Microsoft finds 16 Windows vulnerabilities with MDASH
Microsoft said its MDASH security system helped researchers find 16 new vulnerabilities across the Windows networking and authentication stack. The findings include four Critical remote code execution flaws. For enterprises that depend on Windows hardening, the shift is less about a single model and more about an agent system that can chase bugs end to end.
MDASH and Windows security
The Microsoft Security multi-model agentic scanning harness is codenamed MDASH, and Microsoft’s Autonomous Code Security team built it. The harness orchestrates more than 100 specialized AI agents across an ensemble of frontier and distilled models. Microsoft says the agents discover, debate, and prove exploitable bugs end to end, which is the part security teams usually have to do manually.
Microsoft said the system found all 21 planted vulnerabilities on a private test driver with zero false positives. It also reached 96% recall against five years of confirmed Microsoft Security Response Center cases in clfs.sys and 100% recall in tcpip.sys. Those numbers suggest the harness is doing more than flagging suspicious code paths; it is catching the bugs researchers actually care about.
CyberGym score 88.45
On the public CyberGym benchmark of 1,507 real-world vulnerabilities, MDASH scored 88.45%. Microsoft said that was the top score on the leaderboard. It said the result was roughly five points ahead of the next entry. That gap matters because it puts the system ahead on a public test, not just in an internal demo.
The findings came from close collaboration between ACS and Microsoft Windows Attack Research and Protection. Microsoft said the ACS team was assembled to move AI-powered vulnerability research from a research curiosity to production engineering at enterprise scale. Several team members previously worked on Team Atlanta, which won the $29.5 million DARPA AI Cyber Challenge.
Private preview at Microsoft
Codename MDASH is already being used by Microsoft security engineering teams. A small set of customers is also testing it in a limited private preview. The open question is pricing for wider access, because Microsoft has not said what the broader rollout will cost or when that private preview will expand.
