MDASH: Microsoft's AI Finds 16 Windows Vulnerabilities

Microsoft has developed a new AI system called MDASH to find security vulnerabilities. This system, which stands for Microsoft Security multi-model agentic scanning harness, is a competitor to Anthropic Mythos. MDASH identified 16 Windows vulnerabilities that Microsoft fixed in this week’s Patch Tuesday updates. What's interesting is that it uses over 100 specialized AI agents and multiple AI models to discover and prove exploitable bugs. The results are impressive: MDASH found 21 out of 21 planted vulnerabilities with no false positives in a private test. It also achieved a 96% recall rate against five years of confirmed Microsoft Security Response Center cases in one system file, and 100% in another. On the public CyberGym benchmark, it scored 88.45%, leading the leaderboard by about five points. Microsoft explains that MDASH is designed to work with its massive and complex codebases, like Windows and Azure, which are not part of outside language models' training. This system is portable and can improve as AI technology evolves. The bottom line is that AI-powered vulnerability discovery is becoming a practical engineering solution, making our digital world potentially more secure.