Microsoft’s MDASH AI System Finds 16 Windows Flaws Fixed in Patch Tuesday
Microsoft’s MDASH AI System Finds 16 Windows Flaws Fixed in Patch Tuesday
https://thehackernews.com/2026/05/microsofts-mdash-ai-system-finds-16.html
Publish Date: 2026-05-13 09:46:00
Source Domain: thehackernews.com
-
Microsoft Unveils MDASH: Microsoft has introduced MDASH (multi-model agentic scanning harness), a new AI-driven system designed to enhance vulnerability discovery and remediation on a large scale.
-
Agents and Models: MDASH orchestrates more than 100 specialized AI agents across multiple models to autonomously discover, validate, and prove exploitable defects in complex codebases such as Windows.
-
Structured Pipeline: The system operates through a series of steps: analyzing the code to build threat models, flagging potential issues with auditor agents, validating findings with debater agents, grouping similar findings, and proving vulnerabilities.
-
Model Configuration: MDASH utilizes a mix of state-of-the-art (SOTA) and distilled models, with SOTA models for reasoning and validation using high-volume passes, and an independent SOTA model for independent counterpoint. Disagreement between models enhances finding credibility.
-
Real-World Testing: MDASH has been tested by some customers and has discovered 16 vulnerabilities, including two critical flaws that could enable remote code execution within Windows networking and authentication.
-
Vulnerabilities Uncovered: Among the identified flaws are CVE-2026-33824 (a double-free vulnerability in “ikeext.dll”) and CVE-2026-33827 (a race condition in Windows TCP/IP), both of which carry high CVSS scores and pose remote code execution risks.
-
Industry Context: The introduction of MDASH fits within the broader trend of AI-powered cybersecurity initiatives, including competitors from Anthropic and OpenAI, emphasizing the importance of AI-based agentic systems in enterprise defenses.
