Merge pull request #2320 from ElazarK/WI538961-ai-model-security

Create ai-model-security.md

Author: v-dirichards

articles/defender-for-cloud/TOC.yml

@@ -482,6 +482,9 @@
             - name: Discover generative AI workloads
               displayName: AI, workloads, models, applications, apps, AI BOM
               href: identify-ai-workload-model.md
+            - name: Discover AI models
+              displayName: AI, models, generative, applications, apps
+              href: ai-model-security.md
             - name: Explore risks to pre-deployment generative AI artifacts
               displayName: AI, risks, generative, applications, apps
               href: explore-ai-risk.md

articles/defender-for-cloud/ai-model-security.md

@@ -0,0 +1,114 @@
+---
+title: Discover AI models
+description: Learn about AI model security in Microsoft Defender for Cloud.
+ms.topic: concept-article
+ms.date: 03/25/2026
+ms.author: elkrieger
+zone_pivot_groups: defender-portal-experience
+---
+
+# AI model security
+
+As organizations increasingly use artificial intelligence (AI) models to drive automation, insights, and intelligent decision-making, security teams need visibility and control to assess the safety and compliance of AI models entering their environments. These models often have broad access to data and infrastructure. Without these capabilities, it becomes increasingly difficult to enforce internal standards. 
+
+Microsoft Defender for Cloud's Defender for AI security supports AI model scanning. AI model scanning provides proactive detection of unsafe or malicious artifacts and continuously monitors models for risk throughout the AI lifecycle.
+
+AI model security automatically scans AI models for security risks such as embedded malware, unsafe operators, and exposed secrets before those models reach production. Integrated directly with Azure Machine Learning and CI/CD pipelines, the service surfaces real-time findings and actionable remediation guidance, so teams can stop risky models early in the development process.
+
+By using AI model security, security teams can scan custom AI models uploaded to Azure Machine Learning workspaces and registries to identify threats like embedded malware, unsafe operators, and exposed secrets. Defender for Cloud presents the results, giving teams visibility into security findings along with severity ratings, remediation guidance, and relevant model metadata to support effective triage and prioritization. Developers can also trigger model scans during build or release stages by using CLI tools integrated with Azure DevOps or GitHub pipelines, enabling static scanning and early risk detection before models reach production.
+
+## Prerequisites
+
+- You must have an Azure subscription that contains AI models registered in [Azure Machine Learning](/azure/machine-learning/quickstart-create-resources) (Azure Machine Learning) registries or workspaces.
+
+> [!NOTE]
+> Workspaces and registries that use a private link aren't supported.
+
+- [Enable the Defender for Cloud Security Posture Management plan](tutorial-enable-cspm-plan.md).
+
+- You must [enable threat protection for AI services](ai-onboarding.md) and the [AI model security](ai-onboarding.md#enable-ai-model-security) component of the plan.
+
+- Required permissions: To enable the plan, you need **Owner** or **Contributor** level permissions on the Azure Machine Learning resources.
+
+- Supported model file formats: `Pickle (.pkl)`, `HDF5 (.h5)`, `TorchScript (.pt)`, `ONNX (.onnx)`, `SafeTensors (.safetensors)`, `TensorFlow SavedModel / TFLite (FlatBuffers)`, `NumPy (.npy)`, `Arrow, MsgPack, dill, joblib`, `PMML, JSON, POJO, MOJO, GGUF`.
+
+- File size limit: 10 GB. Model files larger than 10 GB can't be scanned.
+
+- The scan occurs once a week.
+
+::: zone pivot="azure-portal"
+
+## Locate all AI models in your environment
+
+1. Sign in to the [Azure portal](https://portal.azure.com/).
+
+1. Search for and select **Microsoft Defender for Cloud**.
+
+1. Select **Cloud Security Explorer**.
+
+1. Select **AI & Mls** > **AI models**.
+
+    :::image type="content" source="media/models/ai-models.png" alt-text="Screenshot that shows where to select AI models from the drop-down list in the Cloud Security Explorer." lightbox="media/models/ai-models.png":::
+
+1. Select **Done**.
+
+1. Select **+**.
+
+1. Select **Metadata** > **AI Model Metadata**.
+
+    :::image type="content" source="media/models/ai-models-metadata.png" alt-text="Screenshot that shows how to select the 'AI Models Metadata' option." lightbox="media/models/ai-models-metadata.png":::
+
+1. Select **Search**.
+
+The Cloud Security Explorer displays all AI models in your environment. You can select **view details** to see more information about each selected model.
+
+## Locate AI models with security findings
+
+Use the Cloud Security Explorer to find AI models that have active security findings.
+
+1. Follow steps 1-7 from the [Locate all AI models in your environment](#locate-all-ai-models-in-your-environment) section.
+
+1. Select **+**.
+
+1. Select **Recommendations** > **All recommendations**.
+
+    :::image type="content" source="media/models/all-recommendations.png" alt-text="Screenshot that shows how to select the 'All recommendations' option." lightbox="media/models/all-recommendations.png":::
+
+1. Select **Search**.
+
+The Cloud Security Explorer displays all AI models in your environment that have active security findings. Select **view details** to see more information about each model and the associated findings.
+
+::: zone-end
+
+::: zone pivot="defender-portal"
+
+## Locate all AI models in your environment
+
+The Defender portal **Assets** page provides a comprehensive view of all AI models in your environment.
+
+1. Sign in to the [Microsoft Defender portal](https://security.microsoft.com/).
+
+1. Go to **Assets** > **Cloud** > **AI** > **AI models**.
+
+    :::image type="content" source="media/models/defender-ai-models.png" alt-text="Screenshot that shows how to navigate to the Defender portals asset page with all of the AI models presented." lightbox="media/models/defender-ai-models.png":::
+
+1. Select an AI model with recommendations.
+
+    :::image type="content" source="media/models/ai-models-recommendation.png" alt-text="Screenshot that shows AI models that have at least one recommendation affecting them.":::
+
+1. Select **Open asset page**.
+
+    :::image type="content" source="media/models/asset-page.png" alt-text="Screenshot that shows where the 'Open asset page' button is located." lightbox="media/models/asset-page.png":::
+
+1. Select **Security recommendations** > the relevant recommendation.
+ 
+1. Review and remediate the security finding as needed.
+ 
+You can also manage the recommendation in the Azure portal. 
+
+::: zone-end
+
+## Next step
+
+> [!div class="nextstep"]
+> [Build queries with cloud security explorer](how-to-manage-cloud-security-explorer.md).

articles/defender-for-cloud/ai-onboarding.md

@@ -2,7 +2,7 @@
 title: Enable threat protection for AI services
 description: Learn how to enable threat protection for AI services on your Azure subscription for Microsoft Defender for Cloud.
 ms.topic: install-set-up-deploy
-ms.date: 05/20/2025
+ms.date: 04/01/2026
 ms.author: elkrieger
 author: Elazark
 ---
@@ -19,6 +19,8 @@ Threat protection for AI services in Microsoft Defender for Cloud protects Micro
 
 - [Enable Defender for Cloud](get-started.md#enable-defender-for-cloud-on-your-azure-subscription) on your Azure subscription.
 
+- Required permissions: To enable the plan, you need **Owner** or **Contributor** level.
+
 ## Enable threat protection for AI services
 
 1. Sign in to the [Azure portal](https://portal.azure.com).
@@ -33,7 +35,17 @@ Threat protection for AI services in Microsoft Defender for Cloud protects Micro
 
     :::image type="content" source="media/ai-onboarding/enable-ai-workloads-plan.png" alt-text="Screenshot that shows you how to toggle threat protection for AI services to on." lightbox="media/ai-onboarding/enable-ai-workloads-plan.png":::
 
-## Enable user prompt evidence
+## Enable the components of the plan
+
+With the AI services threat protection plan enabled, you can control whether the different components of teh plan are enabled. This includes:
+
+- **[Suspicious prompt evidence](#enable-suspicious-prompt-evidence)**: receive alerts for suspicious portions of user prompts and model responses to help analyze AI-related security alerts, with sensitive data automatically redacted. These prompt snippets appear in the Defender portal as part of each alert’s evidence.
+
+- **[Data security for AI interactions](#enable-data-security-for-microsoft-foundry-with-microsoft-purview)**: allows Microsoft Purview to access and analyze prompts, responses, and related metadata to provide data security and compliance capabilities such as SIT classification, auditing, insider risk, communication compliance, and eDiscovery. It is a paid Purview feature and is not included in the Defender for AI Services plan.
+
+- **[AI model security](#enable-ai-model-security)**: AI model scanning gives you a clear, unified view of all your models registered in Azure Machine Learning Registries. It helps teams stay ahead of security risks by automatically checking for issues like serialization vulnerabilities, malware, and missing scans. By surfacing misconfigurations and integrating seamlessly with Defender for Cloud and developer workflows, it ensures your AI models are continuously protected and ready for production.
+
+### Enable suspicious prompt evidence
 
 With the AI services threat protection plan enabled, you can control whether alerts include suspicious segments directly from your user's prompts, or the model responses from your AI applications or agents. Enabling user prompt evidence helps you triage, classify alerts and your user's intentions.
 
@@ -59,7 +71,7 @@ If User prompt evidence is disabled, Microsoft Defender for Cloud continues anal
 
 1. Select **Continue**.
 
-## **Enable Data Security for Microsoft Foundry with Microsoft Purview**
+### Enable Data Security for Microsoft Foundry with Microsoft Purview
 
 > [!NOTE]
 > This feature requires a Microsoft Purview license, which isn't included with Microsoft Defender for Cloud's Defender for AI Services plan.
@@ -89,6 +101,7 @@ This capability helps your organization manage and monitor AI-generated data i
 
 > [!NOTE]
 > Data Security Policies for Microsoft Foundry interactions are supported only for API calls that use Microsoft Entra ID authentication with a user-context token, or for API calls that explicitly include user context. To learn more, see [Gain end-user context for Azure AI API calls](gain-end-user-context-ai.md). For all other authentication scenarios, user interactions captured in Purview show up only in Purview Audit and DSPM for AI Activity Explorer. 
+
 1. Sign in to the [Azure portal](https://portal.azure.com/).
 
 1. Search for and select **Microsoft Defender for Cloud**.
@@ -105,7 +118,7 @@ This capability helps your organization manage and monitor AI-generated data i
 
 1. Select **Continue**.
 
-### **Troubleshooting**
+#### **Troubleshooting**
 If you don't see user interactions for Entra ID authenticated users in Microsoft Purview Activity Explorer after turning on the toggle, follow these steps to troubleshoot:
 
 Run the following commands in Azure PowerShell
@@ -127,7 +140,31 @@ Run the following commands in Azure PowerShell
     ```PowerShell
     New-AzADServicePrincipal -ApplicationId "9ec59623-ce40-4dc8-a635-ed0275b5d58a"
     ```  
-   
+
+### Enable AI model security
+
+AI model security in Defender for Cloud, provides organizations proactive protection for Machine Learning (ML) models. The service scans models for security risks, such as embedded malware, unsafe operators, and exposed secrets, before models reach production.
+
+By integrating directly with Azure Machine Learning workspaces, registries, and continuous integration and continuous delivery (CI/CD) pipelines, Ai model security provides security teams visibility into the safety and compliance status of AI models that exist in their environments.
+
+1. Sign in to the [Azure portal](https://portal.azure.com/).
+
+1. Search for and select **Microsoft Defender for Cloud**.
+
+1. In the Defender for Cloud menu, select **Environment settings**.
+
+1. Select the relevant Azure subscription.
+
+1. Locate AI services and select **Settings**.
+
+1. Toggle AI model security to **On**.
+
+    :::image type="content" source="media/ai-onboarding/model-security.png" alt-text="Screenshot that shows where the toggle for AI model security is located." lightbox="media/ai-onboarding/model-security.png":::
+
+1. Select **Continue**.
+
+Learn more about [AI model security](ai-model-security.md).
+
 ## Related content
 
 - [Add user and application context to AI alerts](gain-end-user-context-ai.md)

articles/defender-for-cloud/alerts-ai-workloads.md

@@ -3,7 +3,7 @@ title: Alerts for AI services
 description: This article lists the security alerts for AI services visible in Microsoft Defender for Cloud.
 ms.topic: reference
 ms.custom: linux-related-content
-ms.date: 02/22/2026
+ms.date: 03/25/2026
 ai-usage: ai-assisted
 ms.author: elkrieger
 author: Elazark
@@ -321,6 +321,14 @@ Severity: High 
 
 **Severity:** Low 
 
+### Malicious content detected in uploaded AI model
+
+(Ai.AIModelScan_MalwareDetected)
+
+**Description:** A user-uploaded machine learning model was scanned and found to contain malware. The detection indicates the file may execute malicious code if loaded, posing a threat to account integrity, data confidentiality, and the compute environment.
+
+**Severity:** High
+
 ## Next steps
 
 - [Security alerts in Microsoft Defender for Cloud](alerts-overview.md)

articles/defender-for-cloud/defender-cli-syntax.md

@@ -4,7 +4,7 @@ description: Discover how to scan container images for security risks using Micr
 #customer intent: As a DevOps engineer, I want to scan container images for vulnerabilities so that I can ensure the security of my deployments.
 author: Elazark
 ms.author: elkrieger
-ms.date: 11/06/2025
+ms.date: 02/12/2026
 ms.topic: concept-article
 ---
 
@@ -84,4 +84,49 @@ defender scan sbom my-image:latest
 
 ```bash
 defender scan sbom /home/src --sbom-format cyclonedx1.6-xml
+```
+
+## AI Model Scan
+
+Use the `defender scan model` command to scan AI models for security risks including malware, unsafe operators, and exposed secrets. This command supports models stored locally or in cloud registries such as Hugging Face, and common formats including Pickle (`.pkl`), ONNX (`.onnx`), TorchScript (`.pt`), TensorFlow, and SafeTensors.
+
+### Usage
+
+```bash
+defender scan model <target> [--modelscanner-Output <path>]
+```
+
+### Options
+
+| Name                         | Required | Type   | Description                                                  |
+| ---------------------------- | -------- | ------ | ------------------------------------------------------------ |
+| \<target\>                   | Yes      | String | The path to a local model file or directory, or a Hugging Face model URL (for example, `./models/my-model.pkl`, `https://huggingface.co/org/model`). |
+| \-\-modelscanner-Output      | No       | String | Output path for SARIF scan results.                          |
+
+### Supported model formats
+
+- Pickle (`.pkl`)
+- ONNX (`.onnx`)
+- TorchScript (`.pt`)
+- TensorFlow (`.tf`, `.pb`)
+- SafeTensors (`.safetensors`)
+
+### Examples
+
+#### Scan a local model
+
+```bash
+defender scan model ./models/my-model.pkl
+```
+
+#### Scan a Hugging Face model
+
+```bash
+defender scan model "https://huggingface.co/org/model-name"
+```
+
+#### Scan and export SARIF results
+
+```bash
+defender scan model ./models/my-model.onnx --modelscanner-Output results.sarif
 ```