News in Short

• Microsoft’s MDASH system discovered 16 new Windows vulnerabilities, including Critical remote code execution flaws.
• The AI security harness achieved an industry-leading 88.45% score on the CyberGym benchmark.
• Microsoft says MDASH uses more than 100 specialized AI agents instead of a single model.
• The company claims the system found vulnerabilities with zero false positives in internal testing.

Microsoft has introduced a new AI-powered cybersecurity system called MDASH that is already finding serious Windows vulnerabilities before attackers can exploit them. The company says the multi-model agentic AI system discovered 16 new flaws across the Windows networking and authentication stack, including four Critical remote code execution vulnerabilities.

The announcement marks a major shift in how large technology companies may approach cyber defense. Instead of relying on one AI model, Microsoft built an orchestration system that uses more than 100 specialized AI agents working together to identify, debate, validate, and prove vulnerabilities.

What Is Microsoft MDASH and Why Is It Important?

Microsoft calls the new system the Microsoft Security multi-model agentic scanning harness, internally known as MDASH. The company says the platform was created by its Autonomous Code Security team to move AI vulnerability discovery from research labs into production-scale enterprise defense.

The system does not work like a traditional AI chatbot. Instead, it operates like an organized cyber investigation team. Different AI agents perform different tasks. Some search code for suspicious patterns. Others debate whether the flaw is real. Another group attempts to prove exploitation with working triggers.

Microsoft says this layered process matters because modern vulnerabilities are often buried across multiple files, services, and execution paths. A single AI model may miss those connections. MDASH attempts to solve that problem through collaboration between specialized agents.

How Did Microsoft’s AI Security System Perform?

Microsoft shared several benchmark results to demonstrate the capabilities of the new AI security system. According to the company, MDASH achieved an 88.45% success rate on the public CyberGym benchmark, which includes more than 1,500 real-world vulnerability reproduction tasks. Microsoft says this score currently tops the public leaderboard and sits roughly five points ahead of the next competitor.

The company also tested the system on a private Windows sample driver called StorageDrive. Microsoft deliberately injected 21 vulnerabilities into the unpublished codebase. MDASH reportedly found all 21 vulnerabilities with zero false positives.

In another internal evaluation, the system rediscovered 96% of historical vulnerabilities in clfs.sys and 100% of known issues in tcpip.sys from Microsoft Security Response Center records covering the last five years.

Which Windows Vulnerabilities Did MDASH Discover?

The biggest headline involves the 16 vulnerabilities discovered in Windows networking and authentication systems. Several of them were classified as Critical because attackers could potentially execute malicious code remotely without credentials.

The affected components include tcpip.sys, ikeext.dll, dnsapi.dll, netlogon.dll, and http.sys. Many vulnerabilities targeted low-level Windows networking infrastructure, making them especially sensitive for enterprise environments.

One of the most serious vulnerabilities, CVE-2026-33827, involved a remote unauthenticated use-after-free flaw in tcpip.sys triggered through specially crafted IPv4 packets using Strict Source and Record Route processing. Microsoft described the issue as a race-condition vulnerability capable of leading to kernel-level exploitation.

Another major flaw, CVE-2026-33824, affected the IKEEXT service used for IPsec and VPN functionality. Microsoft says attackers could trigger a double-free vulnerability remotely through crafted IKEv2 packets, potentially achieving LocalSystem remote code execution on vulnerable systems.

Why Is Microsoft Moving Beyond Single AI Models?

Microsoft repeatedly stresses that the “system” matters more than the individual AI model. The company argues that cybersecurity research cannot depend on one prompt or one large language model because advanced vulnerabilities require multi-step reasoning across files, protocols, memory states, and concurrency conditions.

That is why MDASH combines frontier models, distilled models, specialized auditing agents, debaters, proving systems, and extensible plugins. Microsoft says disagreement between AI agents actually becomes a useful signal. If one agent detects a vulnerability and another cannot disprove it, the credibility of the finding increases.

The company also says the architecture is future-ready. When newer AI models arrive, Microsoft can swap them into the harness without rebuilding the entire system.

What Does This Mean for Cybersecurity?

The broader message from Microsoft is clear. AI-powered vulnerability discovery is no longer experimental. It is becoming operational.

That shift could significantly impact how enterprises handle security testing, Patch Tuesday workflows, and defensive engineering. Instead of waiting for external researchers or attackers to discover flaws, companies may increasingly deploy AI systems that continuously audit their internal codebases at scale.

Microsoft also believes validation is the real differentiator. Many security tools generate alerts. Fewer systems can prove whether the flaw is actually exploitable. MDASH attempts to bridge that gap by moving beyond detection into automated validation and proof construction.

Conclusion

Microsoft’s new MDASH platform shows how AI is rapidly transforming cyber defense from reactive patching into proactive vulnerability discovery. The company’s multi-agent system already found critical Windows flaws, topped a major cybersecurity benchmark, and demonstrated how agentic AI could reshape enterprise security workflows. For Microsoft, the message is not just about smarter models. It is about building AI systems that can reason, validate, and scale security operations in real-world environments.