The smartest human team will not outsmart AI when it comes to finding bugs. Microsoft MDASH is working on bugs that haven’t been found by any of the human teams.
Microsoft MDASH (Multi-Model Agentic Scanning Harness) is not a chatbot or a security copilot, but it was unveiled at Build 2026. It’s a closed AI pipeline that runs 100+ discrete agents to find, validate, and surface vulnerable issues in enterprise codebases and delivers its findings in Microsoft Defender. Before Build 2026, MDASH had found 16 previously unknown Windows security bugs, four of which were critical remote-code-execution problems. All the bugs were fixed in the May 2026 Patch Tuesday update.
MDASH from Microsoft is an AI-powered security bug discovery system that leverages more than 100 domain-specific agents in a 5-stage pipeline to find real, exploitable vulnerabilities in large codebases.
The word real is the one to focus on. Static analyzers are hardcoded rule sets. They cannot perform cross-file dataflow analysis, traverse execution paths, or determine whether a bug is truly exploitable. MDASH can do all three.
The system is the product, according to Taesoo Kim, VP of Microsoft’s Agentic Security division. MDASH was built by the Microsoft Autonomous Code Security team, many of whose developers came from Team Atlanta at Georgia Tech, which won the DARPA AI Cyber Challenge in 2024.
Discover how Threatcop protects your workforce from modern cyber threats.
Microsoft MDASH runs each codebase through five stages, with different agents handling different roles at each one.
Stage 1: Prepare. The system ingests source code, builds language-sensitive indexes, and maps the attack surface by analyzing commit history.
Stage 2: Scan. Auditor agents traverse candidate code paths and report their findings. Each finding includes a hypothesis and supporting evidence, not a pattern match.
Stage 3: Validate. Debater agents try to disprove each finding by testing whether the flaw is actually reachable. If they can’t shoot it down, the finding gains credibility. Disagreement is treated as a signal.
Stage 4: Dedup. When two or more semantically identical findings come up, they are grouped into a single report, making it easier for the analyst to review.
Stage 5: Prove. The system generates a working proof-of-concept that triggers the bug. AddressSanitizer is used to confirm it in the C and C++ world. A human is only alerted once exploitability is proven.
This is where Microsoft’s agentic AI approach becomes significant. Single-model scanners handle one task at a time and routinely miss cross-file bugs. MDASH auditor agents are built to detect those patterns, and the debater cohort ensures findings cannot be dismissed.
In May 2026, MDASH found 16 new vulnerabilities in the Windows networking and authentication stack. Four were identified as critical.
The most severe was CVE-2026-33827, a CVSS 8.1 use-after-free in tcpip.sys that could be triggered remotely with no authentication required, just by sending malformed IPv4 packets. CVE-2026-33824 is a CVSS 9.8 double-free in the IKEEXT service that spanned six source files and could not have been identified by analyzing any one of them individually. It can be triggered by an unauthenticated attacker over UDP port 500, exactly the kind of flaw that standard tools walk past.
In an internal test, MDASH identified all 21 vulnerabilities with zero false positives.
On the CyberGym benchmark, which covers 1,507 real-world tasks from 188 open-source projects, MDASH scored 88.45%. By Build 2026, that had risen to 96.55%, roughly a 10-point jump in under three weeks. On retrospective tests against pre-patch Windows components, it hit 96% recall for confirmed MSRC cases in clfs.sys over five years and 100% for tcpip.sys.
Production risk indicators, such as internet exposure and data sensitivity, are automatically imported into the Microsoft Defender Portal from validated MDASH results. Security teams keep using the same user interface for prioritization.
Meanwhile, GitHub Copilot Autofix makes remediations based on the MDASH findings verified in the GitHub workflow. Developers are given the fix in their editor without switching to another tool. Role-based access control mechanisms keep the vulnerability details confidential until the patch is made public.
First MDASH locates and verifies the bug, then Defender puts it on the priority list, and finally, Copilot Autofix prepares the patch.
This Microsoft security news marks one of the biggest shifts in enterprise defense in recent years. AI is no longer just helping analysts. It’s analyzing, presenting results, and generating proof-of-concept exploits before a human ever sees the alert.
It cuts both ways. Defensively, MDASH can locate vulnerabilities much more quickly than even the best human teams. Then again, malicious actors are also building similar pipelines. In its 2025 Digital Defense Report, Microsoft highlighted that state-sponsored hackers are using AI not only to speed up their vulnerability identification but also to carry out larger-scale attacks.
This latest AI innovation from Microsoft means the attacker-defender speed gap is quietly getting smaller. MDASH is designed to close that gap from the inside out.
MDASH finds and validates vulnerabilities in code. It does not protect against employees who click phishing links, forward infected attachments, or hand over credentials on a convincing phone call.
Both exposures exist in parallel. An AI vulnerability scanner reduces exposure at the code level but does nothing at the human layer. A team that secures one door and leaves the other open is still exposed.
As part of this Microsoft announcement, it is worth noting that tools like MDASH only operate at the code layer. The human layer needs its own defense. Threatcop’s security awareness training platform is built for that. It simulates phishing, vishing, smishing, and ransomware attacks, measures each employee’s likelihood of falling for them, and uses AI-driven reports to flag the highest-risk areas before attackers get there first.
Code security and a trained workforce protect two different attack surfaces. You need both.
Microsoft announced MDASH on May 12, 2026. The expanded preview with native support in the Microsoft Defender Portal and GitHub Code Security launched at Microsoft Build 2026 on June 2, 2026.
Rather than relying on pattern matching, the five-stage Microsoft MDASH pipeline uses agents that scan, debate, deduplicate, and assess exploitability. It catches bugs that span multiple files and only surfaces findings it can back up with a working proof-of-concept.
As of June 2026, MDASH is in expanded preview for qualified organizations through Microsoft's security programs. No general availability date has been announced.
No. MDASH addresses vulnerabilities at the code level. Human-layer attacks such as phishing, vishing, and social engineering target people, not code, and those need a separate layer of defense through security awareness training.
Yes. The pipeline can work with any AI model. If a better option becomes available, it gets swapped in for that stage. All domain plugins, scope files, and calibrations carry over.
Your CFO just requested that you provide the security awareness training budget by EOD. You open your browser, find...
Enterprises in Dubai allocate substantial budgets to security technology, including firewalls, endpoint protection, and email filtering. Despite this investment,...
In September 2023, the Rhysida ransomware gang targeted the Ministry of Finance in Kuwait. The attack started on September...