Microsoft’s MDASH AI System Finds 16 Windows Flaws Fixed in Patch Tuesday
Microsoft’s MDASH AI System Finds 16 Windows Flaws Fixed in Patch Tuesday
https://thehackernews.com/2026/05/microsofts-mdash-ai-system-finds-16.html
Publish Date: 2026-05-13 09:46:00
Source Domain: thehackernews.com
Microsoft has unveiled a new multi-model artificial intelligence (AI)-driven system called MDASH to facilitate vulnerability discovery and remediation at scale, adding that it’s being tested by some customers as part of a limited private preview.
MDASH, short for multi-model agentic scanning harness, is designed as a model-agnostic system that uses bespoke AI agents for different vulnerability classes to autonomously discover, validate, and prove exploitable defects in complex codebases like Windows.
“Unlike single-model approaches, the harness orchestrates more than 100 specialized AI agents across an ensemble of frontier and distilled models to discover, debate, and prove exploitable bugs end-to-end,” Taesoo Kim, vice president of agentic security at Microsoft, said.
MDASH is envisioned as a “structured pipeline” that ingests a codebase and produces validated, proven findings through a series of actions.
It starts with analyzing the source code to build a threat model and attack surface, running specialized “auditor” agents over candidate code paths to flag potential issues, running a second set of “debater” agents that validate the findings, grouping semantically equivalent findings, and then finally proving the existence of the vulnerabilities.
The system is powered by a configurable panel of models, with state-of-the-art (SOTA) models used for reasoning, distilled models for validation for high-volume passes, and a second separate SOTA model for independent counterpoint.
“Disagreement between models is itself a signal: when an auditor flags something as suspect and the debater can’t refute it, that finding’s posterior credibility goes up,” Microsoft explained. “An auditor does not reason like a debater, which does not reason like a prover. Each pipeline stage has its own role, prompt regime, tools, and stop criteria.”
Redmond noted that the specialized agents have been constructed…
