– MDASH (Multi-model Agentic Scanning Harness) found 16 Windows vulnerabilities (4 critical RCEs) before attackers; all patched on May 12 Patch Tuesday; uses 100+ specialized agents and human verification.
– The four critical flaws include CVE-2026-33827 (tcpip.sys, crafted IPv4) and CVE-2026-33824 (IKEEXT, pre-auth RCE over UDP 500); plus two 9.8 CVSS flaws in Netlogon and Windows DNS Client; most flaws were network-reachable without credentials.
– MDASH is model-agnostic and goes beyond traditional scanners by multi-file, multi-path reasoning with verification steps before human review; demonstrated strong performance in CyberGym and private testing (0 false positives in StorageDrive; 96–100% recall on MSRC-related code).
– It’s in limited private preview with enterprise customers, with broader availability expected in coming months, part of a broader AI-driven defense/offense race among major players.
Microsoft has a new AI system that hunts for Windows vulnerabilities, and it just proved its worth. The system, codenamed MDASH, found 16 security flaws in Windows before any attacker could get to them, including four critical remote code execution bugs that could have handed unauthenticated attackers a straight line into enterprise networks. All 16 were patched in the May 12 Patch Tuesday. Satya Nadella posted about it on X the next day.
MDASH’s modular, multi-model approach
MDASH stands for Multi-model Agentic Scanning Harness. Microsoft’s Autonomous Code Security team built it, with several members coming from Team Atlanta, the group that won the $29.5 million DARPA AI Cyber Challenge. It does not work like a traditional scanner or a single AI model reviewing code. It runs more than 100 specialized agents across a mix of frontier and distilled models, each one assigned a specific job: some look for flaws, others challenge whether the finding is real, and a final stage tries to build inputs that prove the bug is actually exploitable. Only then does a human engineer see the result.
The 16 vulnerabilities and critical flaws
The 16 vulnerabilities are spread across the Windows TCP/IP stack, the IKEEXT IPsec service, and HTTP.sys, Netlogon, Windows DNS, and the Telnet client. Ten were kernel-mode. Most were reachable over the network without any credentials. Two of the four critical flaws stand out. CVE-2026-33827 lives in tcpip.sys and is triggered by crafted IPv4 packets. CVE-2026-33824 is a pre-authentication double-free in the IKEEXT service, reachable over UDP port 500 on machines running RRAS VPN, DirectAccess, or Always-On VPN. Both yield LocalSystem execution. Two more critical flaws in Netlogon and the Windows DNS Client each carried CVSS scores of 9.8.
Microsoft says these were not bugs that a standard scanner would surface. The tcpip.sys flaw required reasoning across three concurrent code paths, all freeing the same object. The IKEEXT issue spanned six source files. That kind of multi-file, multi-path analysis is exactly where single-model approaches fall apart.
Performance, testing and notable results
MDASH scored 88.45% on CyberGym, a UC Berkeley benchmark built around 1,507 real-world vulnerability reproduction tasks. That put it at the top of the public leaderboard. Anthropic’s Mythos Preview model scored 83.1%. OpenAI’s GPT-5.5 scored 81.8%. In private testing against a Windows driver codebase called StorageDrive that had never been publicly released, MDASH found all 21 planted vulnerabilities with zero false positives. Against five years of confirmed MSRC cases in clfs.sys and tcpip.sys, it hit 96% and 100% recall.
The system is model-agnostic. Microsoft can swap the underlying models as newer ones arrive without rebuilding the pipeline. MDASH is currently in limited private preview with a small group of enterprise customers. Broader availability is expected in the months ahead. The announcement follows Anthropic’s Project Glasswing and OpenAI’s Daybreak initiative, both running similar programs behind narrow access gates. All three are racing to find exploitable flaws before attackers do, and the gap between AI-powered defense and AI-powered offense is narrowing fast.
Outlook and comparison
The other side of that race is already underway. The broader landscape includes efforts like these programs from major AI labs, all aiming to find exploitable flaws before attackers do. MDASH is designed to adapt as newer models arrive, and its private-preview status suggests Microsoft intends to bring it to more enterprises soon. In the meantime, the field remains highly competitive, with performance metrics evolving as more vulnerabilities are discovered and reproduced across real-world targets.