Microsoft MDASH: How a 100‑Agent AI System Is Finding Real Windows Vulnerabilities

Agents share results and challenge each other’s findings, which helps filter out false positives and produce validated vulnerabilities rather than speculative alerts.

This agentic architecture allows Microsoft to combine different AI models inside one system instead of relying on a single model for every step of the analysis.

Real Vulnerabilities Found in Windows

According to Microsoft and independent reporting, MDASH assisted internal security teams in discovering 16 Windows vulnerabilities affecting networking and authentication components.

Among them were four critical remote‑code‑execution bugs, which could potentially allow attackers to run malicious code remotely if left unpatched.

Reportedly affected components include parts of the Windows networking stack such as:

• the TCP/IP stack
• the IKEEXT IPsec service
• Netlogon
• the Windows DNS client

These issues were addressed in the May 2026 Patch Tuesday release, meaning the vulnerabilities were fixed before attackers could widely exploit them.

Benchmark Performance on CyberGym

MDASH was also tested on CyberGym, a large benchmark designed to evaluate AI systems on cybersecurity tasks.

Reports indicate the system achieved about 88.45% across more than 1,500 tasks, placing it ahead of competing models such as Anthropic’s Mythos Preview and reportedly ahead of OpenAI’s GPT‑5.5 in the same evaluation.

However, detailed benchmark methodology and full evaluation data are not widely published yet, which makes independent verification difficult. Current reporting largely relies on Microsoft disclosures and secondary analysis of the benchmark results.

Why This Matters for Cybersecurity

MDASH highlights a major shift in how software vulnerabilities may be discovered in the future.

Traditional vulnerability research relies heavily on human experts or static analysis tools that flag potential issues. Multi‑agent AI systems like MDASH instead aim to:

• autonomously analyze massive codebases
• simulate attacker behavior
• generate proof‑of‑concept exploits
• validate real vulnerabilities before reporting them

If these systems continue improving, they could dramatically accelerate the discovery and remediation of software flaws across large platforms like Windows.

Enterprise Availability

Microsoft plans to open MDASH to enterprise customers in private preview, according to reporting on the system’s launch.

The company has not yet detailed exactly how the platform will be productized or which Microsoft security products it may integrate with long term.

The Bigger Trend: AI Agents in Security Research

MDASH reflects a broader shift toward multi‑agent AI systems performing complex tasks collaboratively rather than relying on a single general‑purpose model.

For cybersecurity, this approach may be especially powerful: vulnerability discovery requires exploration, reasoning, testing, and validation across massive codebases—tasks that benefit from specialized agents working together.

Microsoft’s early results suggest that agent‑based AI systems could soon become a core part of how large software platforms identify and patch critical security flaws.