Microsoft unveiled MDASH, a multi‑model AI harness that autonomously discovers, validates and proves vulnerabilities. In its private preview the system identified 16 bugs patched in the latest Windows update, including two critical remote‑code‑execution flaws.
Microsoft’s MDASH AI System Spots 16 Windows Flaws Fixed in Patch Tuesday
Microsoft announced a new AI‑driven platform called MDASH (Multi‑Model Agentic Scanning Harness) that aims to scale vulnerability discovery across massive codebases such as Windows. The system is already being evaluated by a handful of customers in a limited private preview.
Why MDASH matters
Taesoo Kim, Microsoft’s Vice President of Agentic Security, explains that traditional single‑model approaches struggle with the breadth and depth of modern operating‑system code. MDASH “orchestrates more than 100 specialized AI agents across an ensemble of frontier and distilled models to discover, debate, and prove exploitable bugs end‑to‑end.”
The key insight is model disagreement as a credibility signal. When an “auditor” agent flags a suspect code path and a “debater” agent cannot refute it, the finding’s posterior probability rises, prompting the system to allocate more resources to prove the issue.
How the pipeline works
- Ingestion & threat modeling – The codebase is parsed and an attack‑surface map is generated.
- Auditor agents – Over 60 purpose‑built agents scan candidate paths (e.g., memory handling, network parsing) and raise preliminary alerts.
- Debater agents – A second set of agents challenges each alert, using a different reasoning model to test the hypothesis.
- Semantic clustering – Findings that are essentially the same are grouped, reducing duplication.
- Prover agents – A high‑fidelity SOTA model attempts to construct a working exploit or a proof‑of‑concept, confirming true exploitability.
Each stage runs with its own prompt regime, toolset, and stop criteria, allowing the harness to balance speed (distilled models) with depth (frontier models).
Real‑world results: 16 bugs uncovered
During the preview, MDASH identified 16 vulnerabilities that were later fixed in the May 2026 Patch Tuesday release. The most critical among them are:
| CVE | CVSS | Component | Impact |
|---|---|---|---|
| CVE‑2026‑33824 | 9.8 | ikeext.dll (IKEv2) |
Double‑free leading to unauthenticated remote code execution |
| CVE‑2026‑33827 | 8.1 | tcpip.sys (IPv6/IPSec) |
Race condition that enables RCE via crafted IPv6 packets |
Both flaws sit in the Windows networking and authentication stack, a historically high‑value attack surface. The remaining findings span privilege‑escalation paths in the LSASS process, improper input validation in the SMB driver, and a use‑after‑free in the Windows Credential Guard module.
How MDASH compares to other AI security projects
Anthropic’s Project Glasswing and OpenAI’s Daybreak are also pushing AI‑assisted vulnerability research, but they focus primarily on large‑language‑model (LLM) code review and suggestion. MDASH differentiates itself by embedding multiple model types into a structured, agentic workflow that moves beyond static analysis to active exploitation proof.
“The strategic implication is clear: AI vulnerability discovery has crossed from research curiosity into production‑grade defense at enterprise scale, and the durable advantage lies in the agentic system around the model rather than any single model itself,” Kim said.
Practical takeaways for security teams
- Expect AI‑generated findings to be more actionable – Because MDASH proves exploits, the output includes PoC code or detailed reproduction steps, cutting the time security engineers spend on triage.
- Integrate MDASH into CI/CD pipelines – Microsoft recommends feeding the harness early in the build process, allowing developers to remediate issues before they ship.
- Treat model disagreement as a risk indicator – Findings with high auditor‑debater disagreement should be prioritized for manual review.
- Plan for model updates – The harness is model‑agnostic; as newer foundation models become available, organizations can swap them in without redesigning the pipeline.
What this means for Windows users
The two critical CVEs were patched in the May 2026 update, so applying the latest Windows patches remains the fastest way to mitigate risk. Enterprises should also consider defense‑in‑depth measures such as:
- Enforcing strict network segmentation to limit exposure of IKEv2 endpoints.
- Disabling IPv6 on systems that do not require it, or applying IPSec policies that restrict unauthenticated traffic.
- Monitoring for anomalous traffic patterns that could indicate exploitation attempts against
ikeext.dllortcpip.sys.
Looking ahead
Microsoft plans to expand MDASH beyond Windows, targeting Azure services, Microsoft 365, and eventually third‑party codebases via a SaaS offering. The company also hinted at a partner program that will let security vendors plug their own specialist agents into the harness, creating a marketplace of AI‑driven vulnerability expertise.
For organizations interested in early access, Microsoft is opening a limited private preview later this quarter. Sign‑up details will be posted on the official MDASH preview page.
Stay tuned for more coverage of AI‑enhanced security tools and the latest vulnerability disclosures.
Comments
Please log in or register to join the discussion