Microsoft’s MDASH finds 16 Windows flaws

Microsoft’s MDASH AI found 16 Windows vulnerabilities, including four critical remote code execution flaws.

Microsoft says its new AI-driven security system, codenamed MDASH, found 16 previously unknown Windows vulnerabilities and helped patch them in the company’s May 12 Patch Tuesday release. Four of those bugs were rated critical, and the platform will enter private preview for enterprise customers in June.

The headline number matters, but the details matter more: Microsoft is pitching MDASH as a system that can chain together more than 100 AI agents, validate findings, and reproduce bugs before a human engineer ever sees them. That puts the product in a different category from a simple scanner or fuzzing tool.

What MDASH actually found

Microsoft said the four critical flaws touched core Windows components that show up all over enterprise environments. One was CVE-2026-33827, a remote unauthenticated use-after-free bug in the Windows IPv4 stack that could be triggered through specially crafted packets. Another was CVE-2026-33824, a pre-authentication double-free in the IKEEXT service that affects RRAS VPN, DirectAccess, and Always-On VPN deployments.

The other two critical issues hit Netlogon and the Windows DNS Client, and both carried CVSS scores of 9.8. The remaining 12 issues were rated Important and included denial-of-service, privilege-escalation, information disclosure, and security feature bypass bugs across components such as tcpip.sys, http.sys, ikeext.dll, and telnet.exe.

• 16 total flaws were found in Windows components
• 4 were classified as critical remote code execution issues
• 2 critical bugs scored 9.8 on CVSS
• 12 others were rated Important

Microsoft’s agentic setup is the real story

MDASH is more interesting than the vulnerabilities it found. Microsoft says the system coordinates more than 100 specialized AI agents across frontier and distilled models, with each agent handling a narrow step in the discovery process. Some agents scan source code, others check whether a finding is real, and another stage tries to build inputs that can reproduce the issue.

That workflow is why Microsoft’s own framing matters. Taesoo Kim, Microsoft vice president for agentic security, wrote in the company blog, “The model is one input. The system is the product.” That line gets at the shift here: the value is in orchestration, validation, and human review, not in a single model score.

“The model is one input. The system is the product.” — Taesoo Kim, Microsoft vice president for agentic security

Microsoft also said the architecture is model-agnostic, which means it can swap out underlying AI models without rebuilding the entire pipeline. That matters in a field where model quality changes fast and vendor strategies shift even faster.

The timing is also notable. Microsoft disclosed MDASH only weeks after announcing Project Glasswing, a separate effort with Anthropic and others to test AI-based vulnerability discovery using Claude Mythos Preview. If you are watching the security market, this is Microsoft building multiple paths into the same space.

Benchmarks help, but they are not the whole story

Microsoft published a few numbers to show MDASH is more than a demo. The company said the system found all 21 deliberately planted vulnerabilities in an internal Windows test driver without false positives. It also said MDASH recovered nearly all historical Microsoft Security Response Center cases when tested against older component snapshots.

On the public CyberGym benchmark for vulnerability reproduction tasks, Microsoft said MDASH scored 88.45%, which put it at the top of the public leaderboard at the time of publication. That is a strong result, but a leaderboard score is still a benchmark score, not proof that a tool will improve an enterprise’s real-world security posture.

• 21 planted vulnerabilities found in Microsoft’s internal test driver
• 0 false positives in that internal test
• 88.45% CyberGym score on reproduction tasks
• Nearly all historical MSRC cases recovered in older snapshots

Sanchit Vir Gogia, chief analyst at Greyhound Research, said Microsoft is now operating across several roles at once: platform owner, security vendor, AI infrastructure player, OpenAI partner, Mythos integrator, and agentic security supplier. That is a strong position for Microsoft, and it also raises questions about concentration of influence in security tooling.

Sunil Varkey, advisor at Beagle Security, framed the announcement as part of an AI-versus-AI race. His point is simple: attackers are already using AI to move faster, so defenders need systems that can discover, validate, and fix issues at machine speed instead of waiting for the next scheduled scan.

What security teams should take from this

For enterprise defenders, MDASH points toward a different vulnerability-management model. The old pattern was periodic scanning, manual triage, and a patch window that often lagged behind attacker activity. Microsoft is arguing for continuous discovery with AI agents doing the first pass, humans reviewing the output, and remediation happening faster.

The catch is governance. A tool that finds bugs quickly can also create noise, duplicate work, or false confidence if the organization does not have a clean process for validation and patching. Gogia put it bluntly: “Discovery without remediation discipline is theatre.”

That is the right way to read MDASH. If Microsoft opens private preview next month as planned, the first question for security teams should be whether the system shortens time-to-fix in real environments, not whether it tops a benchmark chart. The second question is whether similar agentic systems can be trusted to work across complex enterprise codebases without creating another pile of alerts to sort through.

My bet: the companies that get real value from systems like MDASH will be the ones that wire them directly into patch triage, exploit validation, and change management. Everyone else will just get a faster way to produce findings.