Microsoft announced a new multi-model artificial intelligence (AI)-powered system called MDASH that facilitates the discovery and remediation of vulnerabilities at scale, adding that it is being tested by some customers as part of a limited private preview.
MDASH (short for Multi-Model Agent Scanning Harness) is designed as a model-agnostic system that autonomously discovers, verifies, and proves exploitable flaws in complex codebases like Windows using AI agents customized for different vulnerability classes.
“Unlike single-model approaches, this harness orchestrates more than 100 specialized AI agents across an ensemble of frontier and extracted models to discover, discuss, and prove exploitable bugs end-to-end,” said Taesoo Kim, vice president of Microsoft Agent Security.
MDASH is envisioned as a “structured pipeline” that ingests a codebase and produces verified and proven results through a series of actions.
It starts by analyzing the source code to build a threat model and attack surface, runs specialized “audit” agents on candidate code paths to flag potential issues, runs a second set of “debater” agents to validate the results, groups semantically equivalent results, and finally proves the existence of a vulnerability.
The system utilizes a panel of configurable models, with a state-of-the-art (SOTA) model used for inference, a distilled model used for bulk path validation, and a second separate SOTA model for independent counterpoints.
“A discrepancy between models is itself a signal. When an auditor flags something as questionable and a debater can’t refute it, the post-hoc reliability of the results increases,” Microsoft explained. “Auditors do not reason like debaters, and auditors do not reason like provers. Each stage of the pipeline has its own roles, prompt regimes, tools, and stopping criteria.”
Redmond pointed out that specialized agents are built on past common vulnerabilities and exposures (CVEs) and their patches. He also said that this architecture enables portability between model generations.
MDASH has already been tested and found 16 vulnerabilities that were fixed in this month’s Patch Tuesday release. The shortcomings extend to the Windows networking and authentication stack, which contains two critical flaws that could pave the way for remote code execution.
CVE-2026-33824 (CVSS Score: 9.8) – A double-free vulnerability in “ikeext.dll” could allow an unauthenticated attacker to send a specially crafted packet to a Windows machine that has Internet Key Exchange (IKE) version 2 enabled, resulting in remote code execution. CVE-2026-33827 (CVSS Score: 8.1) – A race condition vulnerability in Windows TCP/IP (‘tcpip.sys’) could allow an unauthorized attacker to send specially crafted IPv6 packets to an IPSec-enabled Windows node, leading to remote code execution exploits.
The MDASH news comes on the heels of the debut of Anthropic’s Project Glasswing and OpenAI Daybreak. Both are AI-powered cybersecurity initiatives to accelerate the discovery, verification, and remediation of vulnerabilities before they are discovered by malicious actors.
“The strategic implications are clear: AI vulnerability discovery has moved from research curiosity to production-level protection at the enterprise scale. The lasting benefit lies in the agent system around the model, not the single model itself,” Kim said.
Source link
