Microsoft are launching a new European Security Program that adds to the company’s longstanding global Government Security Program.
The new program expands the geographic reach of Microsoft’s existing work and adds new elements that will become critical to Europe’s protection. It puts AI at the center as a tool to protect traditional cybersecurity needs and strengthens our protection of digital and AI infrastructure.
The European Security Program is launching with three new elements:
- Increasing AI-based threat intelligence sharing with European governments;
- Making additional investments to strengthen cybersecurity capacity and resilience; and
- Expanding our partnerships to disrupt cyberattacks and dismantle the networks cybercriminals use.
The program is available to European governments, free of charge, including all 27 European Union (EU) member states, as well as EU accession countries, members of the European Free Trade Association (EFTA), the UK, Monaco, and the Vatican.
Microsoft states that it continues to observe persistent threat activity targeting European networks from nation state actors, with Russian and Chinese activity being particularly prolific in Europe. Unsurprisingly, Russia continues to be especially focused on targets in Ukraine and European nations providing support to Ukraine.
Nation-state actors, including those engaging in malicious activity from Iran and North Korea, are predominantly pursuing espionage objectives in Europe through credential theft or the exploitation of vulnerabilities to gain access to corporate and government networks.
Several campaigns, including those from China, have also targeted academic institutions, compromising accounts to access sensitive research data or conduct geopolitical espionage against think tanks.
Cybercriminals continue to develop Ransomware-as-a-Service beyond nation-state threats. We have seen the emergence of illicit websites rapidly gaining followings by leaking ransomware insights to be used by criminal groups to conduct attacks across Europe.
The rise of AI is also augmenting and evolving threat actor behavior. Microsoft has observed AI use by threat actors for reconnaissance, vulnerability research, translation, LLM-refined operational command techniques, resource development, scripting techniques, detection evasion, social engineering, and brute force attacks.
This is why Microsoft now tracks any malicious use of new AI models thry release and proactively prevents known threat actors from using their AI products.
This also underscores the importance of secure development and rigorous testing of AI models, leveraging AI to benefit cyber defenders, and close public-private partnerships to share the latest insights about AI and cybersecurity.
Increasing AI-based threat intelligence sharing with governments
Microsoft’s Government Security Program (GSP) has long provided governments with confidential security information and resources to help them better understand their products and the evolving threat landscape, particularly threats from nation-state actors.
Building on existing efforts, our new European Security Program will increase the flow and expand access to actionable threat intelligence to European governments.
Tailored to discrete national threat environments using AI insights, and delivered, when possible, in real time, this program is designed to help governments stay ahead of advancing cyber threats through:
Leveraging threat intelligence insights
Microsoft tracks the most sophisticated nation-state cyber activity, offering timely insights into evolving global threats. They use AI to support their analysis, which has improved their visibility and accelerated their ability to share the latest intelligence on the tactics, techniques, and procedures used by advanced persistent threat actors, including the malicious use of AI.
By providing more information and faster, Microsoft will help European governments strengthen their cyber resilience and enable proactive defense.
Expanding cybercrime reporting
The Microsoft Digital Crimes Unit (DCU) plays a critical role in detecting and disrupting global cybercriminal infrastructure, generating invaluable real-time intelligence in the process.
As part of this new effort, they are expanding the availability of this intelligence to trusted European partners to support rapid response and coordinated enforcement action through the Cybercrime Threat Intelligence Program (CTIP).
Providing foreign influence operations updates
The Microsoft Threat Analysis Center (MTAC) continues to monitor influence operations in Europe, which are increasingly using AI to mislead and deceive with deepfake synthetic media.
MTAC also uses AI to look for commonalities across operations and will provide regular intelligence briefings on foreign influence, offering timely insights into the tactics, narratives, and digital platforms leveraged by state-affiliated actors.
These briefings help policymakers and security stakeholders stay ahead of evolving disinformation campaigns and hybrid threats targeting democratic institutions and public trust.
Identifying vulnerabilities and prioritizing security communications
Microsoft is committed to proactive and transparent security communications, particularly in the face of emerging threats and evolving vulnerabilities.
They provide customers with timely, actionable intelligence through structured programs such as the Threat Microsoft Security Update Guide, Vulnerability Reporting process, and Microsoft Defender Vulnerability Management.
As part of this expanded commitment, Microsoft will offer prioritized notice of security communications, including vulnerability remediation guidance to the European Security Program partners, helping to enhance situational awareness and enabling faster responses.
Participating governments will have a dedicated Microsoft point of contact to coordinate responses and escalate concerns. These efforts are designed to improve situational awareness and to support faster, more coordinated action across borders.
