Microsoft has unveiled MDASH, an AI-driven agentic security system that discovered 16 previously unknown Windows vulnerabilities, including four critical remote code execution flaws. The system orchestrates over 100 specialized AI agents across multiple models to scan source code, validate findings, and construct triggering inputs. The four critical CVEs affect core Windows components including the IPv4 stack, IKEEXT service, Netlogon, and Windows DNS Client, all patched in the May 2026 Patch Tuesday release. MDASH achieved 88.45% on the CyberGym benchmark and will enter private preview for enterprise customers in June. Analysts note this signals a shift toward continuous AI-assisted vulnerability management but caution that benchmark scores don't guarantee enterprise value and that discovery without remediation discipline is insufficient.
Sort: