How Microsoft’s MDASH AI Discovered 16 Windows Vulnerabilities in One Patch Tuesday

Those discoveries were included in the May 2026 Patch Tuesday release, which fixed roughly 120 vulnerabilities overall, according to security coverage of the update. ^[2]

What MDASH is and why Microsoft built it

MDASH is described as a multi‑model, agentic security system designed to automate parts of vulnerability discovery traditionally handled by security researchers. Instead of relying on a single model or static scanner, the platform coordinates more than 100 specialized AI agents that collaborate to analyze large codebases. ^[10][9]

Microsoft’s Autonomous Code Security team developed the system together with the Windows Attack Research and Protection group. ^[7]

The goal: detect exploitable flaws across massive software projects like Windows faster than human researchers alone can.

How the multi‑agent workflow works

Public descriptions of MDASH outline a staged pipeline in which multiple AI agents examine the same codebase from different perspectives.

The workflow typically includes several phases:

1. Preparation and threat modeling
The system first ingests source code and constructs an attack‑surface model to identify potentially risky areas of the codebase. ^[8]

2. Large‑scale agent scanning
Dozens or hundreds of specialized auditing agents analyze the code simultaneously, generating hypotheses about possible vulnerabilities along with supporting evidence. ^[8][9]

3. Agent debate and verification
A separate set of agents challenges or validates those findings, effectively "arguing" about whether a suspected flaw is real. ^[8]

4. Deduplication
Semantically similar results are merged to eliminate duplicate vulnerability reports. ^[8]

5. Proof generation
Finally, the system attempts to trigger or demonstrate exploitability, producing evidence that a vulnerability actually exists. ^[8]

This multi‑agent approach mirrors how human security teams operate—hypothesis, verification, and proof—but compresses the process into automated pipelines that run at machine speed.

Benchmark and testing signals

Early testing results suggest MDASH performs strongly on vulnerability‑discovery benchmarks and internal validation tasks.

For example, reporting around Microsoft’s research notes that the system achieved about 88% performance on the CyberGym vulnerability benchmark, outperforming competing tools in that evaluation. ^[9]

In internal experiments, MDASH was also able to detect all injected vulnerabilities in a test driver sample, indicating strong recall in controlled scenarios. ^[3]

These results are not a guarantee of real‑world accuracy, but they suggest that coordinated AI agents can meaningfully assist in vulnerability hunting across large codebases.

What the first real‑world results show

The most significant takeaway is that MDASH’s first public demonstration wasn’t a lab experiment—it produced vulnerabilities that were actually patched in a production Windows update.

That matters because security tools often look promising in research settings but fail to deliver actionable findings in real software.

In this case, MDASH helped identify vulnerabilities across core Windows networking and authentication layers, suggesting the system is already capable of targeting high‑risk attack surfaces. ^[10][6]

Microsoft’s broader “AI‑speed” security strategy

Microsoft describes MDASH as part of a broader shift toward “defense at AI speed.” The idea is simple: if attackers can use AI to accelerate vulnerability discovery, defenders must use similar tools to find and fix flaws first. ^[10]

The company plans to open MDASH to enterprise customers in a private preview, allowing organizations to experiment with AI‑assisted vulnerability discovery in their own environments. ^[7]

If successful, systems like MDASH could reshape software security workflows by:

• Scaling vulnerability research across massive codebases
• Reducing time between bug discovery and patching
• Assisting human researchers with automated hypothesis generation and verification

In short, MDASH signals a future where AI agents become permanent members of security teams, continuously scanning complex systems for weaknesses before attackers can exploit them.

The May 2026 Patch Tuesday results suggest that future vulnerability discoveries may increasingly come from machines working alongside human security researchers—not from humans alone.