Microsoft has announced Predictive Shielding, a promising AI-assisted technology, still in preview, in Microsoft Defender XDR and Microsoft Defender for Endpoint.

Predictive Shielding is designed to disrupt an ongoing attack and contain the threat before it laterally moves across nodes. It also does that in a proactive manner by anticipating attacks and their likely progressions.

It becomes possible by predicting and shielding the likely path(s) an attacker will choose to go next essentially mapping a given topology and calculating potential paths.

I'm eager to see this in action and curious about any false flags (aka blocking things it shouldn't) it may give in a production environment.