Microsoft Patents an Ontology-Driven Knowledge Graph Builder for AI Security Queries

By Patentlyze Team · Updated May 29, 2026

Microsoft is filing patents on the plumbing behind its AI security tools — specifically, a system that reads messy, unstructured threat data and automatically organizes it into a structured knowledge graph that an AI can actually reason over.

What Microsoft's knowledge graph patent actually does

Imagine you're a security analyst and your job is to connect the dots between a phishing email, a known hacker group, and a software vulnerability — all scattered across hundreds of PDFs, blog posts, and incident reports. That's a nightmare manually. Microsoft's patent describes a system that does this automatically.

The system reads that unstructured pile of text and uses specialized AI agents to pull out the right kinds of entities — like threat actors, vulnerabilities, and assets — based on a pre-defined rulebook called an ontology (basically a domain-specific dictionary that says "these are the things that matter and here's how they relate"). Each type of entity gets its own dedicated extraction agent.

Once the entities are identified, the system maps the relationships between them and builds a knowledge graph — a web of nodes and connections. That graph is then used to sharpen the questions your AI assistant asks and the answers it gives, a technique known as retrieval-augmented generation (RAG). The end result: an AI that gives you context-aware answers instead of generic ones.

How the extraction agents build the graph from raw text

The patent describes a RAG (retrieval-augmented generation) pipeline — a technique where you supplement a large language model's responses by first fetching relevant structured context, rather than relying purely on what the model memorized during training.

The novel piece here is how that context is assembled. Rather than doing a simple keyword search, the system builds a knowledge graph whose schema is defined by a domain-specific ontology — a formal specification of what entities exist in a domain (e.g., in cybersecurity: threat actors, CVEs, affected systems) and what kinds of relationships are valid between them (e.g., "exploits," "targets," "mitigates").

To populate the graph from raw, unstructured input like threat reports or logs, the system spins up dedicated extraction agents — one per entity type. Each agent is dynamically constructed using the ontology's entity definitions and attribute lists, so the agents are tailored to the domain without being hardcoded. The agents parse the unstructured text and emit structured entity records.

• Nodes represent entities (a specific CVE, a threat group, a software asset)
• Edges represent typed relationships derived from the ontology
• The resulting graph is used to augment GAI queries — giving the AI model precise, relational context before it generates an answer

The cybersecurity use case is called out explicitly in the abstract, but the architecture is domain-agnostic — swap out the ontology and you could apply it to healthcare, finance, or legal data.

What this means for AI-powered security tools

For enterprise AI products like Microsoft Security Copilot, the quality of answers depends almost entirely on the quality of the context you feed the model. Generic RAG pipelines that just do semantic search over document chunks miss relational context — they can tell you a CVE exists, but not that it's being actively exploited by a specific group targeting your industry. A knowledge graph fixes that.

This patent is essentially Microsoft staking a claim on how you build that graph automatically from messy real-world data — using ontology-driven, dynamically constructed agents rather than hand-coded extractors. If this approach works reliably, it could make domain-specific AI assistants meaningfully more accurate without requiring a human to curate the knowledge base by hand. That's a real operational advantage for large enterprise security teams.

Editorial commentary on a publicly published patent application. Not legal advice.