Microsoft's MDASH AI System Finds 16 Windows Flaws Fixed in Patch Tuesday

Key Points:

• Microsoft has introduced MDASH, a multi-model AI-driven system designed to autonomously discover, validate, and prove exploitable vulnerabilities in complex codebases like Windows, currently in limited private preview testing with select customers.
• MDASH operates as a structured pipeline using over 100 specialized AI agents across various models to analyze source code, build threat models, flag potential issues, validate findings, and confirm vulnerabilities through a multi-stage process.
• The system has already identified 16 vulnerabilities fixed in the latest Patch Tuesday release, including two critical remote code execution flaws in Windows networking and authentication components (CVE-2026-33824 and CVE-2026-33827).
• Unlike single-model approaches, MDASH leverages disagreement between different AI agents as a credibility signal, enhancing the accuracy of vulnerability detection through a combination of state-of-the-art and distilled models.
• MDASH's launch aligns with other AI-powered cybersecurity efforts like Anthropic’s Project Glasswing and OpenAI Daybreak, marking a shift toward production-grade AI systems for enterprise-scale vulnerability discovery and defense.