Microsoft has unveiled a groundbreaking agentic AI security system that has successfully identified 16 vulnerabilities within Windows networking and authentication frameworks. Among these, four flaws have been classified as Critical, posing a risk of remote code execution. This innovative system, known as MDASH, was developed by Microsoft’s Autonomous Code Security team and is currently being utilized by the company’s security engineering teams. Additionally, a select group of customers is participating in a limited private preview to test its capabilities.
How Microsoft’s AI security system works
MDASH, described by Microsoft as a multi-model agentic scanning harness, employs a multitude of AI agents to scrutinize code from various perspectives, rather than depending on a singular model for problem detection. The system utilizes over 100 specialized AI agents, each designed to tackle different aspects of code analysis. Some agents focus on identifying potential bugs, while others validate these findings, compare similar code patterns, eliminate duplicate reports, and attempt to demonstrate whether a vulnerability can indeed be exploited.
This multifaceted approach is crucial for cybersecurity teams, who require not just a list of potential issues but also insights into their severity and reproducibility. A tool that generates excessive weak findings can inadvertently increase the workload for engineers, rather than mitigate risk. Microsoft emphasizes that MDASH functions as a structured pipeline, taking a codebase, pinpointing vulnerable areas, conducting scans, verifying findings, and filtering out duplicates—all while mirroring the investigative processes of human security researchers.
Windows flaws added to Patch Tuesday
Through the capabilities of MDASH, Microsoft researchers have uncovered 16 vulnerabilities across key components of Windows networking and authentication. Notable among these are issues found in tcpip.sys, a critical part of the Windows TCP/IP networking stack, and IKEEXT, a service responsible for internet key exchange and IPsec connections. The four Critical flaws identified are particularly concerning, as they could allow an attacker to execute code remotely, without needing physical access to the target system.
Most of these vulnerabilities can be exploited from a network position without requiring credentials, heightening their severity compared to issues that necessitate prior access to a machine or account. For instance, one flaw, designated CVE-2026-33827, relates to tcpip.sys and can be triggered by specially crafted IPv4 packets. This use-after-free bug allows software to continue utilizing memory that should no longer be accessible, potentially leading to system crashes, information exposure, or unauthorized code execution. Another critical flaw, CVE-2026-33824, affects IKEEXT and can be activated through two UDP packets in specific IKEv2 responder configurations, involving a double-free memory management error that could also pave the way for code execution.
What sets these findings apart is the complexity involved in identifying them, as they required reasoning across multiple files, code paths, and ownership patterns—tasks that traditional scanners and single-model AI systems often struggle to accomplish.
Benchmarks show where AI security is heading
In a private testing environment, MDASH successfully detected all 21 planted vulnerabilities without generating any false positives. The system demonstrated a remarkable 96 percent recall rate against five years of confirmed cases from the Microsoft Security Response Center in clfs.sys, achieving a perfect 100 percent recall in tcpip.sys. These recall metrics indicate the system’s efficacy in identifying previously confirmed vulnerabilities.
On the CyberGym benchmark, which comprises 1,507 real-world vulnerability reproduction tasks, MDASH achieved an impressive success rate of 88.45 percent, marking the highest score on the published leaderboard at the time, surpassing the next closest entry by approximately five points. While Microsoft does not assert that this performance will be universally applicable to all future codebases, the historical tests illustrate how the system would have performed against known vulnerabilities, while the recent Patch Tuesday findings showcase its current application in Microsoft’s security efforts.
The Autonomous Code Security team, which includes members from Team Atlanta—winners of the DARPA AI Cyber Challenge for developing an autonomous cyber-reasoning system—has leveraged insights from past projects to refine MDASH. As this innovative tool is integrated into Microsoft security engineering teams and tested by select customers, the pressing question for software developers, academic institutions, and cybersecurity training providers is how swiftly AI-assisted vulnerability discovery will become a standard component of developer tools, security operations, and technical education.
