’re already using Defender for Business (included in Microsoft 365 Business Premium), these enhancements come at no extra cost. That’s genuinely useful.

Entra ID Protection

Azure AD (now Entra ID) uses machine learning to:

• Detect risky sign-ins (unusual locations, impossible travel)
• Identify potentially compromised accounts
• Enforce conditional access based on risk

Some of this requires premium licensing, but basic risk detection is available in standard plans.

What Google Is Offering

Chronicle Security Operations (with AI)

Google’s enterprise security platform now includes AI assistants that can:

• Help investigate threats
• Generate queries from natural language
• Summarise incidents
• Suggest response actions

Like Microsoft’s Copilot for Security, this is enterprise-focused and priced accordingly.

Google Workspace Security (with AI enhancements)

For businesses using Google Workspace, Google has added:

• AI-powered phishing detection
• Automated classification of sensitive data
• Anomaly detection for file access and sharing
• Enhanced DLP with contextual understanding

These integrate into existing Workspace plans, though some features require Enterprise licensing.

VirusTotal Code Insight

Google’s VirusTotal now uses AI to analyse potentially malicious code, explaining what scripts and macros actually do. This is useful for security researchers and IT teams trying to understand suspicious files.

What This Actually Means for SMBs

The good news:

AI is making security tools smarter without requiring you to be smarter. Features like:

• Automatic alert investigation (less noise, more signal)
• Natural language search (easier to find what you need)
• Risk-based authentication (adaptive MFA based on context)
• Improved phishing detection (better at catching sophisticated attempts)

These improve security with minimal additional effort on your part. If you’re using Microsoft 365 Business Premium or Google Workspace Enterprise, you’re getting AI improvements automatically.

The limitations:

The most impressive AI security tools are aimed at enterprises with dedicated security teams. They assume you have:

• Security analysts to interact with the AI
• Budgets for premium licensing
• Data volumes that justify the investment
• Maturity to act on AI-generated insights

Most small businesses don’t have these things.

The hype to ignore:

Marketing claims that AI will “revolutionise” security or “detect all threats” are overblown. AI is a tool, not a silver bullet. It still:

• Generates false positives
• Misses some attacks
• Requires human judgement for complex decisions
• Can be fooled by adversaries who understand how it works

Be sceptical of vendors claiming AI solves everything.

Practical Recommendations

1. Use what you already have.

If you’re on Microsoft 365 Business Premium, you already have Defender for Business with AI enhancements. Make sure it’s actually enabled and configured.

If you’re on Google Workspace, explore the security dashboard and ensure AI-powered protections are active.

2. Enable risk-based conditional access.

Both Microsoft and Google offer ways to require additional verification when sign-ins look risky. This is AI working in your favour - adaptive security that doesn’t add friction for normal logins.

3. Don’t buy enterprise AI security tools (yet).

Unless you have dedicated security staff, tools like Copilot for Security and Chronicle won’t provide value proportionate to their cost. Stick with the AI enhancements built into your existing subscriptions.

4. Watch for new features in your current plans.

Both Microsoft and Google are actively adding AI capabilities. Features that are enterprise-only today often roll down to business plans later. Keep an eye on update announcements.

5. Don’t rely on AI alone.

AI security features are supplements to, not replacements for, fundamental controls. MFA, patching, backups, and user training still matter. AI makes them work better; it doesn’t make them optional.

The Competitive Landscape

Beyond Microsoft and Google, other security vendors are adding AI:

• CrowdStrike Charlotte AI: AI assistant for threat investigation
• Palo Alto Networks: AI-driven security operations
• Splunk AI: Automated investigation and response
• Fortinet FortiAI: AI-powered network security

The pattern is consistent: AI for automation, investigation assistance, and improved detection. The implementation varies, but the direction is clear.

Where This Is Heading

My prediction for the next few years:

More automation. AI will handle more routine security tasks - investigating alerts, correlating events, suggesting responses. Human analysts will focus on complex decisions.

Better detection. AI will get better at spotting sophisticated attacks that evade traditional signatures. But attackers will also use AI, so it’s an ongoing arms race.

Simplified interfaces. Natural language queries will make security tools more accessible to non-experts. You’ll be able to ask “show me suspicious logins this week” instead of writing complex queries.

Consolidation. Security vendors will merge AI capabilities into platforms rather than selling them as separate products. This benefits buyers - fewer tools, less complexity.

The Bottom Line

AI in security is real and useful. It’s not hype - it’s making tools genuinely better at detecting threats and reducing the burden on humans.

But for SMBs, the message is simple: use the AI features built into your existing platforms. Make sure they’re enabled. Don’t chase expensive enterprise tools that require dedicated staff to operate.

The most valuable AI security for small business is the kind that works automatically in the background - better phishing filters, smarter risk detection, automated alert investigation. That’s available today in tools you probably already pay for.

Enable it. Configure it. Let it work.