Microsoft has unveiled a brand new AI-driven vulnerability discovery system that recognized 16 beforehand unknown Home windows vulnerabilities, together with 4 vital distant code execution flaws, in what security analysts say might mark a significant shift in how software program vulnerabilities are found and remediated.
The system, codenamed MDASH, was developed by Microsoft’s Autonomous Code Safety staff alongside the Home windows Attack Analysis and Safety group.
The platform will enter non-public preview for enterprise prospects subsequent month, Microsoft stated in a weblog put up asserting the system.
The vulnerabilities have been patched as a part of Microsoft’s Could 12 Patch Tuesday launch.
“Cyber defenders are dealing with an more and more uneven battle,” Microsoft added within the weblog put up. “Attackers are utilizing AI to extend the pace, scale, and class of assaults.”
Important Home windows elements affected
The 4 vital vulnerabilities affected core Home windows elements broadly deployed throughout enterprise environments, Microsoft stated within the weblog.
Amongst them was CVE-2026-33827, a distant unauthenticated use-after-free flaw within the Home windows IPv4 stack reachable via specifically crafted packets carrying the Strict Supply and Report Route choice, Microsoft stated.
One other flaw, CVE-2026-33824, concerned a pre-authentication double-free situation within the IKEEXT service affecting RRAS VPN, DirectAccess, and All the time-On VPN deployments.
Two further vital flaws affected Netlogon and the Home windows DNS Shopper, each carrying CVSS scores of 9.8.
The remaining 12 vulnerabilities rated “Vital” included denial-of-service, privilege-escalation, info disclosure, and security function bypass flaws affecting elements resembling tcpip.sys, http.sys, ikeext.dll, and telnet.exe, based on Microsoft.
How MDASH orchestrates AI brokers
In keeping with Microsoft, MDASH orchestrates greater than 100 specialised AI brokers throughout a number of frontier and distilled fashions, with every agent assigned to a distinct stage of the vulnerability discovery pipeline.
Some brokers scan supply code for potential flaws, others validate whether or not findings are real, and one other stage makes an attempt to assemble triggering inputs able to reproducing the difficulty earlier than the discovering reaches a human engineer for overview.
“The mannequin is one enter. The system is the product,” Taesoo Kim, Microsoft vp for agentic security, wrote within the weblog.
Microsoft stated the structure was deliberately designed to stay largely model-agnostic, permitting the corporate to swap underlying AI fashions with out rebuilding the broader orchestration pipeline.
That element issues as a result of MDASH arrives solely weeks after Microsoft introduced Undertaking Glasswing, a partnership involving Anthropic and others to guage AI-driven vulnerability discovery utilizing Anthropic’s Claude Mythos Preview mannequin.
“Microsoft is now working as platform proprietor, security vendor, AI infrastructure participant, OpenAI associate, Mythos integrator, and agentic security provider,” stated Sanchit Vir Gogia, chief analyst at Greyhound Analysis. “That may be a formidable place. It’s also a focus of affect that security leaders should look at with clear eyes.”
AI vs AI vulnerability race
The announcement additionally highlights rising concern that AI-driven vulnerability discovery might speed up offensive operations in addition to defensive analysis.
Anthropic has beforehand stated its Mythos Preview mannequin recognized hundreds of high-severity vulnerabilities, together with a decades-old OpenBSD flaw and a long-undetected FFmpeg situation that conventional fuzzing instruments did not uncover regardless of hundreds of thousands of makes an attempt.
“We’ve entered an AI-versus-AI vulnerability discovery race,” stated Sunil Varkey, advisor at Beagle Safety. “The winners received’t be the organizations with one of the best static scanners anymore. They’ll be those who can run these agentic methods quickest towards their very own code and remediate at machine pace.”
Varkey stated enterprises ought to pursue early entry to methods resembling MDASH the place potential reasonably than ready for broader business availability.
“Early entry isn’t simply nice-to-have,” he stated. “It’s turning into a defensive necessity within the AI period.”
For CISOs, the broader implication could also be that vulnerability administration is shifting from periodic scanning towards steady, AI-assisted discovery and remediation.
“The long run belongs to security groups that may discover, validate, comprise, and repair in a single ruled movement,” Gogia stated.
Benchmarks present progress, however analysts urge warning
To help its claims, Microsoft revealed benchmark outcomes exhibiting MDASH recognized all 21 intentionally planted vulnerabilities in an inner Home windows check driver with out false positives. The corporate additionally stated the system efficiently recovered almost all historic Microsoft Safety Response Heart circumstances examined towards older Home windows element snapshots.
On the general public CyberGym benchmark for vulnerability copy duties, Microsoft stated MDASH achieved a rating of 88.45%, topping the general public leaderboard at publication time.
Gogia stated the outcomes present the class is maturing however warned towards treating benchmark scores as direct proof of enterprise worth.
“CyberGym is a sign, not a shopping for choice,” he stated. “The equipment across the mannequin is starting to resemble a critical security analysis workflow.”
He added that many enterprises nonetheless lack the governance maturity required to operationalize machine-generated vulnerability discovery successfully.
“Discovery with out remediation self-discipline is theatre,” Gogia stated. “It produces dashboards, not resilience.”
