InfoSecBulletin Cybersecurity for mankind
Microsoft has unveiled a new AI-based system called MDASH to help find and fix problems on a large scale. They also said some customers are testing it in a private preview.
MDASH is designed as a model-agnostic system that uses bespoke AI agents for different vulnerability classes to autonomously discover, validate, and prove exploitable defects in complex codebases like Windows.
FortiBleed: 70,000 Fortinet Firewalls Compromised Globally
New Rokarolla Android malware hits 217 banking and crypto apps
Phishing Campaign Exploits Legitimate Microsoft Login Flow
ALERT
Cisco SD-WAN Zero-Day, FortiSandbox and cPanel flaws exploited in attacks
“Panthalassa” builds floating AI data centers powered by ocean waves
Critical Wazuh Vuln Enables Alert Tampering and Evidence Deletion
CVE-2026-0257
Palo Alto Warns of GlobalProtect VPN Vuln Actively Exploited
BD Gov.t to set up Tk192.66cr AI hub with support from Koica
Critical Splunk Enterprise Pre-Auth RCE Chain Exposes Databases With Zero Authentication
Anthropic disables Fable 5 and Mythos 5 Access after US order limiting foreign access
“Unlike single-model approaches, the harness orchestrates more than 100 specialized AI agents across an ensemble of frontier and distilled models to discover, debate, and prove exploitable bugs end-to-end,” Taesoo Kim, vice president of agentic security at Microsoft, said.
MDASH is planned as a “structured pipeline” that takes in a codebase and gives out checked, trusted results through a series of steps.
It begins by looking at the source code to create a threat model and attack surface. Then, special “auditor” agents check the code paths to find possible problems. Next, a second group of “debater” agents confirm these findings. They group similar issues together and finally show that the vulnerabilities exist.
The system is powered by a configurable panel of models, with state-of-the-art (SOTA) models used for reasoning, distilled models for validation for high-volume passes, and a second separate SOTA model for independent counterpoint.
“Disagreement between models is itself a signal: when an auditor flags something as suspect and the debater can’t refute it, that finding’s posterior credibility goes up,” Microsoft explained. “An auditor does not reason like a debater, which does not reason like a prover. Each pipeline stage has its own role, prompt regime, tools, and stop criteria.”
Redmond said that the special agents were built using past security problems and their fixes. It also stated that the system can work with different models.
MDASH has already been put to test, unearthing 16 of the vulnerabilities that were fixed in this month’s Patch Tuesday release. The shortcomings span across the Windows networking and authentication stack, including two critical flaws that could pave the way for remote code execution:
CVE-2026-33824 (CVSS score: 9.8) : A double-free vulnerability in “ikeext.dll” that could allow an unauthenticated attacker to send specially crafted packets to a Windows machine with Internet Key Exchange (IKE) version 2 enabled, leading to remote code execution.
CVE-2026-33827 (CVSS score: 8.1): A race condition vulnerability in Windows TCP/IP (“tcpip.sys”) that allows an unauthorized attacker to send a specially crafted IPv6 packet to a Windows node where IPSec is enabled, leading to remote code execution exploitation.
MDASH’s news comes after Anthropic’s Project Glasswing and OpenAI Daybreak were launched. Both are AI-based efforts to speed up finding, confirming, and fixing security problems before hackers can find them.
“The strategic implication is clear: AI vulnerability discovery has crossed from research curiosity into production-grade defense at enterprise scale, and the durable advantage lies in the agentic system around the model rather than any single model itself,” Kim said.
Microsoft Patch Tuesday May 2026 fixed 120 flaws, Including 29 Critical RCE
