The Ransomware Kill Chain Investigator (RKCI) is a purpose-built Security Copilot Agent that automates the investigation and response of Microsoft Defender ransomware incidents. By combining incident ingestion with enrichment from Entra ID, Intune, and Microsoft Threat Intelligence (DTI), RKCI transforms noisy alerts into a single, high-signal narrative.