Microsoft says its AI security swarm found 16 Windows flaws, including four critical RCE bugs

Microsoft says its new multi-model agentic security system, codenamed MDASH, helped its researchers find 16 new vulnerabilities in the Windows networking and authentication stack. Four of those flaws are critical remote code execution bugs. The announcement, published on the Microsoft Security Blog, frames the automated findings as evidence that agent-driven security tools are moving from experimental research into operational vulnerability discovery.

The Details

MDASH operates by orchestrating more than 100 specialized AI agents that work across both frontier and distilled models. According to Microsoft, these agents are designed to discover, debate, and validate exploitable bugs end-to-end, creating a workflow that spans identification through confirmation rather than simply flagging potential anomalies.

Microsoft tested MDASH against several benchmarks with published results. In a private assessment on a Windows driver called StorageDrive that contained 21 intentionally injected vulnerabilities, the system found all 21 and produced zero false positives. The company also measured MDASH against five years of confirmed MSRC vulnerabilities in the clfs.sys driver, where it achieved 96% recall, and in the tcpip.sys driver, where it reached 100% recall. On the public CyberGym benchmark, MDASH scored 88.45%.

The MDASH announcement arrived alongside Microsoft's May 2026 Patch Tuesday release. Independent coverage of that update cycle reported more than 120 CVE-numbered fixes. In separate security assessments, the Zero Day Initiative highlighted Windows DNS Client RCE CVE-2026-41096 and Windows Netlogon RCE CVE-2026-41089 as among the most urgent fixes in the release because both can be exploited remotely without authentication. Dustin Childs of the Zero Day Initiative warned that "An attacker with a position to influence DNS responses (MitM, rogue server) could achieve unauthenticated RCE across your enterprise." Help Net Security also singled out remotely exploitable Windows flaws such as Netlogon and DNS Client bugs for prioritization in its Patch Tuesday coverage.

Microsoft emphasized that MDASH discovered the 16 vulnerabilities in the Windows networking and authentication stack, though the company did not publish a complete list mapping each flaw to an individual CVE identifier.

Context

Microsoft said MDASH is already in use by its internal security engineering teams and is available in limited private preview to some external customers. The system represents an addition to the expanding set of AI-powered security tools that major software vendors are deploying to detect flaws before they reach public release channels.

The announcement lands at a moment when vendors and researchers are increasingly publicizing AI-assisted vulnerability discovery. The competitive narrative has shifted toward whether agent-based systems can consistently find exploitable bugs at enterprise scale, rather than treating automated discovery as a research novelty.

Microsoft positioned the development as a transition point in how security teams approach vulnerability detection. The company cited Taesoo Kim, who stated that "AI vulnerability discovery has crossed from research curiosity into production-grade defense at enterprise scale, and the durable advantage lies in the agentic system around the model rather than any single model itself." That framing suggests Microsoft's strategic bet is on the orchestration layer—the multi-agent debate and validation pipeline—rather than relying on any single model's output.

The broader security landscape continues to see high volumes of disclosed Windows vulnerabilities. Microsoft's May Patch Tuesday alone contained more than 120 CVE-numbered fixes, underscoring the volume of issues the company's security teams must triage and remediate on a monthly basis.

What's Next

Microsoft has not announced a general availability date for MDASH beyond the current limited private preview. The company said it is already using the system internally, which implies the next phase will likely involve expanding access to additional customers before a broader release.

The durability of MDASH's benchmark results in live operational environments remains an open question. The system achieved perfect detection on an injected-vulnerability test and strong recall on historical MSRC data, but sustained performance against continuously updated production code with novel flaws will test whether the multi-agent architecture can avoid the false positives and missed detections that have limited earlier automated tools.

For enterprise security teams, the near-term significance is the confirmation that AI-assisted tools are increasingly embedded in the vulnerability discovery workflows of major vendors. Microsoft's disclosure that MDASH found 16 Windows flaws, including four critical remote code execution bugs, adds a concrete data point to discussions about automated security research. Whether agentic systems can scale reliably across diverse codebases, and whether they can operate with the same precision outside controlled benchmarks, will likely determine how quickly such tools move from vendor internal use to standard practice in the broader security industry.