Cybersecurity Policy and Diplomacy
We are focused on strengthening international cybersecurity norms and global policy to create a more secure world for Microsoft, our customers, and governments worldwide.
What we do
The Microsoft Cybersecurity Policy and Diplomacy team works closely with governments, international organizations, civil society, and industry partners to advance policies and initiatives that enhance security, foster economic resilience, and build trust in our digital world.
Supporting norms and cybersecurity policy
Microsoft convenes policymakers, industry partners, and civil society to strengthen international cybersecurity norms and governance. We work to advance innovative policy solutions while promoting responsible behavior in cyberspace through collaborative diplomacy and multistakeholder engagement.
Cybersecurity Tech Accord
As a founding signatory of the Cybersecurity Tech Accord, Microsoft continues to champion industry-wide collaboration to raise the global security baseline. Since its inception, the 160-plus signatories have worked together to deliver on the collective commitment to oppose attacks on innocent civilians, protect users and customers, and empower them to implement cybersecurity measures, as well as invest in cybersecurity capacity building.
Roundtable for AI, Security, and Ethics
Microsoft has partnered with the UN’s Institute for Disarmament Research (UNIDIR) to launch the Roundtable for AI, Security and Ethics (RAISE). The initiative aims to align international law and norms with responsible AI use in national security, offering recommendations for governments, international bodies, and corporations on ethical development, risk mitigation, and collaborative research to support global AI governance.
CyberPeace Institute
Microsoft is a founding donor of the CyberPeace Institute (CPI), an independent NGO established in 2019 to protect vulnerable communities and strengthen digital resilience. CPI provides cybersecurity assistance, exposes the human impact of cyberattacks and disinformation, and holds malicious actors accountable. It also advocates against the misuse of AI while promoting its responsible development and use.
Digital Front Lines
This 2023 report, with 2024 and 2025 updates, produced in partnership with Foreign Policy Magazine, captures a comprehensive look at how cyber operations have been utilized in armed conflict, what the response has been from across stakeholder groups, and how to limit the harms caused by cyberattacks in warfare and AI in the future.
Coalition to Reduce Cyber Risk
The Coalition to Reduce Cyber Risk (CRx2) is a multi-sector, multinational coalition, partnering with governments around the world to increase adoption of risk-based approaches to cybersecurity. Our principles for cybersecurity risk management are grounded in industry experience and a successful track record and include clarity and consistency, risk-based, outcome-focused, and agility.
Frontier Model Forum
The Frontier Model Forum (FMF) is an industry-supported nonprofit dedicated to advancing frontier AI safety and security. It focuses primarily on managing significant risks to public safety and security, including from chemical, biological, radiological, and nuclear (CBRN) threats, and advanced cyber threats. Leveraging its member firms' technical and operational expertise, the FMF ensures advanced AI systems remain safe, secure, and ready to meet society’s most pressing needs.
Advancing cybersecurity governance
Through partnerships, Microsoft helps governments, civil society, and industry improve collective cybersecurity outcomes.
Public-private collaboration on AI cybersecurity incident response
In partnership with DHS CISA’s JCDC.AI, Microsoft organized the first-ever AI security tabletop exercise (TTX) in June 2024, bringing together over 50 attendees, including industry, US, and international government participants. The aim of this TTX was to facilitate collaboration between the US federal government, private industry, international government counterparts, and the AI community to raise awareness of AI cybersecurity risks across critical infrastructure and strengthen the security and resilience of AI technologies.
Shape and influence DHS AI Framework for critical infrastructure
Microsoft served on the Artificial Intelligence Safety and Security Board (AISSB) working group, the working-level body of DHS’s Artificial Intelligence Safety and Security Board. As part of it, we shaped the Roles and Responsibilities Framework for Artificial Intelligence in Critical Infrastructure, which outlines recommendations for key players across the AI supply chain, including cloud providers, AI developers, infrastructure operators, civil society, and public sector advocates.
Examples of our cybersecurity governance work
ARC Initiative
Bolstering regional cybersecurity preparedness, resilience, and coordination in partnership with Kenya’s National Computer and Cybercrime Coordination Committee.
Cyber Readiness Institute (CRI)
Sponsoring the Resiliency for Water Utilities pilot program to assist US water utilities in improving their security.
WB3C
Expanding cybersecurity support through the Western Balkans Cyber Capacity Centre (WB3C), strengthening regional defenses amid persistent cyber threats and geopolitical tensions.
Shaping global policy for a secure future
Microsoft’s Secure Future Initiative (SFI) is designed to embed security at every level of our operations. Complementing this, our cybersecurity policy and diplomacy efforts extend SFI’s impact by engaging global stakeholders to make security a shared priority. This paper explores three core areas of focus for this work.
Aligning global cybersecurity regulations
The growing divergence in cybersecurity regulations creates complexity, delays incident response, and weakens collective defense. Microsoft is working with global industry leaders and policymakers to promote greater regulatory alignment—streamlining compliance and ensuring cybersecurity resources are used where they’re needed most to protect people, critical systems, and shared digital infrastructure.
AI and security
Microsoft’s work on AI at the intersection of cybersecurity and national security is grounded in our Responsible AI principles and our Secure Future Initiative.
To complement our AI safety efforts, Microsoft differentiates between three dimensions of AI security:
Countering the malicious use of AI by threat actors
Advancing the use of AI by defenders
Ensuring the security of AI
In support of these ambitions we:
-
Microsoft has published research on how threat actors are using AI products and services, and together with OpenAI, implemented a dedicated AI Threat Actor policy.
-
Microsoft is a founding member of the Coalition for Secure AI (CoSAI) to share best practices for secure AI deployment and collaborate on AI security research and product development.
-
Microsoft actively supports multistakeholder partnerships, including hosting the first US government AI security tabletop exercise and contributing to the AI Cybersecurity playbook developed by the United States Cybersecurity and Infrastructure Security Agency (CISA), as well as France’s Agence nationale de la sécurité des systèmes d'information (ANSSI) tabletop exercise, that took place at the 2025 Paris AI Summit.
-
The Artificial Intelligence and Cybersecurity: Balancing Risks and Rewards whitepaper, in collaboration with the University of Oxford’s Global Cyber Security Capacity Centre, was published to steer global leaders’ strategies and decision-making on cyber risks and opportunities regarding AI adoption as part of the AI Governance Alliance’s AI Transformation of Industries Initiative.
-
The 2025 report, Forging Global Cooperation on AI Risks: Cyber Policy as a Governance Blueprint, delves into how existing cybersecurity frameworks can be leveraged to govern AI risks effectively. It highlights the dual role of AI in both accelerating cyber threats and enhancing our defensive measures.
Advancing responsible behavior in cyberspace
Promoting responsible state behavior in cyberspace is essential to global stability and digital trust. This includes engaging in international discourse on cyber conflict, participating in coalitions to drive agreement on key aspects of foreign policy in cyberspace, and advocating for stronger protections for critical infrastructure and vulnerable communities. These efforts help define global norms that reduce risk, increase accountability, and adapt international law to the realities of hybrid warfare, cyber mercenaries, and the evolving intersection of AI and security.
Digital Emblem
In partnership with the International Committee of the Red Cross (ICRC), Microsoft has worked on a new resolution to protect civilians and essential infrastructure from the potential risks posed by ICT activities during armed conflict. This effort builds on engagement around the adoption of a digital emblem, where Microsoft is spearheading standardization efforts that would ensure cross-industry implementation of the ICRC proposal. The emblem would serve as a cyberspace analog to the traditional red cross, red crescent, and red crystal emblems.
Latest news and stories
Stay informed on the latest developments—from threat intelligence briefings to global policy updates.
Explore more
Learn more about Microsoft’s cybersecurity initiatives.
Customer Security and Trust (CST)
Protecting people, defending global institutions, and advancing digital trust.
Microsoft Threat Analysis Center (MTAC)
MTAC offers real-time insights into nation-state activities, disinformation efforts, and geopolitical cyberthreats to protect governments from digital dangers.
Microsoft Digital Crimes Unit (DCU)
The DCU is a global team that has worked to disrupt and deter cybercrime since 2008.
Follow Microsoft
