Microsoft has announced a new multi-model agentic security system capable of autonomously discovering exploitable software vulnerabilities at massive scale. The company says the AI-powered platform helped researchers identify and fix 16 Windows vulnerabilities ahead of Patch Tuesday, including multiple critical remote code execution flaws.
The new system, internally codenamed MDASH, combines more than 100 specialized AI agents working across frontier and custom AI models to analyze code, debate findings, validate exploits, and generate proof-of-concept attack paths automatically.
Microsoft also confirmed that customers can now sign up to test the technology through a limited private preview.
Microsoft’s AI Security System Uses More Than 100 Specialized Agents
Unlike traditional single-model AI security tools, Microsoft’s new approach orchestrates multiple AI agents together in a coordinated workflow.
According to Microsoft, the system can:
- Scan massive Windows codebases
- Detect exploitable bugs
- Debate and verify vulnerabilities
- Eliminate false positives
- Automatically generate exploit proofs
The company says this multi-agent architecture allows the platform to behave more like a team of security researchers instead of a standalone chatbot.
Microsoft believes this “agentic” design is the key reason the system achieved industry-leading benchmark performance.
Top Performance on the CyberGym Benchmark
Microsoft says MDASH achieved an 88.45% score on the public CyberGym benchmark, currently topping the leaderboard and outperforming competing systems by roughly five percentage points.
CyberGym is a large-scale cybersecurity benchmark containing more than 1,500 real-world vulnerability reproduction tasks across hundreds of software projects.
The company also revealed several additional internal results:
- 21 out of 21 planted vulnerabilities discovered with zero false positives
- 96% recall across five years of confirmed CLFS security bugs
- 100% recall for historical tcpip.sys vulnerabilities
These results suggest the system is capable of identifying real-world vulnerabilities that previously required expert human researchers.
Microsoft Used MDASH Before Patch Tuesday
One of the biggest announcements is that Microsoft already deployed the system internally ahead of Patch Tuesday.
The AI platform reportedly helped researchers identify 16 vulnerabilities across Windows networking and authentication components, including four critical remote code execution flaws affecting areas like:
- Windows TCP/IP stack
- IKEv2 services
- Authentication systems
- Kernel networking components
Microsoft says the discoveries directly contributed to security fixes released this month.
AI-Powered Security Is Moving Beyond Research
Microsoft says the launch represents a major shift in cybersecurity, where AI vulnerability discovery is evolving from an experimental concept into a production-grade defense system.
The company argues that the future advantage will not come from a single AI model alone, but from sophisticated agent orchestration systems capable of reasoning, validating, and proving vulnerabilities at scale.
The announcement also highlights the growing competition between Microsoft, OpenAI, Anthropic, Google, and other AI companies building autonomous cybersecurity tools.
Private Preview Now Available
Microsoft confirmed that organizations can now sign up for a limited private preview of the MDASH platform.
The company says the system is already being tested by select customers while Microsoft continues improving the underlying agentic infrastructure and vulnerability proving pipeline.
If the technology continues improving at this pace, AI-driven vulnerability research could dramatically accelerate how quickly software vendors discover and patch critical security flaws.
Keep yourself updated with all latest news about Windows 11 by reading our full coverage here.
Please follow us on our Facebook page and X account for all latest and breaking Windows and Microsoft related news.
