New York-based Cyware, which makes an agentic AI-powered threat intelligence management platform, has announced a strategic partnership with Microsoft Defender and Microsoft Sentinel, to help global enterprises and public sector organizations. The partnership, which is built on deep product integrations, delivers a uniquely integrated threat intelligence workflow across Cyware, Microsoft Sentinel and Microsoft Defender, giving customers a faster path from threat insights to action and letting them operationalize threat intelligence with greater speed, ease and confidence.
As a Microsoft partner, Cyware’s solutions are already available in the Microsoft Commercial Marketplace simplifying procurement for commercial and government buyers. The companies are now expanding on their partnership to deliver an end-to-end solution that modernizes security operations automating threat intelligence ingestion, enrichment, and actioning.
This is the first formal strategic partnership between Cyware and Microsoft.
“Cyware has worked with Microsoft as a Marketplace partner before, but this step deepens the relationship through direct product integrations and shared go-to-market efforts,” said Sachin Jade, Chief Product Officer at Cyware. It also builds on Cyware’s membership in the Microsoft Intelligent Security Association (MISA) and a prior integration with Microsoft Security Copilot.
The deep integration between Microsoft Sentinel and Cyware Intel Exchange enables bi-directional threat intelligence exchange, including support for STIX/TAXII-based threat intelligence sharing to validate indicators at scale for mutual customers. Today, many security teams struggle to operationalize threat intelligence at scale due to siloed data, inconsistent context and validation, and manual handoffs between tools. With this collaboration, Microsoft Sentinel can ingest actionable threat intelligence from Cyware, while Cyware can receive intelligence from Microsoft Sentinel to drive faster investigations and response with real-time context sharing and actioning.
“This partnership with Microsoft brings together Cyware’s strength in AI-powered threat intelligence operations and Microsoft’s security technology to help customers make smarter, faster decisions,” said Anuj Goel, CEO and Co-Founder, Cyware. “By meeting defenders directly in Microsoft Sentinel, and making Cyware deployable through Microsoft Commercial Marketplace we are reducing friction from purchase to value while giving security teams enriched, high-fidelity intelligence they can act on immediately.”
“We’re focused on empowering every defender with a more connected, intelligence-driven experience,” said Erez Einav, Corporate Vice President, Sentinel and Defender XDR at Microsoft. “This partnership with Cyware extends how threat intelligence is shared, validated, and automated across Microsoft Sentinel, helping customers streamline workflows, strengthen detection quality, and accelerate response.”
In addition to the Microsoft Sentinel integration, Cyware Intel Exchange also integrates with Microsoft Defender, enabling Defender Threat Intelligence feeds to flow into Cyware for enrichment and automated indicator searches against Microsoft Defender data, speeding triage and investigation.
This announcement also builds on Cyware’s recent inclusion in MISA and continued momentum with Microsoft Security Copilot, where Cyware participated as one of the inaugural Copilot launch partners. The collaboration strengthens ongoing integrations between Cyware Intel Exchange, Microsoft Sentinel, and Microsoft Defender and supports Azure-hosted deployment options for customers standardizing on Microsoft.
“The industry default entails one-way integrations,” said Sachin Jade, Chief Product Officer at Cyware. “Ingest threat intelligence, process it to varying degrees, disseminate downstream in the workflow to solutions like SIEMs, and then apply a security response to the threat. In this case, the integration enables threat intelligence to move both ways between Cyware and Microsoft Sentinel. Sentinel can pull in Cyware’s validated threat data, while Cyware can receive enriched insights back from Sentinel. This two-way flow keeps both systems in sync and allows analysts to investigate and act with real-time context instead of working across disconnected tools. Microsoft Sentinel can now both ingest threat data from Cyware and send enriched intelligence back using STIX/TAXII, which are open standards for exchanging threat intelligence. Using them ensures that data moves cleanly and consistently between tools.”
With Bi-Directional Integration, the workflow transforms completely. Microsoft Sentinel analytics detects activity like a phishing campaign and generates STIX-formatted threat intelligence. Intelligence flows immediately to Cyware Intel Exchange via TAXII with the click of a button. Automated enrichment validates the intelligence and adds additional indicators from related campaigns. Distribution rules publish the intelligence to relevant members in an organization’s ecosystem. Then, within minutes, intelligence is available for ingestion by member security tools, including Microsoft Sentinel, endpoint protection platforms, and email security gateways.
“Security teams have long struggled to operationalize threat intelligence effectively,” Jade noted. “Data often sits in silos, context is inconsistent and validation is manual. This partnership closes those gaps by automating how intelligence flows between Cyware and Microsoft Sentinel. Analysts can now act on verified, enriched data directly within their Microsoft environments without switching tools or managing spreadsheets.”
That’s because this new strategic partnership with Microsoft brings bi-directional threat intelligence sharing and automation to both platforms.
“The industry default entails one-way integrations,” Jade said. “Ingest threat intelligence, process it to varying degrees, disseminate downstream in the workflow to solutions like SIEMs, and then apply a security response to the threat. In this case, the integration enables threat intelligence to move both ways between Cyware and Microsoft Sentinel. Sentinel can pull in Cyware’s validated threat data, while Cyware can receive enriched insights back from Sentinel and send enriched intelligence back via STIX/TAXII, open standards for exchanging threat intelligence. Microsoft Sentinel analytics detects activity like a phishing campaign and generates STIX-formatted threat intelligence, while the intelligence flows immediately to Cyware Intel Exchange through TAXII with the click of a button.This two-way flow keeps both systems in sync and allows analysts to investigate and act with real-time context instead of working across disconnected tools.
“Automated enrichment validates the intelligence and adds additional indicators from related campaigns,” Jade continued. Distribution rules publish the intelligence to relevant members in an organization’s ecosystem. Within minutes, intelligence is available for ingestion by member security tools, including Microsoft Sentinel, endpoint protection platforms, and email security gateways.”
Many defenders still rely on manual processes to connect the dots across threat feeds and detection tools.
“This partnership removes these gaps and friction in the system or workflows,” Jade said. “Cyware and Microsoft Sentinel now share intelligence in both directions, verify it in real time, and trigger responses faster. Teams can see relevant validated threats as they emerge and act immediately, strengthening detection quality and speeding response when it matters most. It strengthens the Microsoft ecosystem by embedding Cyware’s intelligence automation within Sentinel and Defender, giving customers a unified, connected and more efficient security stack. This continuous exchange allows teams to correlate, investigate and respond from a single view, cutting out manual correlation and providing a closed-loop intelligence workflow that reduces dwell time and improves detection fidelity.”
This announcement also builds on Cyware’s recent inclusion in the Microsoft Intelligent Security Association (MISA) and continued momentum with Microsoft Security Copilot. Cyware’s inclusion in the Microsoft Intelligent Security Association (MISA) recognizes it as a trusted and validated Microsoft partner. The relationship deepens through this integration, which directly enhances Sentinel and Defender capabilities and adds a Go-to-Market component to make this a combined solution to public sector and enterprise customers.
Cyware also participated as one of the inaugural Microsoft Security Copilot launch partners, aligning with Microsoft’s vision of AI-assisted security. These milestones reflect Cyware’s long-term commitment to advancing automation and intelligence within the Microsoft ecosystem. For Microsoft, the integration strengthens Sentinel and Defender with richer automated threat intelligence and supports the MISA goal of a more connected security ecosystem. For Cyware, it expands reach and value for mutual customers by embedding its intelligence automation directly into Microsoft’s widely used platforms. Both companies benefit from helping enterprise and government security teams accelerate detection and response while reducing complexity.
“Our mission is simple: help security teams outpace threats through AI-powered unified threat intelligence management that drives instant action,” Goel stated. “Our partners play a pivotal role in extending this capability across industries and geographies.”