MDASH is Microsoft’s new ‘agentic security system’ for discovering software vulnerabilities
MDASH is Microsoft’s new ‘agentic security system’ for discovering software vulnerabilities
Publish Date: 2026-05-14 11:57:00
Source Domain: tech.yahoo.com
Using an unordered list, summarize the following article with between 4 and 8 key points. There are plenty of fears of AI being used to exploit software vulnerabilities as it becomes more capable, but it also has the potential to be used in a defensive capacity. Microsoft is exploring this area of AI use by introducing MDASH — short for multi-model agentic scanning harness — this week, a new agentic security system that it says has already discovered 16 vulnerabilities across the Windows networking and authentication stack.Microsoft says the system coordinates more than 100 AI agents to hunt down exploitable bugs, and it’s proven pretty capable so far. Built by Microsoft’s Autonomous Code Security team, the system tops the industry’s CyberGym benchmark for finding 1,507 real-world vulnerabilities. It also found 21 of 21 planted vulnerabilities in a private test driver with zero false positives, Microsoft says.“The strategic implication is clear: AI vulnerability discovery has crossed from research curiosity into production-grade defense at enterprise scale, and the durable advantage lies in the agentic system around the model rather than any single model itself,” Microsoft’s VP of agentic security, Taesoo Kim, said in a blog post covering MDASH. “Codename MDASH is being used by Microsoft security engineering teams and tested by a small set of customers as part of a limited private preview.”AdvertisementAdvertisementMDASH comes a little over a month since AI firm Anthropic announced Claude Mythos, an AI model that spooked the cybersecurity world by finding vulnerabilities in every major browser and operating system. Those capabilities led Anthropic to hold the model back from the public, instead launching it in preview for major tech companies and security researchers. They’re using the model as part of what Anthropic dubbed Project Glasswing, an effort to understand the security implications of powerful AI models and patch critical vulnerabilities before similar capabilities start popping up in publicly available models.
