Security

Microsoft MDASH Security AI Finds Windows Vulnerabilities

3 min read

Summary

Microsoft says its MDASH multi-agent AI security system has moved from research into production workflows across Windows, Azure, and identity engineering teams. The platform now feeds validated findings into GitHub Advanced Security, Azure DevOps, and Microsoft Defender, helping teams discover and remediate high-impact vulnerabilities earlier in the development lifecycle.

Need help with Security?Talk to an Expert

Introduction

Microsoft is pushing AI deeper into its internal security engineering with codename MDASH, a multi-model agentic scanning system designed to find and help remediate software vulnerabilities at enterprise scale. For IT and security leaders, the announcement matters because it shows how Microsoft is using AI not just for detection, but to shift vulnerability discovery earlier into the software development lifecycle.

What’s new with MDASH

Since its initial launch, Microsoft says MDASH is now being used in active engineering workflows across:

  • Windows
  • Azure core infrastructure
  • Identity systems
  • Hyper-V and the Windows kernel
  • Active Directory Domain Services

Rather than acting as a standalone scanner, MDASH integrates into existing security and DevSecOps tools:

  • GitHub Advanced Security for inline code scanning alerts and pull request visibility
  • Azure DevOps for build gating and remediation work items
  • Microsoft Defender for prioritization alongside threat intelligence and runtime signals

Microsoft also shared that the latest MDASH version reached 96.5% on the CyberGym benchmark for “any crash,” reflecting improvements in the early prepare and scan phases of the pipeline.

Vulnerabilities Microsoft says MDASH helped uncover

Microsoft highlighted multiple Patch Tuesday discoveries across critical Windows components, including:

  • Hyper-V remote code execution flaws
  • Windows kernel remote code execution vulnerabilities
  • Active Directory Domain Services vulnerabilities
  • HTTP.sys and Remote Desktop Client flaws
  • DNS Client elevation of privilege issues
  • DHCP Client information disclosure bugs

Several listed CVEs carry high severity scores, including CVE-2026-45657 and CVE-2026-47291, both rated 9.8 CVSS.

Why this matters for IT administrators

For security teams and administrators, the biggest takeaway is not just the benchmark score. It is that Microsoft is embedding AI-driven vulnerability discovery into the same pipelines developers already use, making findings more actionable and less likely to sit in backlogs.

This approach could improve:

  • Faster identification of exploitable flaws before release
  • Better prioritization of code-level security issues
  • Tighter integration between development, security, and operations teams
  • More proactive protection for platforms many enterprises depend on

Next steps

IT pros should:

  1. Review this month’s Patch Tuesday updates, especially for Windows, Hyper-V, AD DS, and HTTP.sys.
  2. Track Microsoft’s MDASH preview and related security tooling announcements.
  3. Consider how AI-assisted code scanning and DevSecOps workflows could fit into internal application security programs.

Microsoft’s broader message is clear: security teams need to operate at AI speed, and vulnerability management is becoming more integrated, automated, and pipeline-driven.

Need help with Security?

Our experts can help you implement and optimize your Microsoft solutions.

Talk to an Expert

Stay updated on Microsoft technologies

Read the original article by Taesoo Kim
Microsoft SecurityMDASHWindows vulnerabilitiesDevSecOpsGitHub Advanced Security

Related Posts

Security

Microsoft XDR Leader in Forrester Wave 2026

Microsoft has been named a Leader in The Forrester Wave for Extended Detection and Response Platforms, Q2 2026, with the highest strategy score and the only top vision score. For security teams, the news highlights Microsoft's momentum in XDR, threat intelligence, attack disruption, and Security Copilot capabilities across identity, cloud, endpoints, and SIEM workflows.

Security

Microsoft Entra AI Identity Security Updates for 2026

Microsoft says AI is accelerating identity-based cyberattacks and is responding with tighter integration between Entra and Defender. Key updates include a unified identity risk score, an improved Entra ID Protection experience, new least-privilege response roles, and smarter Conditional Access optimization to help security teams detect and contain threats faster.

Security

Microsoft Defender Email Security Benchmark Insights

Microsoft has shared one year of real-world email security benchmarking data showing Defender consistently leading in pre-delivery detection versus SEG vendors. The latest results also show ICES tools add the most value for promotional and bulk email, while Defender now handles the vast majority of post-delivery malicious remediation.

Security

ASSERT Framework Turns AI Specs Into Executable Evals

Microsoft has released ASSERT, an open-source framework that converts natural-language behavior requirements into executable evaluation pipelines for AI models, agents, and applications. The tool helps teams build behavior-specific tests faster, improve regression coverage, and better validate whether AI systems follow product policies and safety expectations.

Security

AI Activity Investigations: New Microsoft Playbook

Microsoft has published a new investigator playbook to help security teams reconstruct AI-related activity across Microsoft 365 Copilot and Azure AI services. The guidance brings together telemetry, KQL queries, schema references, and detection logic across Purview, Defender, and Sentinel so investigators can move from isolated signals to a clear incident timeline.

Security

AI Brand Phishing Campaigns Target Microsoft Users

Microsoft Threat Intelligence reports a rise in phishing, malvertising, and SEO-driven attacks that abuse popular AI brands like ChatGPT, Claude, Copilot, and DeepSeek as social engineering lures. The campaigns use familiar tactics such as urgent payment notices, fake policy violations, and malicious installers to steal credentials, payment data, and deploy malware, making user awareness and layered defenses critical.