<\/span><\/h2>\n\n\n\nMDASH from Microsoft is an AI-powered security bug discovery system that leverages more than 100 domain-specific agents in a 5-stage pipeline to find real, exploitable vulnerabilities in large codebases.<\/p>\n\n\n\n
The word real is the one to focus on. Static analyzers are hardcoded rule sets. They cannot perform cross-file dataflow analysis, traverse execution paths, or determine whether a bug is truly exploitable. MDASH can do all three.<\/p>\n\n\n\n
The system is the product, according to Taesoo Kim, VP of Microsoft’s Agentic Security division. MDASH was built by the Microsoft Autonomous Code Security team, many of whose developers came from Team Atlanta at Georgia Tech, which won the DARPA AI Cyber Challenge in 2024.<\/p>\n\n\n\n\n \n
Threatcop \u2013 Book a Free Demo<\/title>\n <link href=\"https:\/\/fonts.googleapis.com\/css2?family=Outfit:wght@300;400;500;600;700&display=swap\" rel=\"stylesheet\">\n <style>\n .tc-wrap *, .tc-wrap *::before, .tc-wrap *::after { box-sizing: border-box; margin: 0; padding: 0; }\n\n .tc-wrap {\n font-family: 'Outfit', sans-serif;\n width: 100%;\n display: flex;\n justify-content: center;\n padding: 20px 10px;\n }\n\n .tc-card {\n width: 100%;\n max-width: 820px;\n background: #fff;\n border-radius: 20px;\n overflow: hidden;\n box-shadow: 0 20px 60px rgba(24,57,148,0.13), 0 4px 16px rgba(24,57,148,0.07);\n display: flex;\n flex-direction: row;\n }\n\n \/* Left Panel *\/\n .tc-left {\n background: linear-gradient(160deg, #1e44b0 0%, #183994 40%, #0e2570 100%);\n width: 320px;\n flex-shrink: 0;\n padding: 40px 32px;\n display: flex;\n flex-direction: column;\n justify-content: center;\n position: relative;\n overflow: hidden;\n }\n\n .tc-left::before {\n content: '';\n position: absolute;\n inset: 0;\n background-image: radial-gradient(rgba(255,255,255,0.08) 1.5px, transparent 1.5px);\n background-size: 22px 22px;\n }\n\n .tc-left::after {\n content: '';\n position: absolute;\n bottom: -60px;\n right: -60px;\n width: 220px;\n height: 220px;\n background: radial-gradient(circle, rgba(99,179,255,0.22) 0%, transparent 65%);\n border-radius: 50%;\n pointer-events: none;\n }\n\n .tc-panel-inner {\n position: relative;\n z-index: 1;\n }\n\n .tc-badge {\n display: inline-flex !important;\n align-items: center !important;\n gap: 6px;\n background: rgba(255,255,255,0.1) !important;\n border: 1px solid rgba(255,255,255,0.18) !important;\n border-radius: 20px !important;\n padding: 4px 14px 4px 10px !important;\n font-size: 12.5px !important;\n font-weight: 600 !important;\n letter-spacing: .09em !important;\n text-transform: uppercase !important;\n color: rgba(255,255,255,0.85) !important;\n margin-bottom: 18px !important;\n font-family: 'Outfit', sans-serif !important;\n line-height: 1.4 !important;\n }\n\n .tc-badge-dot {\n width: 6px;\n height: 6px;\n background: #5cd9a0;\n border-radius: 50%;\n box-shadow: 0 0 6px #5cd9a0;\n flex-shrink: 0;\n display: inline-block;\n }\n\n \/* Force white on ALL elements inside tc-left *\/\n .tc-left h1,\n .tc-left h2,\n .tc-left h3,\n .tc-left h4,\n .tc-left h5,\n .tc-left h6 {\n color: #ffffff !important;\n font-family: 'Outfit', sans-serif !important;\n font-size: 28px !important;\n font-weight: 700 !important;\n line-height: 1.35 !important;\n letter-spacing: -0.3px !important;\n margin: 0 !important;\n padding: 0 !important;\n background: none !important;\n -webkit-text-fill-color: #ffffff !important;\n }\n\n .tc-left h2 em {\n font-style: normal !important;\n color: #7ec8ff !important;\n -webkit-text-fill-color: #7ec8ff !important;\n }\n\n .tc-left p,\n .tc-left .tc-sub {\n color: rgba(255,255,255,0.78) !important;\n -webkit-text-fill-color: rgba(255,255,255,0.78) !important;\n font-family: 'Outfit', sans-serif !important;\n font-size: 14px !important;\n font-weight: 300 !important;\n line-height: 1.65 !important;\n margin-top: 12px !important;\n background: none !important;\n }\n\n \/* Right Panel *\/\n .tc-right {\n flex: 1;\n padding: 32px 32px 28px;\n display: flex;\n flex-direction: column;\n justify-content: center;\n }\n\n .tc-form-title {\n font-size: 13px !important;\n font-weight: 600 !important;\n letter-spacing: .12em;\n text-transform: uppercase;\n color: #8fa4cc !important;\n margin-bottom: 20px !important;\n display: flex !important;\n align-items: center !important;\n gap: 10px;\n font-family: 'Outfit', sans-serif !important;\n }\n\n .tc-form-title::after {\n content: '';\n flex: 1;\n height: 1px;\n background: #eef1fa;\n }\n\n .tc-grid {\n display: grid;\n grid-template-columns: 1fr 1fr;\n gap: 14px;\n }\n\n .tc-field {\n display: flex;\n flex-direction: column;\n gap: 5px;\n }\n\n .tc-field.full { grid-column: 1 \/ -1; }\n\n .tc-field label {\n font-size: 13px !important;\n font-weight: 600 !important;\n color: #3a4f7a !important;\n letter-spacing: .04em;\n text-transform: uppercase;\n font-family: 'Outfit', sans-serif !important;\n display: block !important;\n }\n\n .tc-input-wrap {\n position: relative;\n display: flex;\n align-items: center;\n }\n\n .tc-input-wrap .tc-fi {\n position: absolute;\n right: 12px;\n width: 15px;\n height: 15px;\n stroke: #c0ccdf;\n stroke-width: 1.8;\n pointer-events: none;\n fill: none;\n }\n\n .tc-wrap input[type=\"text\"],\n .tc-wrap input[type=\"email\"],\n .tc-wrap input[type=\"number\"] {\n width: 100% !important;\n border: 1.5px solid #e2e9f7 !important;\n border-radius: 10px !important;\n padding: 9px 34px 9px 13px !important;\n font-family: 'Outfit', sans-serif !important;\n font-size: 15px !important;\n font-weight: 400 !important;\n color: #1e2d50 !important;\n background: #f8faff !important;\n outline: none !important;\n transition: border-color .2s, background .2s, box-shadow .2s;\n -moz-appearance: textfield;\n box-shadow: none !important;\n -webkit-text-fill-color: #1e2d50 !important;\n }\n\n .tc-wrap input[type=\"number\"]::-webkit-inner-spin-button,\n .tc-wrap input[type=\"number\"]::-webkit-outer-spin-button { -webkit-appearance: none; }\n\n .tc-wrap input::placeholder { color: #c0ccdf !important; -webkit-text-fill-color: #c0ccdf !important; opacity: 1; }\n\n .tc-wrap input:focus {\n border-color: #183994 !important;\n background: #fff !important;\n box-shadow: 0 0 0 3.5px rgba(24,57,148,0.1) !important;\n }\n\n .tc-phone-row { display: flex; gap: 8px; }\n .tc-flag-select { position: relative; flex-shrink: 0; }\n\n .tc-flag-select select {\n appearance: none !important;\n -webkit-appearance: none !important;\n border: 1.5px solid #e2e9f7 !important;\n border-radius: 10px !important;\n padding: 9px 26px 9px 12px !important;\n font-family: 'Outfit', sans-serif !important;\n font-size: 14px !important;\n font-weight: 500 !important;\n color: #1e2d50 !important;\n background: #f8faff !important;\n outline: none !important;\n cursor: pointer;\n width: 100px !important;\n transition: border-color .2s, box-shadow .2s;\n }\n\n .tc-flag-select select:focus {\n border-color: #183994 !important;\n box-shadow: 0 0 0 3.5px rgba(24,57,148,0.1) !important;\n }\n\n .tc-flag-select::after {\n content: '';\n position: absolute;\n right: 10px;\n top: 50%;\n transform: translateY(-50%);\n width: 0; height: 0;\n border-left: 4px solid transparent;\n border-right: 4px solid transparent;\n border-top: 5px solid #a0b0cc;\n pointer-events: none;\n }\n\n .tc-phone-row .tc-input-wrap { flex: 1; }\n\n .tc-btn-submit {\n width: 100% !important;\n margin-top: 18px !important;\n padding: 11px !important;\n background: #183994 !important;\n border: none !important;\n border-radius: 10px !important;\n color: #fff !important;\n -webkit-text-fill-color: #fff !important;\n font-family: 'Outfit', sans-serif !important;\n font-size: 15px !important;\n font-weight: 600 !important;\n letter-spacing: .05em;\n cursor: pointer;\n display: flex !important;\n align-items: center !important;\n justify-content: center !important;\n gap: 9px;\n transition: background .2s, transform .15s, box-shadow .2s;\n box-shadow: 0 6px 24px rgba(24,57,148,0.28) !important;\n text-decoration: none !important;\n }\n\n .tc-btn-submit:hover {\n background: #1d46b5 !important;\n transform: translateY(-1px);\n box-shadow: 0 10px 32px rgba(24,57,148,0.35) !important;\n color: #fff !important;\n }\n\n .tc-btn-submit:active { transform: translateY(0); }\n\n .tc-btn-submit svg {\n width: 16px; height: 16px;\n stroke: #fff;\n stroke-width: 2.2;\n fill: none;\n flex-shrink: 0;\n }\n\n .tc-trust {\n margin-top: 10px !important;\n display: flex !important;\n align-items: center !important;\n justify-content: center !important;\n gap: 5px;\n font-size: 13px !important;\n color: #a0b0cc !important;\n font-family: 'Outfit', sans-serif !important;\n }\n\n .tc-trust svg {\n width: 12px; height: 12px;\n stroke: #a0b0cc;\n stroke-width: 2;\n fill: none;\n flex-shrink: 0;\n }\n\n @media (max-width: 680px) {\n .tc-card { flex-direction: column !important; }\n .tc-left { width: 100% !important; padding: 28px 24px 24px !important; }\n .tc-right { padding: 24px 20px !important; }\n .tc-grid { grid-template-columns: 1fr !important; }\n .tc-field.full { grid-column: 1 !important; }\n }\n <\/style>\n\n\n\n<div class=\"tc-wrap\">\n <div class=\"tc-card\">\n\n <!-- Left Panel -->\n <div class=\"tc-left\">\n <div class=\"tc-panel-inner\">\n <div class=\"tc-badge\">\n <span class=\"tc-badge-dot\"><\/span>\n People Security Management\n <\/div>\n <h2><span class=\"ez-toc-section\" id=\"Book_a_Free_Demo_Call_with_Our_Expert\"><\/span>Book a Free<br><em>Demo Call<\/em><br>with Our Expert<span class=\"ez-toc-section-end\"><\/span><\/h2>\n <p class=\"tc-sub\">Discover how Threatcop protects your workforce from modern cyber threats.<\/p>\n <\/div>\n <\/div>\n\n <!-- Right Panel -->\n <div class=\"tc-right\">\n <div class=\"tc-form-title\">Your Details<\/div>\n\n <form action=\"https:\/\/threatcop.com\/thankyou-blog\" method=\"get\" target=\"_blank\">\n <input type=\"hidden\" name=\"BlogForm\" value=\"BlogForm\">\n\n <div class=\"tc-grid\">\n\n <div class=\"tc-field\">\n <label>Full Name<\/label>\n <div class=\"tc-input-wrap\">\n <input type=\"text\" name=\"FullName\" placeholder=\"Jane Smith\" required=\"\">\n <svg class=\"tc-fi\" viewBox=\"0 0 24 24\" stroke-linecap=\"round\">\n <circle cx=\"12\" cy=\"8\" r=\"4\"><\/circle><path d=\"M4 20c0-4 3.58-7 8-7s8 3 8 7\"><\/path>\n <\/svg>\n <\/div>\n <\/div>\n\n <div class=\"tc-field\">\n <label>Company Name<\/label>\n <div class=\"tc-input-wrap\">\n <input type=\"text\" name=\"CompanyName\" placeholder=\"Acme Corp\" required=\"\">\n <svg class=\"tc-fi\" viewBox=\"0 0 24 24\" stroke-linecap=\"round\">\n <rect x=\"3\" y=\"3\" width=\"18\" height=\"18\" rx=\"2\"><\/rect>\n <path d=\"M9 3v18M3 9h6M3 15h6\"><\/path>\n <\/svg>\n <\/div>\n <\/div>\n\n <div class=\"tc-field full\">\n <label>Corporate Email<\/label>\n <div class=\"tc-input-wrap\">\n <input type=\"email\" name=\"email\" placeholder=\"jane@yourcompany.com\" required=\"\">\n <svg class=\"tc-fi\" viewBox=\"0 0 24 24\" stroke-linecap=\"round\">\n <rect x=\"2\" y=\"4\" width=\"20\" height=\"16\" rx=\"2\"><\/rect>\n <polyline points=\"2,4 12,13 22,4\"><\/polyline>\n <\/svg>\n <\/div>\n <\/div>\n\n <div class=\"tc-field full\">\n <label>Phone Number<\/label>\n <div class=\"tc-input-wrap\">\n <input type=\"number\" name=\"Phone\" placeholder=\"98765 43210\" required=\"\">\n <svg class=\"tc-fi\" viewBox=\"0 0 24 24\" stroke-linecap=\"round\">\n <path d=\"M22 16.92v3a2 2 0 01-2.18 2A19.79 19.79 0 013.09 4.18 2 2 0 015.07 2h3a2 2 0 012 1.72c.13.96.36 1.9.71 2.81a2 2 0 01-.45 2.11L9.09 9.91a16 16 0 006 6l1.27-1.27a2 2 0 012.11-.45c.91.35 1.85.58 2.81.71A2 2 0 0122 16.92z\"><\/path>\n <\/svg>\n <\/div>\n <\/div>\n\n <\/div>\n\n <button type=\"submit\" class=\"tc-btn-submit\">\n <svg viewBox=\"0 0 24 24\" stroke-linecap=\"round\">\n <path d=\"M22 2L11 13M22 2L15 22l-4-9-9-4 20-7z\"><\/path>\n <\/svg>\n Book My Free Demo\n <\/button>\n\n <div class=\"tc-trust\">\n <svg viewBox=\"0 0 24 24\" stroke-linecap=\"round\">\n <rect x=\"3\" y=\"11\" width=\"18\" height=\"11\" rx=\"2\"><\/rect>\n <path d=\"M7 11V7a5 5 0 0110 0v4\"><\/path>\n <\/svg>\n Your data is safe & never shared with third parties\n <\/div>\n\n <\/form>\n <\/div>\n\n <\/div>\n<\/div>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"How_Does_Microsoft_MDASH_Work\"><\/span><strong>How Does Microsoft MDASH Work?<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">Microsoft MDASH runs each codebase through five stages, with different agents handling different roles at each one.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>Stage 1:<\/strong> Prepare. The system ingests source code, builds language-sensitive indexes, and maps the attack surface by analyzing commit history.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>Stage 2:<\/strong> Scan. Auditor agents traverse candidate code paths and report their findings. Each finding includes a hypothesis and supporting evidence, not a pattern match.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>Stage 3:<\/strong> Validate. Debater agents try to disprove each finding by testing whether the flaw is actually reachable. If they can’t shoot it down, the finding gains credibility. Disagreement is treated as a signal.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>Stage 4:<\/strong> Dedup. When two or more semantically identical findings come up, they are grouped into a single report, making it easier for the analyst to review.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>Stage 5:<\/strong> Prove. The system generates a working proof-of-concept that triggers the bug.<a href=\"https:\/\/github.com\/google\/sanitizers\/wiki\/AddressSanitizer\"> AddressSanitizer<\/a> is used to confirm it in the C and C++ world. A human is only alerted once exploitability is proven.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">This is where Microsoft’s agentic AI approach becomes significant. Single-model scanners handle one task at a time and routinely miss cross-file bugs. MDASH auditor agents are built to detect those patterns, and the debater cohort ensures findings cannot be dismissed.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"What_Has_MDASH_Found\"><\/span><strong>What Has MDASH Found?<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">In May 2026, MDASH found 16 new vulnerabilities in the Windows networking and authentication stack. Four were identified as critical.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">The most severe was CVE-2026-33827, a<a href=\"https:\/\/www.first.org\/cvss\/\"> CVSS<\/a> 8.1 use-after-free in tcpip.sys that could be triggered remotely with no authentication required, just by sending malformed IPv4 packets. CVE-2026-33824 is a CVSS 9.8 double-free in the IKEEXT service that spanned six source files and could not have been identified by analyzing any one of them individually. It can be triggered by an unauthenticated attacker over UDP port 500, exactly the kind of flaw that standard tools walk past.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">In an internal test, MDASH identified all 21 vulnerabilities with zero false positives.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">On the CyberGym benchmark, which covers 1,507 real-world tasks from 188 open-source projects, MDASH scored 88.45%. By Build 2026, that had risen to 96.55%, roughly a 10-point jump in under three weeks. On retrospective tests against pre-patch Windows components, it hit 96% recall for confirmed<a href=\"https:\/\/msrc.microsoft.com\/\"> MSRC<\/a> cases in clfs.sys over five years and 100% for tcpip.sys.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"What_Is_the_Relationship_Between_MDASH_Defender_and_GitHub\"><\/span><strong>What Is the Relationship Between MDASH, Defender, and GitHub?<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">Production risk indicators, such as internet exposure and data sensitivity, are automatically imported into the Microsoft Defender Portal from validated MDASH results. Security teams keep using the same user interface for prioritization.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Meanwhile, GitHub Copilot Autofix makes remediations based on the MDASH findings verified in the GitHub workflow. Developers are given the fix in their editor without switching to another tool. Role-based access control mechanisms keep the vulnerability details confidential until the patch is made public.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">First MDASH locates and verifies the bug, then Defender puts it on the priority list, and finally, Copilot Autofix prepares the patch.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"What_This_Means_for_Enterprise_Security_Teams\"><\/span><strong>What This Means for Enterprise Security Teams<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">This Microsoft security news marks one of the biggest shifts in enterprise defense in recent years. AI is no longer just helping analysts. It’s analyzing, presenting results, and generating proof-of-concept exploits before a human ever sees the alert.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">It cuts both ways. Defensively, MDASH can locate vulnerabilities much more quickly than even the best human teams. Then again, malicious actors are also building similar pipelines. In its<a href=\"https:\/\/www.microsoft.com\/en-us\/corporate-responsibility\/cybersecurity\/microsoft-digital-defense-report-2025\/\"> 2025 Digital Defense Report<\/a>, Microsoft highlighted that state-sponsored hackers are using AI not only to speed up their vulnerability identification but also to carry out larger-scale attacks.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">This latest AI innovation from Microsoft means the attacker-defender speed gap is quietly getting smaller. MDASH is designed to close that gap from the inside out.<\/p>\n\n\n\n<style>\n .threatcop-banner {\n background-color: #02022e;\n border: 2px solid #00bf63;\n border-radius: 12px;\n padding: 12px 24px;\n display: flex;\n justify-content: space-between;\n align-items: center;\n max-width: 1100px;\n margin: 20px auto;\n color: #ffffff;\n font-family: Arial, sans-serif;\n }\n\n .threatcop-banner-text {\n font-size: 18px;\n font-weight: 500;\n }\n\n .threatcop-banner-button {\n background-color: #00bf63;\n color: #ffffff;\n padding: 8px 20px;\n border-radius: 8px;\n text-decoration: none;\n font-weight: 500;\n white-space: nowrap;\n transition: 0.2s ease;\n font-size: 15px;\n }\n\n .threatcop-banner-button:hover {\n opacity: 0.9;\n }\n\n @media (max-width: 768px) {\n .threatcop-banner {\n flex-direction: column;\n text-align: center;\n gap: 10px;\n }\n }\n<\/style>\n\n<div class=\"threatcop-banner\">\n <div class=\"threatcop-banner-text\">\n Discuss Your Organization\u2019s Human Risk Challenges\n <\/div>\n <a href=\"https:\/\/threatcop.com\/contact-us?utm_source=thrm_summerized_blog\" class=\"threatcop-banner-button\">\n Book a Meeting\n <\/a>\n<\/div>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"What_MDASH_Does_Not_Cover\"><\/span><strong>What MDASH Does Not Cover<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">MDASH finds and validates vulnerabilities in code. It does not protect against <a href=\"https:\/\/threatcop.com\/blog\/weakest-link-in-cyber-security\/\">employees who click phishing links<\/a>, forward infected attachments, or hand over credentials on a convincing phone call.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Both exposures exist in parallel. An AI vulnerability scanner reduces exposure at the code level but does nothing at the human layer. A team that secures one door and leaves the other open is still exposed.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">As part of this Microsoft announcement, it is worth noting that tools like MDASH only operate at the code layer. The human layer needs its own defense. <a href=\"https:\/\/threatcop.com\/threatcop-security-awareness-training\">Threatcop’s security awareness training platform<\/a> is built for that. It simulates phishing, vishing, smishing, and ransomware attacks, measures each employee’s likelihood of falling for them, and uses AI-driven reports to flag the highest-risk areas before attackers get there first.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Code security and a trained workforce protect two different attack surfaces. You need both.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Frequently_Asked_Questions\"><\/span><strong>Frequently Asked Questions<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n<style>#sp-ea-14729 .spcollapsing { height: 0; overflow: hidden; transition-property: height;transition-duration: 300ms;}#sp-ea-14729.sp-easy-accordion>.sp-ea-single {margin-bottom: 10px; border: 1px solid #e2e2e2; }#sp-ea-14729.sp-easy-accordion>.sp-ea-single>.ea-header a {color: #444;}#sp-ea-14729.sp-easy-accordion>.sp-ea-single>.sp-collapse>.ea-body {background: #fff; color: #444;}#sp-ea-14729.sp-easy-accordion>.sp-ea-single {background: #eee;}#sp-ea-14729.sp-easy-accordion>.sp-ea-single>.ea-header a .ea-expand-icon { float: left; color: #444;font-size: 16px;}<\/style><div id=\"sp_easy_accordion-1782131386\"><div id=\"sp-ea-14729\" class=\"sp-ea-one sp-easy-accordion\" data-ea-active=\"ea-click\" data-ea-mode=\"vertical\" data-preloader=\"\" data-scroll-active-item=\"\" data-offset-to-scroll=\"0\"><div class=\"ea-card ea-expand sp-ea-single\"><h3 class=\"ea-header\"><a class=\"collapsed\" id=\"ea-header-147290\" role=\"button\" data-sptoggle=\"spcollapse\" data-sptarget=\"#collapse147290\" aria-controls=\"collapse147290\" href=\"#\" aria-expanded=\"true\" tabindex=\"0\"><i aria-hidden=\"true\" role=\"presentation\" class=\"ea-expand-icon eap-icon-ea-expand-minus\"><\/i> What is MDASH?<\/a><\/h3><div class=\"sp-collapse spcollapse collapsed show\" id=\"collapse147290\" data-parent=\"#sp-ea-14729\" role=\"region\" aria-labelledby=\"ea-header-147290\"> <div class=\"ea-body\"><p><span style=\"font-weight: 400\">MDASH is a Multi-Model Agentic Scanning Harness. It runs more than 100 AI agents through a five-stage pipeline to find, validate, and confirm exploitable vulnerabilities in enterprise codebases. Every finding that reaches an analyst comes with a working proof-of-concept.<\/span><\/p><\/div><\/div><\/div><div class=\"ea-card sp-ea-single\"><h3 class=\"ea-header\"><a class=\"collapsed\" id=\"ea-header-147291\" role=\"button\" data-sptoggle=\"spcollapse\" data-sptarget=\"#collapse147291\" aria-controls=\"collapse147291\" href=\"#\" aria-expanded=\"false\" tabindex=\"0\"><i aria-hidden=\"true\" role=\"presentation\" class=\"ea-expand-icon eap-icon-ea-expand-plus\"><\/i> When did Microsoft announce MDASH? <\/a><\/h3><div class=\"sp-collapse spcollapse \" id=\"collapse147291\" data-parent=\"#sp-ea-14729\" role=\"region\" aria-labelledby=\"ea-header-147291\"> <div class=\"ea-body\"><p><span style=\"font-weight: 400\">Microsoft announced MDASH on May 12, 2026. The expanded preview with native support in the Microsoft Defender Portal and GitHub Code Security launched at Microsoft Build 2026 on June 2, 2026.<\/span><\/p><\/div><\/div><\/div><div class=\"ea-card sp-ea-single\"><h3 class=\"ea-header\"><a class=\"collapsed\" id=\"ea-header-147292\" role=\"button\" data-sptoggle=\"spcollapse\" data-sptarget=\"#collapse147292\" aria-controls=\"collapse147292\" href=\"#\" aria-expanded=\"false\" tabindex=\"0\"><i aria-hidden=\"true\" role=\"presentation\" class=\"ea-expand-icon eap-icon-ea-expand-plus\"><\/i> What makes MDASH different from a standard vulnerability scanner? <\/a><\/h3><div class=\"sp-collapse spcollapse \" id=\"collapse147292\" data-parent=\"#sp-ea-14729\" role=\"region\" aria-labelledby=\"ea-header-147292\"> <div class=\"ea-body\"><p><span style=\"font-weight: 400\">Rather than relying on pattern matching, the five-stage Microsoft MDASH pipeline uses agents that scan, debate, deduplicate, and assess exploitability. It catches bugs that span multiple files and only surfaces findings it can back up with a working proof-of-concept.<\/span><\/p><\/div><\/div><\/div><div class=\"ea-card sp-ea-single\"><h3 class=\"ea-header\"><a class=\"collapsed\" id=\"ea-header-147293\" role=\"button\" data-sptoggle=\"spcollapse\" data-sptarget=\"#collapse147293\" aria-controls=\"collapse147293\" href=\"#\" aria-expanded=\"false\" tabindex=\"0\"><i aria-hidden=\"true\" role=\"presentation\" class=\"ea-expand-icon eap-icon-ea-expand-plus\"><\/i> Can enterprise organizations use MDASH? <\/a><\/h3><div class=\"sp-collapse spcollapse \" id=\"collapse147293\" data-parent=\"#sp-ea-14729\" role=\"region\" aria-labelledby=\"ea-header-147293\"> <div class=\"ea-body\"><p><span style=\"font-weight: 400\">As of June 2026, MDASH is in expanded preview for qualified organizations through Microsoft's security programs. No general availability date has been announced.<\/span><\/p><\/div><\/div><\/div><div class=\"ea-card sp-ea-single\"><h3 class=\"ea-header\"><a class=\"collapsed\" id=\"ea-header-147294\" role=\"button\" data-sptoggle=\"spcollapse\" data-sptarget=\"#collapse147294\" aria-controls=\"collapse147294\" href=\"#\" aria-expanded=\"false\" tabindex=\"0\"><i aria-hidden=\"true\" role=\"presentation\" class=\"ea-expand-icon eap-icon-ea-expand-plus\"><\/i> Does MDASH remove the need for security awareness training? <\/a><\/h3><div class=\"sp-collapse spcollapse \" id=\"collapse147294\" data-parent=\"#sp-ea-14729\" role=\"region\" aria-labelledby=\"ea-header-147294\"> <div class=\"ea-body\"><p><span style=\"font-weight: 400\">No. MDASH addresses vulnerabilities at the code level. Human-layer attacks such as phishing, vishing, and social engineering target people, not code, and those need a separate layer of defense through security awareness training.<\/span><\/p><\/div><\/div><\/div><div class=\"ea-card sp-ea-single\"><h3 class=\"ea-header\"><a class=\"collapsed\" id=\"ea-header-147295\" role=\"button\" data-sptoggle=\"spcollapse\" data-sptarget=\"#collapse147295\" aria-controls=\"collapse147295\" href=\"#\" aria-expanded=\"false\" tabindex=\"0\"><i aria-hidden=\"true\" role=\"presentation\" class=\"ea-expand-icon eap-icon-ea-expand-plus\"><\/i> Is MDASH model-agnostic? <\/a><\/h3><div class=\"sp-collapse spcollapse \" id=\"collapse147295\" data-parent=\"#sp-ea-14729\" role=\"region\" aria-labelledby=\"ea-header-147295\"> <div class=\"ea-body\"><p><span style=\"font-weight: 400\">Yes. The pipeline can work with any AI model. If a better option becomes available, it gets swapped in for that stage. All domain plugins, scope files, and calibrations carry over.<\/span><\/p><\/div><\/div><\/div><\/div><\/div>\n<\/p>","protected":false},"excerpt":{"rendered":"<p>The smartest human team will not outsmart AI when it comes to finding bugs. Microsoft MDASH is working on bugs that haven’t been found by any of the human teams. Microsoft MDASH (Multi-Model Agentic Scanning Harness) is not a chatbot or a security copilot, but it was unveiled at Build 2026. It’s a closed AI […]<\/p>\n","protected":false},"author":23,"featured_media":14732,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[42,284],"tags":[],"class_list":["post-14727","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity-awareness","category-news-and-digest"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.8 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Microsoft MDASH: How AI Finds Bugs Before Hackers Do<\/title>\n<meta name=\"description\" content=\"Microsoft MDASH uses AI agents to find and prove exploitable bugs before hackers do. See how it works.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/threatcop.com\/blog\/microsoft-mdash-ai-vulnerability-scanner\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Microsoft MDASH: How AI Finds Bugs Before Hackers Do\" \/>\n<meta property=\"og:description\" content=\"Microsoft MDASH uses AI agents to find and prove exploitable bugs before hackers do. See how it works.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/threatcop.com\/blog\/microsoft-mdash-ai-vulnerability-scanner\/\" \/>\n<meta property=\"og:site_name\" content=\"Threatcop\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/people\/Threatcop\/100083109892339\/\" \/>\n<meta property=\"article:published_time\" content=\"2026-06-22T13:10:00+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2026-06-22T13:10:02+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/threatcop.com\/blog\/wp-content\/uploads\/2026\/06\/What-Is-Microsoft-MDASH-The-Agentic-AI-System-Rewriting-Cybersecurity.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1920\" \/>\n\t<meta property=\"og:image:height\" content=\"1080\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Purva Puri\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatcop\" \/>\n<meta name=\"twitter:site\" content=\"@threatcop\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Purva Puri\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/microsoft-mdash-ai-vulnerability-scanner\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/microsoft-mdash-ai-vulnerability-scanner\\\/\"},\"author\":{\"name\":\"Purva Puri\",\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/#\\\/schema\\\/person\\\/37ec6d4f17ad36fb23e04a52c48f323f\"},\"headline\":\"What Is Microsoft MDASH? The Agentic AI System Rewriting Cybersecurity\",\"datePublished\":\"2026-06-22T13:10:00+00:00\",\"dateModified\":\"2026-06-22T13:10:02+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/microsoft-mdash-ai-vulnerability-scanner\\\/\"},\"wordCount\":1034,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/microsoft-mdash-ai-vulnerability-scanner\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/wp-content\\\/uploads\\\/2026\\\/06\\\/What-Is-Microsoft-MDASH-The-Agentic-AI-System-Rewriting-Cybersecurity.jpg\",\"articleSection\":[\"Cybersecurity Awareness\",\"News and Digest\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/threatcop.com\\\/blog\\\/microsoft-mdash-ai-vulnerability-scanner\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/microsoft-mdash-ai-vulnerability-scanner\\\/\",\"url\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/microsoft-mdash-ai-vulnerability-scanner\\\/\",\"name\":\"Microsoft MDASH: How AI Finds Bugs Before Hackers Do\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/microsoft-mdash-ai-vulnerability-scanner\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/microsoft-mdash-ai-vulnerability-scanner\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/wp-content\\\/uploads\\\/2026\\\/06\\\/What-Is-Microsoft-MDASH-The-Agentic-AI-System-Rewriting-Cybersecurity.jpg\",\"datePublished\":\"2026-06-22T13:10:00+00:00\",\"dateModified\":\"2026-06-22T13:10:02+00:00\",\"description\":\"Microsoft MDASH uses AI agents to find and prove exploitable bugs before hackers do. See how it works.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/microsoft-mdash-ai-vulnerability-scanner\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/threatcop.com\\\/blog\\\/microsoft-mdash-ai-vulnerability-scanner\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/microsoft-mdash-ai-vulnerability-scanner\\\/#primaryimage\",\"url\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/wp-content\\\/uploads\\\/2026\\\/06\\\/What-Is-Microsoft-MDASH-The-Agentic-AI-System-Rewriting-Cybersecurity.jpg\",\"contentUrl\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/wp-content\\\/uploads\\\/2026\\\/06\\\/What-Is-Microsoft-MDASH-The-Agentic-AI-System-Rewriting-Cybersecurity.jpg\",\"width\":1920,\"height\":1080,\"caption\":\"microsoft mdash\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/microsoft-mdash-ai-vulnerability-scanner\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"What Is Microsoft MDASH? The Agentic AI System Rewriting Cybersecurity\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/\",\"name\":\"Threatcop\",\"description\":\"Cybersecurity Blogs, News, Updates, and Articles\",\"publisher\":{\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/#organization\",\"name\":\"Threatcop\",\"url\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/wp-content\\\/uploads\\\/2026\\\/06\\\/threatcop-logo-black-1.png\",\"contentUrl\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/wp-content\\\/uploads\\\/2026\\\/06\\\/threatcop-logo-black-1.png\",\"width\":432,\"height\":102,\"caption\":\"Threatcop\"},\"image\":{\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/people\\\/Threatcop\\\/100083109892339\\\/\",\"https:\\\/\\\/x.com\\\/threatcop\",\"https:\\\/\\\/www.linkedin.com\\\/company\\\/threatcop\\\/\",\"https:\\\/\\\/www.instagram.com\\\/threatcop_official\\\/\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/#\\\/schema\\\/person\\\/37ec6d4f17ad36fb23e04a52c48f323f\",\"name\":\"Purva Puri\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/wp-content\\\/uploads\\\/2026\\\/03\\\/avatar_user_23_1774006881.png\",\"url\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/wp-content\\\/uploads\\\/2026\\\/03\\\/avatar_user_23_1774006881.png\",\"contentUrl\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/wp-content\\\/uploads\\\/2026\\\/03\\\/avatar_user_23_1774006881.png\",\"caption\":\"Purva Puri\"},\"description\":\"Purva is a Technical Content Strategist at Threatcop with an MBA in Business Analytics, specializing in SEO-driven content and technical editing across IT and digital domains, and is the author of the book From a Daughter\u2019s Eye.\",\"sameAs\":[\"https:\\\/\\\/threatcop.com\\\/\",\"https:\\\/\\\/www.linkedin.com\\\/in\\\/purva-puri\\\/\"]}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Microsoft MDASH: How AI Finds Bugs Before Hackers Do","description":"Microsoft MDASH uses AI agents to find and prove exploitable bugs before hackers do. See how it works.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/threatcop.com\/blog\/microsoft-mdash-ai-vulnerability-scanner\/","og_locale":"en_US","og_type":"article","og_title":"Microsoft MDASH: How AI Finds Bugs Before Hackers Do","og_description":"Microsoft MDASH uses AI agents to find and prove exploitable bugs before hackers do. See how it works.","og_url":"https:\/\/threatcop.com\/blog\/microsoft-mdash-ai-vulnerability-scanner\/","og_site_name":"Threatcop","article_publisher":"https:\/\/www.facebook.com\/people\/Threatcop\/100083109892339\/","article_published_time":"2026-06-22T13:10:00+00:00","article_modified_time":"2026-06-22T13:10:02+00:00","og_image":[{"width":1920,"height":1080,"url":"https:\/\/threatcop.com\/blog\/wp-content\/uploads\/2026\/06\/What-Is-Microsoft-MDASH-The-Agentic-AI-System-Rewriting-Cybersecurity.jpg","type":"image\/jpeg"}],"author":"Purva Puri","twitter_card":"summary_large_image","twitter_creator":"@threatcop","twitter_site":"@threatcop","twitter_misc":{"Written by":"Purva Puri","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/threatcop.com\/blog\/microsoft-mdash-ai-vulnerability-scanner\/#article","isPartOf":{"@id":"https:\/\/threatcop.com\/blog\/microsoft-mdash-ai-vulnerability-scanner\/"},"author":{"name":"Purva Puri","@id":"https:\/\/threatcop.com\/blog\/#\/schema\/person\/37ec6d4f17ad36fb23e04a52c48f323f"},"headline":"What Is Microsoft MDASH? The Agentic AI System Rewriting Cybersecurity","datePublished":"2026-06-22T13:10:00+00:00","dateModified":"2026-06-22T13:10:02+00:00","mainEntityOfPage":{"@id":"https:\/\/threatcop.com\/blog\/microsoft-mdash-ai-vulnerability-scanner\/"},"wordCount":1034,"commentCount":0,"publisher":{"@id":"https:\/\/threatcop.com\/blog\/#organization"},"image":{"@id":"https:\/\/threatcop.com\/blog\/microsoft-mdash-ai-vulnerability-scanner\/#primaryimage"},"thumbnailUrl":"https:\/\/threatcop.com\/blog\/wp-content\/uploads\/2026\/06\/What-Is-Microsoft-MDASH-The-Agentic-AI-System-Rewriting-Cybersecurity.jpg","articleSection":["Cybersecurity Awareness","News and Digest"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/threatcop.com\/blog\/microsoft-mdash-ai-vulnerability-scanner\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/threatcop.com\/blog\/microsoft-mdash-ai-vulnerability-scanner\/","url":"https:\/\/threatcop.com\/blog\/microsoft-mdash-ai-vulnerability-scanner\/","name":"Microsoft MDASH: How AI Finds Bugs Before Hackers Do","isPartOf":{"@id":"https:\/\/threatcop.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/threatcop.com\/blog\/microsoft-mdash-ai-vulnerability-scanner\/#primaryimage"},"image":{"@id":"https:\/\/threatcop.com\/blog\/microsoft-mdash-ai-vulnerability-scanner\/#primaryimage"},"thumbnailUrl":"https:\/\/threatcop.com\/blog\/wp-content\/uploads\/2026\/06\/What-Is-Microsoft-MDASH-The-Agentic-AI-System-Rewriting-Cybersecurity.jpg","datePublished":"2026-06-22T13:10:00+00:00","dateModified":"2026-06-22T13:10:02+00:00","description":"Microsoft MDASH uses AI agents to find and prove exploitable bugs before hackers do. See how it works.","breadcrumb":{"@id":"https:\/\/threatcop.com\/blog\/microsoft-mdash-ai-vulnerability-scanner\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/threatcop.com\/blog\/microsoft-mdash-ai-vulnerability-scanner\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/threatcop.com\/blog\/microsoft-mdash-ai-vulnerability-scanner\/#primaryimage","url":"https:\/\/threatcop.com\/blog\/wp-content\/uploads\/2026\/06\/What-Is-Microsoft-MDASH-The-Agentic-AI-System-Rewriting-Cybersecurity.jpg","contentUrl":"https:\/\/threatcop.com\/blog\/wp-content\/uploads\/2026\/06\/What-Is-Microsoft-MDASH-The-Agentic-AI-System-Rewriting-Cybersecurity.jpg","width":1920,"height":1080,"caption":"microsoft mdash"},{"@type":"BreadcrumbList","@id":"https:\/\/threatcop.com\/blog\/microsoft-mdash-ai-vulnerability-scanner\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/threatcop.com\/blog\/"},{"@type":"ListItem","position":2,"name":"What Is Microsoft MDASH? The Agentic AI System Rewriting Cybersecurity"}]},{"@type":"WebSite","@id":"https:\/\/threatcop.com\/blog\/#website","url":"https:\/\/threatcop.com\/blog\/","name":"Threatcop","description":"Cybersecurity Blogs, News, Updates, and Articles","publisher":{"@id":"https:\/\/threatcop.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/threatcop.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/threatcop.com\/blog\/#organization","name":"Threatcop","url":"https:\/\/threatcop.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/threatcop.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/threatcop.com\/blog\/wp-content\/uploads\/2026\/06\/threatcop-logo-black-1.png","contentUrl":"https:\/\/threatcop.com\/blog\/wp-content\/uploads\/2026\/06\/threatcop-logo-black-1.png","width":432,"height":102,"caption":"Threatcop"},"image":{"@id":"https:\/\/threatcop.com\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/people\/Threatcop\/100083109892339\/","https:\/\/x.com\/threatcop","https:\/\/www.linkedin.com\/company\/threatcop\/","https:\/\/www.instagram.com\/threatcop_official\/"]},{"@type":"Person","@id":"https:\/\/threatcop.com\/blog\/#\/schema\/person\/37ec6d4f17ad36fb23e04a52c48f323f","name":"Purva Puri","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/threatcop.com\/blog\/wp-content\/uploads\/2026\/03\/avatar_user_23_1774006881.png","url":"https:\/\/threatcop.com\/blog\/wp-content\/uploads\/2026\/03\/avatar_user_23_1774006881.png","contentUrl":"https:\/\/threatcop.com\/blog\/wp-content\/uploads\/2026\/03\/avatar_user_23_1774006881.png","caption":"Purva Puri"},"description":"Purva is a Technical Content Strategist at Threatcop with an MBA in Business Analytics, specializing in SEO-driven content and technical editing across IT and digital domains, and is the author of the book From a Daughter\u2019s Eye.","sameAs":["https:\/\/threatcop.com\/","https:\/\/www.linkedin.com\/in\/purva-puri\/"]}]}},"_links":{"self":[{"href":"https:\/\/threatcop.com\/blog\/wp-json\/wp\/v2\/posts\/14727","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/threatcop.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/threatcop.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/threatcop.com\/blog\/wp-json\/wp\/v2\/users\/23"}],"replies":[{"embeddable":true,"href":"https:\/\/threatcop.com\/blog\/wp-json\/wp\/v2\/comments?post=14727"}],"version-history":[{"count":3,"href":"https:\/\/threatcop.com\/blog\/wp-json\/wp\/v2\/posts\/14727\/revisions"}],"predecessor-version":[{"id":14731,"href":"https:\/\/threatcop.com\/blog\/wp-json\/wp\/v2\/posts\/14727\/revisions\/14731"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/threatcop.com\/blog\/wp-json\/wp\/v2\/media\/14732"}],"wp:attachment":[{"href":"https:\/\/threatcop.com\/blog\/wp-json\/wp\/v2\/media?parent=14727"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/threatcop.com\/blog\/wp-json\/wp\/v2\/categories?post=14727"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/threatcop.com\/blog\/wp-json\/wp\/v2\/tags?post=14727"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}