Microsoft says it has cut publisher screening time from several days to hours by using a new AI strategy to vet and continuously monitor software publishers across Microsoft-operated marketplaces and programs. In a new Microsoft Security blog post, the company said its Trust & Security Services team now uses automated screening and ongoing monitoring to flag fraudulent or compromised publishers before their code reaches customers at scale.
Microsoft says it’ it’s focus is not just code or malware, rather building a system that combines multiple AI-assisted analyzers and turns them into a risk score and recommendation such as approve, deny, or escalate. It said the process is designed to keep humans in the loop for the toughest cases while moving routine checks into automation. Microsoft also stressed that trust can decay after approval, so the system re-scores publishers when new evidence appears, such as ownership changes, unusual submission bursts or fresh threat intelligence.
One publisher Microsoft cited in its release claimed to that automated checks found its support domain had been registered only recently and the ownership details did not line up with the claimed company identity. It added the signing certificate had no prior distribution history on the platform. That did not trigger an automatic block. It triggered escalation, Microsoft said. The offering shifts marketplace security from a one-time identity check to a lifecycle model built around evidence, context and change over time.
