Microsoft AI System Finds 16 Windows Vulnerabilities

Microsoft announced on May 12, 2026 ^[5], a new multi-model agentic AI scanning system codenamed MDASH to automatically discover security vulnerabilities.

The system represents a shift toward automated defense, aiming to reduce the window of exposure for software flaws before attackers can exploit them. By accelerating the discovery and remediation process, Microsoft intends to improve the overall speed of its cyber-defense.

MDASH operates across Microsoft's cloud and operating system environments, specifically targeting Azure and Windows. The system utilizes more than 100 specialized AI agents ^[4] to scan for weaknesses. These agents work in a multi-model framework to identify flaws that traditional scanning methods might miss.

During its initial deployment, the AI system identified 16 previously unknown Windows vulnerabilities ^[1]. These findings were reported as part of the May 2026 Patch Tuesday release. Among these discoveries were critical remote-code-execution (RCE) flaws.

Reports on the number of RCE flaws vary. Some data indicates there were four critical RCE flaws ^[2], while other reports specify two RCE flaws located in IKEv2 and TCP/IP ^[3]. These vulnerabilities allow an attacker to execute arbitrary code on a target machine, making them high-priority targets for security patches.

Microsoft security teams operate the system to ensure that the discovery of these flaws leads directly to internal remediation. The company said the system is designed to operate at "AI speed," allowing the defense mechanism to keep pace with the evolving tactics of malicious actors.