Microsoft's new AI tool finds critical flaws in Windows
What's the story
Microsoft has unveiled a new artificial intelligence (AI)-driven vulnerability detection system, MDASH, that has discovered 16 previously unknown vulnerabilities in Windows. The list includes four critical remote code execution (RCE) flaws. The system was developed by the tech giant's Autonomous Code Security team and the Windows Attack Research and Protection group. It will enter private preview for enterprise customers starting next month.
Cyber defense
Cyber defenders facing an increasingly asymmetric battle
In a blog post announcing the system, Microsoft said, "Cyber defenders are facing an increasingly asymmetric battle." The company noted that attackers are now using AI to make their attacks faster, larger in scale, and more sophisticated. This highlights the growing importance of advanced tools like MDASH in defending against complex cyber threats.
Vulnerability details
Four critical vulnerabilities discovered by MDASH
The four critical vulnerabilities discovered by MDASH affect core Windows components widely used in enterprise environments. One of them, CVE-2026-33827, is a remote unauthenticated use-after-free vulnerability in the Windows IPv4 stack that can be exploited using specially crafted packets with the Strict Source and Record Route option. Another flaw, CVE-2026-33824, is a pre-authentication double-free vulnerability in the IKEEXT service affecting RRAS VPN, DirectAccess, and Always-On VPN deployments.
Other issues
Two more critical vulnerabilities rated 9.8 on CVSS
Two more critical vulnerabilities were found in Netlogon and the Windows DNS Client, both rated 9.8 on the Common Vulnerability Scoring System (CVSS). The rest of the 12 vulnerabilities were rated "Important" by Microsoft. These included denial-of-service, privilege-escalation, information disclosure, and security feature bypass vulnerabilities affecting components like tcpip.sys, http.sys, ikeext.dll, and telnet.exe.
System architecture
How MDASH works to discover vulnerabilities
MDASH orchestrates over 100 specialized AI agents across several frontier and distilled models. Each agent is assigned a different task in the vulnerability discovery pipeline. Some scan source code for potential flaws while others validate findings or create triggering inputs to reproduce issues before they're reviewed by human engineers. The system was designed to be largely model-agnostic, allowing Microsoft to swap underlying AI models without rebuilding the broader orchestration pipeline.
Mixed blessings
Concerns about AI-driven vulnerability discovery speeding up offensive operations
The announcement of MDASH also raises concerns about the potential for AI-driven vulnerability discovery to speed up offensive operations as well as defensive research. Anthropic's Mythos Preview model has already detected thousands of high-severity vulnerabilities, including a decades-old OpenBSD flaw and an FFmpeg issue that traditional fuzzing tools missed despite millions of attempts. This highlights the growing role of advanced AI systems in both identifying and addressing security risks.
Future trends
Shift from periodic scanning to continuous, AI-assisted discovery and remediation
For Chief Information Security Officers (CISOs), the broader implication of MDASH's launch is a shift from periodic scanning to continuous, AI-assisted discovery and remediation. "The future belongs to security teams that can find, validate, contain, and fix in one governed motion," said Sanchit Vir Gogia, chief analyst at Greyhound Research.