Microsoft’s MDASH AI System Gets 16 Windows Flaws Fixed in Patch Tuesday
Microsoft has introduced a new multi-model Artificial Intelligence (AI) system called MDASH to facilitate vulnerability detection and remediation at scale, adding that it is being tested by certain customers as part of a limited private preview.
MDASH, short for multi-model agentic scooking harness, is designed as a model-agnostic system that uses bespoke AI agents on different vulnerability classes to automatically detect, verify, and prove exploitable flaws in complex code such as Windows.
“Unlike single-model approaches, the harness organizes more than 100 special AI agents into a collection of boundary and fine-grained models to discover, argue, and prove actionable bugs in the end,” said Taesoo Kim, vice president of agent security at Microsoft.
MDASH is considered a “systematic pipeline” that imports the codebase and produces validated findings, validated through a series of actions.
It begins by analyzing the source code to create a threat model and attack environment, using special “auditor” agents over candidate code paths to flag potential problems, using a second set of “counter” agents that validate those findings, collect statistically equivalent findings, and finally prove the existence of a vulnerability.
The system is powered by a panel of adjustable models, with high-end (SOTA) models used for imaging, thin models to ensure high-volume passes, and a second separate SOTA model for an independent counterpoint.
“Disagreement between models is itself a symptom: when an auditor flags something as suspect and an opponent cannot refute it, the credibility of that finding increases,” explains Microsoft. “The auditor does not think like a debater, who does not think like a proverb. Each stage of the pipeline has its own role, fast schedule, tools and stop criteria.”
Redmond noted that special agents were developed based on past common vulnerabilities and exposures (CVEs) and their episodes. It also said that the architecture allows portability across model generations.
MDASH has already been tested, finding 16 of the vulnerabilities fixed in this month’s Patch Tuesday release. The flaws span the entire Windows networking and authentication stack, including two critical flaws that could pave the way for remote code execution –
- CVE-2026-33824 (CVSS Score: 9.8) – A double vulnerability in “ikeext.dll” could allow an unauthenticated attacker to send specially crafted packets to a Windows machine with Internet Key Exchange (IKE) version 2 enabled, leading to remote code execution.
- CVE-2026-33827 (CVSS Score: 8.1) – A race condition vulnerability in Windows TCP/IP (“tcpip.sys”) allows an unauthenticated attacker to send a specially crafted IPv6 packet to a Windows environment where IPSec is enabled, leading to remote code execution.
The MDASH news follows the launch of Anthropic’s Project Glasswing and OpenAI Daybreak, both of which are AI-enabled cybersecurity initiatives to accelerate vulnerability discovery, validation, and remediation before they are discovered by bad actors.
“The strategic impact is clear: The risk discovery of AI has gone beyond the curiosity of the research to protect the productivity of the business scale, and the long-term benefit is in the system of the agent around the model rather than any model itself,” said Kim.
