Microsoft Unveils MDASH Agentic AI for Vulnerability Discovery

Microsoft has unveiled MDASH (Microsoft Security multi-model agentic scanning harness), an agentic AI system that orchestrates over 100 specialized models to autonomously discover, debate, and prove exploitable bugs—identifying 16 vulnerabilities in this week's Patch Tuesday updates and achieving perfect detection of all 21 planted bugs with zero false positives in controlled tests.

In benchmark evaluations, MDASH demonstrated a 96% recall rate on five years of Microsoft Security Response Center (MSRC) cases for the clfs.sys driver and a perfect 100% recall for tcpip.sys. The system also scored 88.45% on the CyberGym benchmark, leading the leaderboard by nearly five percentage points over competitors. Microsoft VP Taesoo Kim emphasized that this approach shifts AI vulnerability discovery from mere speculation into a rigorous engineering problem, capable of scaling across massive codebases such as Windows and Azure. By harmonizing specialized AI agents that debate and prove exploitability, MDASH transforms patch analysis into a repeatable, high-confidence process—potentially reshaping how enterprise security teams prioritize and remediate critical flaws.