Friday, July 10, 2026

News

Microsoft's 100 AI Agents Uncover 16 Windows Security Flaws

AI AgentsPatryk Raba

Microsoft's autonomous MDASH system, made up of more than one hundred specialized AI agents, independently discovered 16 previously unknown Windows vulnerabilities, including four critical remote-code-execution bugs. Microsoft is now testing a private preview of the tool for business customers.

Contents
  1. How MDASH works
  2. Vulnerabilities found
  3. AI versus AI arms race
  4. What it means for businesses and administrators

Microsoft has disclosed details of MDASH, an autonomous vulnerability-detection system built from more than one hundred specialized AI agents. In its first public test, the system independently identified 16 previously unknown vulnerabilities in Windows, including four critical bugs that allow remote code execution without any user interaction.

How MDASH works

The system was built by Microsoft's Autonomous Code Security and Windows Attack Research and Protection teams. Rather than relying on a single model to analyze code, MDASH splits the work across dozens of agents assigned to different stages of the process: scanning source code, building test data, validating findings, and preparing material for final review by a human engineer.

This division of labor is meant to set MDASH apart from earlier single-model tools, which handled simple pattern matching well but struggled with complex bugs that require tracking program state across multiple places in the code at once. Each of the more than one hundred agents specializes in a narrow slice of that process.

Vulnerabilities found

Among the four critical bugs, the most severe involves an unauthenticated, remote use-after-free vulnerability in the Windows IPv4 stack, which theoretically allows an attacker to take control of a machine without any interaction from the victim. The second critical bug is a double-free vulnerability in the IKEEXT service, used by RRAS VPN, DirectAccess, and Always-On VPN connections, and can be triggered before authentication.

The other two critical vulnerabilities, rated 9.8 on the CVSS scale, affect the Netlogon service and the Windows DNS client. The twelve important bugs span the tcpip.sys, http.sys, ikeext.dll, and telnet.exe components, and cover a mix of denial of service, privilege escalation, information disclosure, and security bypass issues.

AI versus AI arms race

Microsoft stresses that MDASH's success comes from systems engineering, not from the language model alone. The company's vice president for agentic security noted that the key is combining many specialized components into a coherent process, rather than the raw computing power of a single model.

The model is just one piece of the puzzle. The product is the entire system - Taesoo Kim, Microsoft Vice President of Agentic Security

Industry analysts commenting on MDASH's launch note that tools of this kind speed up not only defense but potentially attacks too, since the same automated bug-hunting techniques could be used by criminals to find vulnerabilities before they reach software vendors.

We've entered an AI-versus-AI vulnerability discovery race - Sunil Varkey, Beagle Security

What it means for businesses and administrators

For IT departments, this above all signals a shift in patching pace. Microsoft indicates that as AI-driven discoveries grow, the number of fixes in successive Patch Tuesday updates will keep rising, and companies should move away from a rigid monthly patch cadence toward continuous, risk-based vulnerability management. June's Windows update already included more than 200 fixes, a record for a single cycle.

For Polish companies running Windows in server and VPN environments, this means having to respond faster to successive waves of patches, especially wherever RRAS, DirectAccess, or Netlogon, among the components patched, are in use. Experts warn, however, that AI detection alone isn't enough if organizations don't build an equally efficient patch-deployment process.

Detection without remediation discipline is theater - Sanchit Vir Gogia, Greyhound Research

Microsoft said the private preview of MDASH for business customers, launched in June 2026, will be expanded gradually, and the company plans to bring similar AI mechanisms into further stages of the Windows production cycle, including testing and fix preparation, not just bug detection.

Sources: Windows Experience Blog (blogs.windows.com), CSO Online (csoonline.com)

Share: