Microsoft unveils MDASH to automate large‑scale vulnerability discovery across Windows and cloud

On May 25, 2026 Microsoft announced MDASH, an agentic, multi‑model security platform that automates end‑to‑end vulnerability discovery, validation and proofing across Windows, Hyper‑V, Azure and other Microsoft environments;

Microsoft announced MDASH on May 25, 2026, a new AI‑driven system designed to accelerate and scale vulnerability discovery and auditing across Windows and other Microsoft software environments. MDASH aims to automate end‑to‑end processes — finding bugs, validating them, and producing proofs — so teams can audit large proprietary codebases more quickly and at scale.

The platform assembles more than 100 specialized AI agents into a multi‑stage pipeline. Separate agents perform scanning, debate, validation, deduplication and exploitation tasks, enabling the system to reason across multiple files, surface lifecycle and concurrency bugs, and evaluate whether a finding is practically exploitable rather than merely theoretical. Microsoft describes the architecture as model‑agnostic so component models can be swapped or upgraded without changing orchestration and proofing layers.

Microsoft published benchmark and internal results to quantify MDASH’s performance. On the public CyberGym benchmark covering 1,507 real‑world vulnerabilities, MDASH scored 88.45%, roughly five points ahead of the next best entry. Internally, the company reported 96% recall on historical clfs.sys vulnerabilities reviewed by the Microsoft Security Response Center and 100% recall on historical tcpip.sys cases. organizations interested in early testing can apply through Microsoft Security’s preview program, indicating a controlled external evaluation before broader availability.

Microsoft frames MDASH as evidence of a broader shift in AI security tooling: builders should prioritize orchestration, validation and workflow infrastructure around models rather than focusing only on raw model capability. The platform’s model‑agnostic design signals an architectural approach where investment goes into agent coordination, automated proofing and deduplication to manage large, heterogeneous codebases.

Alongside potential gains, MDASH raises operational and governance questions. In a LinkedIn thread, Sandesh KS warned: “The orchestration layer is exactly where it gets interesting — and dangerous. When specialized agents start coordinating across identity systems, financial monitoring, and cloud infrastructure simultaneously, the blast radius of a single misconfigured permission boundary becomes enormous.” He added that governance layers must be designed before agents go live, not retrofitted after the first incident. Builders evaluating MDASH should therefore plan governance and permission controls prior to deployment.