Microsoft has developed an AI-based security system that reportedly identified 16 previously unknown vulnerabilities in Windows, including four critical remote code execution flaws, according to Crypto Briefing. The system, called the Multi-model Agentic Scanning Harness, or MDASH, also recorded a higher score than systems from Anthropic and OpenAI on a benchmark for AI-assisted vulnerability discovery.
Crypto Briefing reported that MDASH was created by Microsoft’s Autonomous Code Security team and disclosed on May 12, 2026. The system uses an ensemble of more than 100 specialized AI agents operating across multiple models. Those agents are designed to divide security work into tasks such as locating suspicious code, testing potential weaknesses, validating findings and assisting with remediation.
According to the report, the 16 newly discovered Windows flaws were addressed through Microsoft’s May 2026 Patch Tuesday release. Four were classified as critical remote code execution vulnerabilities affecting components that included the Windows kernel and the Internet Key Exchange version 2, or IKEv2, service. Crypto Briefing also said MDASH contributed to work on 570 security issues during one month, although the report did not provide a detailed breakdown of the system’s role in each case.
Remote code execution flaws are among the most serious categories of software vulnerability because they can allow an attacker to run code on a target computer. The practical risk depends on the affected component, the conditions needed for exploitation and the privileges available after a successful attack. A flaw in a networking component can be particularly consequential when a vulnerable service processes untrusted data before a user has an opportunity to intervene.
The reported findings illustrate how AI coding systems are moving beyond code generation and into defensive software analysis. Conventional security testing already uses automated static analysis, dynamic analysis, fuzzing and symbolic execution to locate defects. Agentic AI systems can potentially coordinate several of those techniques, interpret results, generate test cases and revisit code based on evidence collected during an investigation.
MDASH reportedly scored 88.45% on CyberGym, compared with 83.1% for Anthropic’s Claude Mythos Preview and 81.8% for OpenAI’s GPT-5.5. Those results suggest that Microsoft’s system performed best among the three configurations evaluated on that benchmark. Benchmark rankings, however, do not by themselves establish how reliably a tool will perform across large, frequently changing production codebases. Results can depend on the dataset, the tools available to an agent, the evaluation rules and the amount of human involvement permitted.
Vulnerability discovery also requires more than producing a plausible explanation of a coding error. A useful report must generally identify the relevant code path, demonstrate that the problem is reachable, establish the security impact and provide enough evidence for engineers to reproduce the behavior. Security teams must then distinguish genuine defects from false positives, assess severity, develop a fix and test whether that fix creates regressions elsewhere.
A multi-agent design is intended to address some of those challenges by assigning different responsibilities to separate AI workers. One agent might inspect source code, another might develop a proof of concept, and another might challenge the initial conclusion or test a proposed patch. In principle, that structure can reduce reliance on a single model response and make the system’s conclusions easier to verify. It can also increase computational cost and create additional coordination problems if agents repeat work or reinforce an incorrect assumption.
Integrating AI-discovered vulnerabilities into Microsoft’s monthly update process is a significant operational step. Patch Tuesday is the company’s established mechanism for distributing security fixes to Windows customers, and inclusion in that process requires findings to pass through triage, engineering and quality-assurance procedures. The reported May update indicates that at least some MDASH findings progressed beyond experimental detection and into fixes shipped to users.
Microsoft plans to make MDASH available to selected enterprise customers through a limited private preview beginning in June 2026, according to Crypto Briefing. A private preview would allow the company to observe how the system performs on software outside Microsoft’s own development environment while limiting access during early testing. The report did not specify which organizations would participate, what codebases would be supported or when broader availability might follow.
Enterprise use will raise questions about confidentiality and deployment. Source code often contains proprietary business logic, internal interfaces and clues about unpatched weaknesses. Organizations evaluating AI security tools will therefore need to understand where code is processed, how long data is retained, whether prompts or findings are used for model training and which employees or service providers can access the results.
AI-assisted scanning also changes the economics of vulnerability research. Automated systems may enable defenders to examine more code and revisit older components that have received less scrutiny. The same broad capability could also help attackers search for weaknesses, particularly in publicly available software or after a patch reveals where a defect existed. That tension makes rapid validation and remediation central to the value of defensive systems such as MDASH.
Crypto Briefing additionally reported that Microsoft is participating in Anthropic’s Project Glasswing coalition alongside companies including Amazon Web Services, Google and Apple. The collaboration and the CyberGym comparison reflect two parallel dynamics in AI security: major technology companies are competing on model performance while also cooperating on defensive research and access to emerging tools.
The reported Windows discoveries provide a more concrete test of MDASH than a benchmark score alone because they connect the system’s analysis to vulnerabilities that Microsoft subsequently fixed. Even so, fuller technical disclosures would be needed to assess how independently the AI operated, how many candidate findings were rejected and how its performance compared with Microsoft’s existing security tools and human researchers. The enterprise preview could offer further evidence about whether the approach generalizes to different programming languages, architectures and development practices.
Sources: Anthropic