Microsoft's MDASH AI System Finds 16 Windows Flaws Fixed in Patch

Microsoft has introduced a new AI-driven system named MDASH, designed to enhance vulnerability discovery and remediation on a large scale. This system is currently being tested by select customers in a limited private preview. MDASH stands for multi-model agentic scanning harness and is a model-agnostic system that employs specialized AI agents to autonomously identify, validate, and demonstrate exploitable defects in complex codebases, such as Windows. Unlike traditional single-model approaches, MDASH utilizes over 100 specialized AI agents across a combination of advanced and simplified models to discover, debate, and confirm exploitable bugs comprehensively. Taesoo Kim, vice president of agentic security at Microsoft, emphasized that the system orchestrates these agents to provide end-to-end vulnerability discovery and validation. MDASH operates as a structured pipeline that processes a codebase to produce validated findings. The process begins with analyzing the source code to create a threat model and identify the attack surface. Specialized "auditor" agents then examine candidate code paths for potential issues, followed by "debater" agents that validate these findings. The system groups semantically similar findings and ultimately proves the existence of vulnerabilities. The system leverages a configurable panel of models, including state-of-the-art models for reasoning and distilled models for high-volume validation passes. A separate state-of-the-art model provides independent counterpoints. Microsoft explained that disagreements between models serve as a signal, increasing the credibility of findings when an auditor's suspicion cannot be refuted by a debater. Microsoft highlighted that the specialized agents in MDASH are constructed based on historical common vulnerabilities and exposures (CVEs) and their patches. The architecture of MDASH allows for adaptability across different model generations, enhancing its longevity and effectiveness. MDASH has already demonstrated its capabilities by identifying 16 vulnerabilities that were addressed in the recent Patch Tuesday release. These vulnerabilities were found in the Windows networking and authentication stack, including two critical flaws that could enable remote code execution. One such flaw, CVE-2026-33824, involves a double-free vulnerability in "ikeext.dll," while another, CVE-2026-33827, involves a race condition in Windows TCP/IP. The introduction of MDASH follows similar AI-powered cybersecurity initiatives like Anthropic's Project Glasswing and OpenAI Daybreak, which aim to accelerate vulnerability discovery and remediation. According to Kim, the strategic significance of AI in vulnerability discovery has shifted from a research interest to a production-grade defense mechanism at an enterprise scale, with the advantage lying in the agentic system rather than any single model.