Microsoft · Filed Dec 26, 2024 · Published Jul 2, 2026 · verified — real USPTO data

Microsoft Patents a System That Automatically Assigns Security Fixes to the Right Employee

When a security alert fires inside a large company, someone still has to figure out who owns the affected system and is actually qualified to fix it. Microsoft wants to automate that entire routing step.

Microsoft Patent: AI Auto-Assigns Security Tasks to Staff — figure from US 2026/0187551 A1
FIG. 1A — rendered from the official USPTO publication PDF.
Publication number US 2026/0187551 A1
Applicant Microsoft Technology Licensing, LLC
Filing date Dec 26, 2024
Publication date Jul 2, 2026
Inventors Fady COPTY, Yoav YASSOUR, Roee OZ, Tamer SALMAN, Tomer TELLER
CPC classification 705/7.14
Grant likelihood Medium
Examiner WARNER, PHILIP N (Art Unit 3624)
Status Response to Non-Final Office Action Entered and Forwarded to Examiner (May 21, 2026)
Document 20 claims

How Microsoft's auto-assignment system picks the right person

Imagine your company's security software detects a problem on a server. Someone has to figure out: which team owns that server? Who on that team has the right skills? How do you get it on their to-do list? Right now, that detective work usually falls on a security analyst, and it eats time.

Microsoft's patent describes a system that does that routing automatically. It reads a map of your company's IT environment to understand which employees have access to which systems, then cross-references job roles stored in a directory to find the best-qualified person. It even reaches out to that person to confirm they can handle the task before creating a formal work ticket.

The key idea is that the system learns your company's ownership structure over time, rather than relying on someone to manually maintain an assignment chart. If responsibilities shift, the system picks that up from the underlying data.

How the security graph and ownership data structure work together

The patent describes a multi-step workflow that kicks in whenever a security action item is broken down into a sequence of tasks.

  • Security graph lookup: For each task, the system queries a "security graph" (a database that maps which employees, teams, and projects have access to which IT resources). This tells the system who is connected to the affected system.
  • Role description generation: Using that connection data, the system generates a "roll description" (a profile of the skills and organizational attributes someone needs to own the task). Think of it as an auto-written job requirement for a single fix.
  • Candidate selection: The system compares that profile against an "ownership data structure" (essentially a company directory enriched with job role descriptions) to find the best-matched individual.
  • Confirmation loop: Before assigning anything, the system contacts the candidate and asks them to confirm they can take ownership. Only after they say yes does it create a ticket in the ticketing system (think Jira or ServiceNow).

The patent emphasizes that the ownership directory is learned autonomously over time, meaning it updates itself from real organizational data rather than requiring manual curation.

What this means for enterprise security response times

In large enterprises, the gap between detecting a security problem and getting it assigned to the right person can take hours or days. Every hour a misconfiguration or vulnerability sits unowned is an hour it remains exploitable. A system that can close that gap automatically is a real operational improvement, not just a convenience.

This fits squarely into Microsoft's existing Security Copilot product direction, which aims to bring AI-assisted triage and response into enterprise security operations. If this capability ships, you would likely see it surface inside tools like Microsoft Sentinel or Defender shrinking the time between "alert fired" and "someone is actually working on it."

Editorial take

This is unglamorous but genuinely useful. The hardest part of enterprise security response has never been detecting problems; it's been routing them to the right human fast enough to matter. Microsoft is attacking a real, well-documented bottleneck, and the confirmation-before-assignment step shows they thought about the failure mode where the system picks the wrong person.

Which company should we read for you?

We track 17 companies here. Pro is the same weekly breakdown for any company you choose, delivered privately. Type a name and we'll scope it and send you a quote.

Get one Big Tech patent every Sunday

Plain English, intelligent commentary, no hype. Free.

Source. Full patent text and figures from the official USPTO publication PDF.

Editorial commentary on a publicly published patent application. Not legal advice.