Microsoft's New AI Security System Discovers 16 Windows CVEs, Scores 88% on Vulnerability Benchmark

Microsoft's new AI security system MDASH, orchestrating over 100 specialized agents, achieves an industry-leading 88.45% on a real-world vulnerability benchmark and directly uncovers 16 new Windows CVEs — including four Critical remote code execution flaws — patched in today's Patch Tuesday release.

• Microsoft unveils a new multi-model agentic security system called MDASH (Microsoft Security multi-model agentic scanning harness), which orchestrates over 100 specialized AI agents to discover, debate, and prove exploitable software vulnerabilities end-to-end.
• MDASH achieves an industry-leading 88.45% score on the public CyberGym benchmark of 1,507 real-world vulnerabilities, and demonstrates 96% recall on five years of confirmed MSRC cases in clfs.sys and 100% in tcpip.sys, while finding all 21 planted vulnerabilities in a private test driver with zero false positives.
• The system directly contributed to the discovery of 16 new CVEs in the Windows networking and authentication stack — including four Critical remote code execution flaws — patched in today's Patch Tuesday, with a limited private preview now open for customer sign-ups.