BURSTMicrosoft has unveiled a groundbreaking AI-powered security feature that addresses one of cybersecurity’s most persistent vulnerabilities: plain text credentials stored in Active Directory (AD) free-text fields.
The new posture alert in Microsoft Defender for Identity leverages artificial intelligence to detect exposed credentials with unprecedented precision, helping organizations identify and remediate identity misconfigurations before they can be exploited.
The issue of storing credentials in plain text fields within identity systems like Active Directory and Microsoft Entra ID has reached alarming proportions.
Key Takeaways
1. Microsoft Defender uses AI to find plain-text credentials in Active Directory.
2. 40,000+ exposed credentials discovered across 2,500 tenants.
3. Now in public preview through the Defender portal.
Microsoft’s initial research revealed more than 40,000 exposed credentials across 2,500 tenants, highlighting the widespread nature of this security vulnerability.
These free text fields, while designed to store unstructured data for HR systems, email signature tools, or Privileged Access Management (PAM) solutions, often become repositories for sensitive information due to their flexible, ungoverned nature.
Layered AI Approach to Credential Detection
The new security feature employs a sophisticated layered intelligence approach to credential detection.
The system begins with a comprehensive scan of identity directories, flagging potential credential exposures, including base64-encoded secrets and strings matching known password structures.
A more advanced AI model then analyzes contextual factors such as the associated identity type, value stability, recent changes, and references in automation scripts or logs.
Non-human identities (NHI) face disproportionate risk from this vulnerability, as they substantially outnumber human counterparts and cannot utilize traditional authentication methods like multi-factor authentication (MFA).
Administrators often store service account credentials in description or info fields of AD objects to simplify troubleshooting, creating high-value targets for attackers.
The speed and scale of AI-powered enumeration tools have reduced exploitation timeframes from hours to seconds, making proactive detection critical.
Public Preview Availability
Microsoft Defender for Identity customers can now access this new posture recommendation through public preview.
The feature is available in the “Exposure Management” section of the Defender portal, where organizations can search for the specific recommendation to identify potential credential exposures.
This AI-embedded approach to posture management provides security teams with the same speed and scale previously available only to attackers, enabling proactive threat mitigation before attacks occur.
The technology represents a significant advancement in identity security, offering organizations a powerful tool to eliminate the cybersecurity equivalent of “leaving keys under the doormat.”
Safely detonate suspicious files to uncover threats, enrich your investigations, and cut incident response time. Start with an ANYRUN sandbox trial →
The post Microsoft Defender AI to Uncover Plain Text Credentials Within Active Directory appeared first on Cyber Security News.