added new alert

ElazarK · ElazarK · commit f8aa40d8c287 · 2026-03-25T17:01:01.000+02:00
diff --git a/articles/defender-for-cloud/ai-model-security.md b/articles/defender-for-cloud/ai-model-security.md
@@ -2,7 +2,7 @@
 title: Discover AI models
 description: Learn about AI model security in Microsoft Defender for Cloud.
 ms.topic: concept-article
-ms.date: 03/09/2026
+ms.date: 03/25/2026
 ms.author: elkrieger
 zone_pivot_groups: defender-portal-experience
 ---
diff --git a/articles/defender-for-cloud/alerts-ai-workloads.md b/articles/defender-for-cloud/alerts-ai-workloads.md
@@ -3,7 +3,7 @@ title: Alerts for AI services
 description: This article lists the security alerts for AI services visible in Microsoft Defender for Cloud.
 ms.topic: reference
 ms.custom: linux-related-content
-ms.date: 02/22/2026
+ms.date: 03/25/2026
 ai-usage: ai-assisted
 ms.author: elkrieger
 author: Elazark
@@ -321,6 +321,14 @@ Severity: High 
 
 **Severity:** Low 
 
+### Malicious content detected in uploaded AI model
+
+(Ai.AIModelScan_MalwareDetected)
+
+**Description:** A user-uploaded machine learning model was scanned and found to contain malware. The detection indicates the file may execute malicious code if loaded, posing a threat to account integrity, data confidentiality, and the compute environment.
+
+**Severity:** High
+
 ## Next steps
 
 - [Security alerts in Microsoft Defender for Cloud](alerts-overview.md)
diff --git a/articles/defender-for-cloud/release-notes-recommendations-alerts.md b/articles/defender-for-cloud/release-notes-recommendations-alerts.md
@@ -48,6 +48,7 @@ New and updated recommendations, alerts, and incidents are added to the table in
 
 | **Date announced**     | **Type**       | **State**            | **Name**                                                     |
 | ------------ | -------------- | -------------------- | ------------------------------------------------------------ |
+| April 01, 2026 | Alert | Preview | The following alert is now in Preview: <br> * Malicious content detected in uploaded AI model | 
 | March 04, 2026 | Recommendation | Upcoming deprecation | The following grouped container vulnerability recommendations are set for deprecation on April 13, 2026:<br/>**Container recommendations:**<br/>\* [Preview] Containers running in Azure should have vulnerability findings resolved<br/>\* [Preview] Containers running in AWS should have vulnerability findings resolved<br/>\* [Preview] Containers running in GCP should have vulnerability findings resolved<br/>**Container image recommendations:**<br/>\* [Preview] Container images in Azure registry should have vulnerability findings resolved<br/>\* [Preview] Container images in AWS registry should have vulnerability findings resolved<br/>\* [Preview] Container images in GCP registry should have vulnerability findings resolved<br/><br/>These grouped recommendations are being replaced by individual recommendations that provide more granular visibility, better prioritization, and improved governance. Learn more in [Deprecation of preview of container and container images vulnerability recommendations](release-notes.md#deprecation-of-preview-of-container-and-container-images-vulnerability-recommendations). |
 | February 24, 2026 | Recommendation | GA | The following data recommendations are GA: <br><br> - [Storage accounts should restrict network access using virtual network rules](recommendations-reference-data.md#storage-accounts-should-restrict-network-access-using-virtual-network-rules). <br><br> - [Storage account should use a private link connection](recommendations-reference-data.md#storage-account-should-use-a-private-link-connection). <br><br> - [Storage accounts should prevent shared key access](recommendations-reference-data.md#storage-accounts-should-prevent-shared-key-access). |
 | February 16 2026 | Recommendation | Upcoming deprecation <br> (March 19, 2026) | The preview recommendation `Machines should be configured securely (powered by MDVM)`, which applied to Window machines, is set for deprecation. The recommendation is set to be replaced by the following OS-specific recommendations, which include Linux support using Guest configuration: <br><br> - **Vulnerabilities in security configuration on your Linux machines should be remediated (powered by Guest Configuration)** <br><br> - **Vulnerabilities in security configuration on your Windows machines should be remediated (powered by Guest Configuration)**.<br><br> These replacement recommendations are already available in Defender for Cloud. <br><br> If you have any governance rules, reports, or workflows that reference the deprecated recommendation, update them to use the replacement recommendations. To ensure the new recommendations can assess your machines, verify that the required prerequisites are in place: <br><br> - **Azure machines** should have the [Azure Machine Configuration extension](/azure/virtual-machines/extensions/guest-configuration) installed. <br> - **Non-Azure machines** should be onboarded via [Azure Arc](/azure/azure-arc/servers/overview), which includes the Machine Configuration extension by default. |
