Microsoft Unveils MDASH After It Found 16 Windows Flaws, Including 4 Critical RCE Bugs
Updated
Updated · Microsoft · May 12
Microsoft Unveils MDASH After It Found 16 Windows Flaws, Including 4 Critical RCE Bugs
3 articles · Updated · Microsoft · May 12
16 newly disclosed Windows vulnerabilities in May Patch Tuesday were found with Microsoft’s new MDASH system, including four critical remote-code-execution flaws in tcpip.sys, ikeext.dll, dnsapi.dll and other networking components.
More than 100 specialized AI agents power MDASH’s pipeline—prepare, scan, validate, dedup and prove—letting it debate and verify bugs end to end rather than relying on a single model.
21 of 21 planted bugs were detected with zero false positives in Microsoft’s private StorageDrive test; the system also posted 96% recall on five years of clfs.sys MSRC cases and 100% on tcpip.sys.
88.45% on the 1,507-task CyberGym benchmark put MDASH about 5 points ahead of the next published score, while Microsoft said the tool is already used internally and in a limited private preview for customers.
The company framed the release as evidence that AI bug hunting has moved from research to production-scale defense, with the durable edge coming from the agentic harness around the models.
Can AI truly secure our code when AI itself is a growing source of new software vulnerabilities?
With AI automating vulnerability hunting, what is the future role for human cybersecurity experts?
As autonomous AI agents defend our systems, what stops them from being turned into weapons by adversaries?
Microsoft Unveils MDASH AI, Identifies 72% of Critical Flaws in May 2026 Patch Tuesday
Overview
On May 12, 2026, Microsoft released its Patch Tuesday updates, marking the start of a new era in AI-powered security with the formal unveiling of MDASH, the Dynamic AI Security Heuristic system. MDASH is a groundbreaking platform designed to proactively identify and mitigate software vulnerabilities, representing years of investment in advanced machine learning and threat analysis. Its introduction aims to significantly improve vulnerability discovery and threat intelligence across Microsoft’s ecosystem. This month, MDASH played a major role by discovering most of the critical vulnerabilities addressed, highlighting its immediate impact on strengthening cybersecurity.