Apple is teasing the imminent launch of a new MacBook with an M5 chip. In an X post, Apple SVP of worldwide marketing Greg Joswiak wrote that “something powerful is coming,” and a short video in the post includes the words “coming soon” and a silhouette of an Apple laptop. Joswiak’s post also includes the word “Mmmmm” — five Ms, get it? — and the laptop silhouette is in the shape of a Roman numeral V.

Mmmmm… something powerful is coming. pic.twitter.com/hHDYwuisJC

— Greg Joswiak (@gregjoz) October 14, 2025

This new laptop isn’t a big surprise, as Bloomberg’s Mark Gurman recently reported that Apple is set to announce a base-model MacBook Pro with an M5 chip this week. The imminent launch of M5-equipped products from Apple isn’t a shock, either: iPad Pros with an M5 chip have also already been unboxed on YouTube, and Gurman said that the new tablets are set to be announced this week, though Joswiak hasn’t hinted at that just yet. Gurman also said that a Vision Pro with “a faster chip” is set to be announced this week, which could be the new headset recently spotted in an FCC filing.

ExCyTIn-Bench is Microsoft’s newest open-source benchmarking tool designed to evaluate how well AI systems perform real-world cybersecurity investigations.¹ It helps business leaders assess language models by simulating realistic cyberthreat scenarios and providing clear, actionable insights into how those tools reason through complex problems. In contrast to previous benchmarks that concentrated on threat intelligence trivia or static knowledge, this benchmark evaluates AI agents in multistep, data-rich, multistage cyberattack scenarios within a simulated security operations center (SOC) in Microsoft Azure. It incorporates 57 log tables from Microsoft Sentinel and related services to reflect the scale, noise, and complexity of real incidents and SOC operations.²

Why ExCyTIn-Bench matters for business

For chief information security officers (CISOs), IT leaders, and buyers, ExCyTIn-Bench offers a clear, objective way to assess AI capabilities for security. It’s not just about accuracy in cyberthreat reports, trivia, or toy simulations, but about how well AI can investigate, adapt, and explain its findings in the face of real-world cyberthreats. As cyberattacks grow in sophistication, tools like ExCyTIn-Bench help organizations select solutions that truly enhance detection, response, and resilience.

Microsoft uses this framework internally to strengthen its AI-powered security features and test their ability to withstand real-world cyberattacks. Our security-focused in-house models rely on feedback from ExCyTIn to uncover weaknesses in detection logic, tool capabilities, and data navigation. For broader integration, we are also collaborating with security products such as Microsoft Security Copilot, Microsoft Sentinel, and Microsoft Defender to evaluate and provide feedback on their AI features. Additionally, Microsoft Security product owners can monitor how different models perform and what they cost, allowing them to choose appropriate models for specific features.

How ExCyTIn-Bench improves upon traditional benchmarks

Unlike traditional benchmarks^3,4 that rely on multiple choice questions—which are often susceptible to guesswork—ExCyTIn-Bench adopts an innovative, principled methodology for generating questions and answers from threat investigation graphs. Human analysts conceptualize threat investigations using incident graphs, specifically bipartite alert-entity graphs.⁵ These serve as ground truth, supporting the creation of explainable question-answer pairs grounded in authentic security data. This enables rigorous analysis of strategy quality, not just final answers. Even recent industry publications, such as CyberSOCEval,³ focus on packaging realistic SOC scenarios and evaluating how models investigate static evidence in them. ExCyTIn adopts a different approach in both design and technical implementation by positioning the agent within a controlled Azure SOC environment: where the agent queries live log tables, transitions across data sources, and plans multistep investigations.

As a result, ExCyTIn evaluates comprehensive reasoning processes, including goal decomposition, tool usage, and evidence synthesis, under constraints that simulate an analyst’s workflow. By defining rigorous ground truths and extensible frameworks, ExCyTIn-Bench enables realistic, multiturn, agent-based experimentation, collaboration, and continuous self-improvement, all reinforced by verifiable, fine-grained reward mechanisms for AI-powered cyber defense.⁶

ExCyTIn-Bench innovations that deliver strategic value

• Realistic security evaluation. Unlike most open-source benchmarks,^3,4 ExCyTIn-Bench captures the complexity and ambiguity of actual cyber investigations. AI agents are challenged to analyze noisy, multitable security data, construct advanced queries, and uncover indicators of compromise (IoCs)—mirroring the work of human SOC analysts.
• Transparent, actionable metrics. The benchmark provides fine-grained, step-by-step reward signals for each investigative action over basic binary success and failure metrics found in current benchmarks. This transparency helps organizations understand not just what a model can do, but how it arrives at its conclusions—critical for actionability, trust, and compliance.
• Accelerating innovation. ExCyTIn-Bench is open-source and designed for collaboration. Researchers and vendors worldwide can use it to test, compare, and improve new models, driving rapid progress in automated cyber defense.
• Personalized benchmarks (coming soon). Create tailored cyberthreat investigation benchmarks specific to the threats occurring in each customer tenant.

Latest results—language models are getting smarter

Recent evaluations show that the newest models are making significant strides:

• GPT-5 (High Reasoning) leads with a 56.2% average reward, outperforming previous models and demonstrating the value of advanced reasoning for security tasks.
• Smaller models with effective chain-of-thought (CoT) reasoning—like GPT-5-mini—are now rivaling larger models, offering strong performance at lower cost.
• Explicit reasoning matters—Lower reasoning settings in GPT-5 drop performance by nearly 19%, highlighting that deep, step-by-step reasoning is essential for complex investigations.
• Open-source models are closing the gap with proprietary solutions, making high-quality security automation more accessible.
• New models are getting close to top CoT techniques (ReAct, reflection and BoN at 56.3%) but don’t surpass them, suggesting comparable reasoning during inference.

Get involved

ExCyTIn-Bench is open-source and free to access. Model developers and security teams are invited to contribute, benchmark, and share results through the official GitHub repository. For questions or partnership opportunities, reach out to the team at msecaimrbenchmarking@microsoft.com.

Thank you to the MSECAI Benchmarking team for helping this become reality.

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity.

---

¹Benchmarking LLM agents on Cyber Threat Investigation

²https://huggingface.co/datasets/anandmudgerikar/excytin-bench

³CyberSOCEval: Benchmarking LLMs Capabilities for Malware Analysis and Threat Intelligence Reasoning

⁴[2406.07599] CTIBench: A Benchmark for Evaluating LLMs in Cyber Threat Intelligence

⁵Incident or Threat Investigation graphs portray multi-stage attacks by linking alerts, events, and indicators of compromise (IoCs) into a unified view. Nodes denote alerts (e.g., suspicious file downloads) or entities (e.g., user accounts) while edges capture their relationships (e.g., a phishing email that triggers a malicious download)

⁶[2507.14201] ExCyTIn-Bench: Evaluating LLM agents on Cyber Threat Investigation 

The post Microsoft raises the bar: A smarter way to measure AI for cybersecurity appeared first on Microsoft Security Blog.

The SSMS team is delighted to announce the release of SQL Server Management Studio (SSMS) 22 Preview 3. This latest preview is chock full of exiting new features and fixes. For the detailed list of everything we released, as well as download and installation instructions, check out our release notes. Let’s dive into some of the highlights!

Update to SSMS 22 Preview 3

Update to the latest version of SSMS 22 Preview by going to Help > Check for Updates or open the Visual Studio Installer to download and install the update. If you don’t have SSMS 22 Preview yet, you can learn more about downloading and installing it here.

Initial ARM64 Support

We are so excited to announce the initial support of ARM64 devices for SSMS 22 Preview! Like our approach to adding dark mode, ARM64 support for the various components of SSMS will come in phases. If you’re a Windows ARM64 user, you can now download, install, and use SSMS 22 Preview for scenarios like connecting and querying your databases. For a list of scenarios that are still unsupported, visit our known issues page.

We know this has been a long-standing request, dating back to the initial SSMS 21 Preview releases. We appreciate your support and patience as we continue to build out our ARM64 story for SSMS 22.

Introducing GitHub Copilot in SSMS (Preview)

After launching Copilot in SSMS (Preview) in SSMS 21, we received a lot of feedback about integrating with GitHub Copilot (read Erin’s previous blog post for more details about our decision making process and pivot!).

Today, we are thrilled to announce the launch of GitHub Copilot in SSMS (Preview) – a new Copilot experience with sidecar and inline chat, code assistance, and more to come. To get started using GitHub Copilot in SSMS, launch the Visual Studio Installer, select AI Assistance from the Workloads tab, and select Modify to download and install the component.

 

Installing the AI Assistance workload containing the GitHub Copilot in SSMS (Preview) component.

For a detailed breakdown of what’s new, be sure to visit Erin’s blog post and our documentation site.

Introducing the Query Hint Recommendation tool (Preview)

The Query Hint Recommendation tool, a component for SQL Server Management Studio (SSMS), automates the identification of optimal query hints to enhance SQL query performance. This tool allows users to explore query hints for a given query while minimizing the need for manual trial and error.

 

The Query Hint Recommendation tool identifies optimal query hints for your SQL query..

 

The Query Hint Recommendation tool (Preview) works with a single query in the active query editor window. For step-by-step instructions, visit our documentation.  

Select your SQL query to start the Query Hint Recommendation tool.

SQL Server Integration Services (SSIS) Reinstated

With SSMS 22 Preview 3, we are bringing back SQL Server Integration Services (SSIS) capabilities, including SSISDB catalog management, automated execution of SSIS packages, the Import/Export Wizard, and Maintenance Plans. For a list of known issues, please visit our known issues page.

Bug Fixes in SSMS 22 Preview 3

The SSMS team has done an enormous amount of work for this Preview. In addition to all the new features we mentioned above, we’ve also resolved several bug and feedback items.

• Database Properties: Fixed an issue that blocked the ability to change compatibility level for users with ALTER permissions. See Database compatibility level drop down disabled but query works.
• Object Explorer and Results Grid: Resolved an issue that prevented direct scroll bar navigation from working properly. See Direct scroll bar navigation via Shift-click does not work for Object Explorer and Results Grid.
• Solution Explorer: Resolved an error that was generated when opening a folder that was closed but had files that were open. See SSMS 21 Preview – error while opening a folder in Windows 11.
• Status Bar: Reinstated line and column numbers in the status bar. See In SSMS21 I can’t find column number after clicking cell in grid results.

 

We hope you've been enjoying the latest SSMS 22 Preview. We can't wait to hear your feedback, comments, and suggestions. Thanks for being along for the ride!

 

Last month we shared that we made the decision to pivot to GitHub Copilot for the SQL Server Management Studio (SSMS) copilot integration.  This month we’re happy to announce that GitHub Copilot in SSMS is now available in Preview 3 of SSMS 22! If you’re looking to get help writing, editing, or fixing T-SQL, have questions to ask about your database, and you’d like to use your GitHub Copilot subscription, then it’s time to install SSMS 22 Preview 3 with the AI Assistance workload.

With GitHub Copilot in SSMS you can login using your existing GitHub Copilot subscription, and if you don’t have one, you can sign up for Copilot Free right from the chat window in SSMS. Once you’re logged in, open a query editor and connect to a database, and you’re off and running! 

Using GitHub Copilot in SSMS

GitHub Copilot in SSMS has database and connection context when you’re connected in an editor window, so it knows the version of SQL to which you’re connected and has knowledge of the database schema.  From the chat window you can get assistance with T-SQL in the active editor or ask questions about your database.  Switch to another editor window to chat with a different database, or start a new thread if you want to maintain separate conversations. You can find demos of GitHub Copilot in SSMS in action in our new playlist.

When typing in the editor you’ll notice that there is no auto-complete functionality; that’s expected, but it’s temporary!  We prioritized making this first preview release available to our users, and we are actively working to bring parity with the original Copilot in SSMS, in addition to new capabilities unlocked by GitHub Copilot.  This will take a few releases, so review the list of current limitations to understand what’s available in this initial release. Remember this is preview, which means we are far from finished!  It also means that this your chance to provide feedback on what you like so far, and what you would like to see – we’d love to hear from you on the feedback site (please make sure to search first before creating an item).

A few FAQs below, as a reminder…

Will you backport GitHub Copilot to SSMS 21?

No, GitHub Copilot in SSMS will only be available in SSMS 22.

Do I need a GitHub Copilot subscription to use GitHub Copilot in SSMS?

Yes.

What if I don’t have a GitHub Copilot subscription?

You can sign up for a personal subscription (GitHub Copilot · Your AI pair programmer), or your company can sign up for a business or enterprise subscription.  Once you have a subscription, you can use GitHub Copilot in SSMS.

What GitHub Copilot subscriptions are supported?

All personal and business subscriptions are supported.

Can I use GitHub Copilot for free?

Yes! GitHub Copilot offers a free, personal subscription that can be used in SSMS, just like it can be used in Visual Studio and VS Code.

What’s next?

Our teams are thrilled to make GitHub Copilot in SSMS (Preview) available to users, and we look forward to your feedback.  We will evolve this integration in subsequent releases of SSMS 22 Preview, with the ultimate goal of making it easier for users to leverage AI assistance in SSMS and become more efficient in their daily workflow.

As of today, October 14, 2025, Microsoft is officially ending support for Windows 10. This means that Windows 10 devices will no longer receive security or feature updates, nor technical support from Microsoft. While these devices will continue to operate, the lack of regular security updates increases vulnerability to cyber threats, including malware and viruses. Applications running on Windows 10 may also lose support as the platform stops receiving updates.

Will Defender continue to protect Windows 10 devices?

• Defender supports a range of legacy systems, including Windows 10. (See here for a full list of supported operating systems.) Microsoft Defender will continue to provide detection and protection capabilities to the extent possible on Windows 10 and other legacy systems. Keep in mind that security solutions on legacy systems are inherently less secure and may not be able to receive all new features, so please review the next section for important actions you can take.
• For Windows 10 customers without Defender, Microsoft will continue to provide security intelligence updates for the built-in Microsoft Defender Antivirus protection through October 2028. Of course, Defender Antivirus alone isn't a comprehensive risk mitigation posture without Microsoft Defender detection and response deployed across your digital estate.

What should customers do to protect their Windows 10 devices?

• Upgrade to Windows 11:
  Moving to Windows 11 is strongly recommended for PCs eligible to upgrade. Windows 11 delivers the latest security features, improved performance, and ongoing support at no additional cost. This is the best way to ensure your endpoints remain protected and compliant. Devices running Windows 10 will be more vulnerable, even with ongoing security intelligence updates (SIUs).
• Extended security update (ESU) program:
  If upgrading isn’t immediately possible, Microsoft offers an ESU program for Windows 10. The ESU program provides critical and important security updates but does not include new Windows features or technical support.
  • Enterprise customers can purchase ESU for up to three years or receive it at no additional cost with a Windows 365 subscription.
  • Cloud and virtual environments: Windows 10 devices accessing Windows 11 Cloud PCs via Windows 365 or Virtual Machines are entitled to ESU at no extra cost, with automatic updates.
  • Consumer customers have options to enroll for one year of ESU, including free enrollment methods in certain regions.

For further guidance, check out the posts below or connect with your Microsoft account team.

• End of support for Windows 10, Windows 8.1, and Windows 7 | Microsoft Windows
• How to prepare for Windows 10 end of support by moving to Windows 11 today | Windows Experience Blog
• Extended Security Updates (ESU) program for Windows 10 | Microsoft Learn

 

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity. 

 

 

 

Managing SQL Server across hybrid and multi-cloud environments has long posed a challenge for database administrators. To help meet that challenge, Gilda Alvarez will explain the nuts and bolts at the upcoming Live! 360 dev/tech conference