Microsoft has introduced an innovative security solution known as MDASH (Multi-Model Agentic Scanning Harness), a sophisticated system that employs over 100 specialized AI agents to identify software vulnerabilities. This advanced framework is designed to autonomously detect security flaws within software, diverging from traditional methods that typically rely on a single AI model. Instead, MDASH orchestrates a diverse ensemble of both frontier and distilled models, enhancing its capability to uncover potential threats.
On May 12, 2026, during the monthly Patch Tuesday, Microsoft disclosed that MDASH had identified 16 new vulnerabilities (CVEs) within the Windows networking and authentication stack. Among these, four were deemed critical, including remote code execution vulnerabilities associated with key components such as tcpip.sys, ikeext.dll, netlogon.dll, and dnsapi.dll. Notably, ten of the vulnerabilities impact kernel mode and can be accessed over the network without requiring authentication, underscoring the challenges inherent in auditing proprietary code bases like Windows, Hyper-V, and Azure.
More than 100 agents debate whether vulnerabilities are real
The operational framework of MDASH follows a meticulous four-stage pipeline. Initially, the system analyzes the source code and maps the attack surface. Subsequently, specialized auditor agents scrutinize the code for suspicious elements. In the third stage, a group of agents, referred to as “debaters,” engage in discussions to determine the exploitability of each identified issue. Duplicates are consolidated before the final stage, where Evidence Leader agents attempt to exploit the vulnerability through targeted inputs.
This pipeline is model-agnostic, allowing for the integration of new models simply by adjusting configurations. Additionally, plugins enable experts to incorporate domain-specific knowledge, such as kernel calling conventions or IPC trust boundaries, which may not be inherently known to foundational models.
Top benchmark score, but the comparison isn’t apples to apples
MDASH achieved an impressive score of 88.45 percent on the public CyberGym benchmark, which evaluates 1,507 real vulnerabilities, placing it at the top of the leaderboard—approximately five points ahead of its nearest competitor. However, this comparison may not be entirely equitable, as Microsoft is contrasting an extensive framework against individual models, which could also perform better if integrated into a similar harness.
While the blog post celebrating this achievement does not specify the models utilized to reach this score, Microsoft refers to them in general terms, such as “SOTA models” for heavy reasoning tasks and “distilled models” for cost-effective debating. The origins of these models—whether from OpenAI, Anthropic, Microsoft’s own research, or other third-party sources—remain unspecified.
MDASH is supported by Microsoft’s Autonomous Code Security Team, which includes members from Team Atlanta, the champions of the DARPA AI Cyber Challenge. This team previously developed an autonomous cyber reasoning system capable of detecting and rectifying bugs in complex open-source projects. Currently, MDASH is available in a limited private preview for select external customers, with a comprehensive technical report accessible on the Microsoft blog.
As the landscape of AI cybersecurity evolves, companies like OpenAI and Anthropic are also making strides in leveraging their models to counteract the very threats that AI technologies have inadvertently exacerbated.
