Microsoft's AI Vulnerability Hunter Unearths 16 Windows Security Flaws, Four Critical

By

Introduction: A New Era in Vulnerability Discovery

Microsoft has introduced an innovative artificial intelligence system designed to automatically identify security weaknesses in Windows. This system, known as MDASH, has already found 16 previously undisclosed vulnerabilities in the operating system, including four critical remote code execution (RCE) flaws. Security experts believe this development could fundamentally change how software vulnerabilities are discovered and addressed.

The MDASH platform was built by Microsoft's Autonomous Code Security team in collaboration with the Windows Attack Research and Protection group. It will enter a private preview for enterprise customers starting next month, as detailed in a recent Microsoft blog post.

All 16 vulnerabilities were patched as part of Microsoft's May 12 Patch Tuesday release. In its announcement, Microsoft noted, "Cyber defenders are facing an increasingly asymmetric battle. Attackers are using AI to increase the speed, scale, and sophistication of attacks."

Critical Windows Components Affected

The four critical vulnerabilities impact core Windows components that are widely deployed across enterprise environments, according to Microsoft. Among them:

• CVE-2026-33827: a remote unauthenticated use-after-free flaw in the Windows IPv4 stack, exploitable through specially crafted packets carrying the Strict Source and Record Route option.
• CVE-2026-33824: a pre-authentication double-free issue in the IKEEXT service, affecting RRAS VPN, DirectAccess, and Always-On VPN deployments.
• Two additional critical flaws impact Netlogon and the Windows DNS Client, both carrying CVSS scores of 9.8.

The remaining 12 vulnerabilities are rated "Important" and include denial-of-service, privilege-escalation, information disclosure, and security feature bypass flaws. These affect components such as tcpip.sys, http.sys, ikeext.dll, and telnet.exe.

How MDASH Orchestrates AI Agents

According to Microsoft, MDASH orchestrates more than 100 specialized AI agents across multiple frontier and distilled models. Each agent is assigned to a different stage of the vulnerability discovery pipeline:

1. Some agents scan source code for potential flaws.
2. Others validate whether findings are genuine.
3. Another stage attempts to construct triggering inputs capable of reproducing the issue before the finding reaches a human engineer for review.

As Taesoo Kim, Microsoft vice president for agentic security, explained: "The model is one input. The system is the product."

The architecture is intentionally designed to remain largely model-agnostic, allowing Microsoft to swap underlying AI models without rebuilding the broader orchestration pipeline. This detail is significant because MDASH arrives only weeks after Microsoft announced Project Glasswing, a partnership involving Anthropic and others to evaluate AI-driven vulnerability discovery using Anthropic's Claude Mythos Preview model.

Project Glasswing and the Broader Context

Project Glasswing represents Microsoft's growing investment in AI-powered security research. By collaborating with Anthropic and other organizations, Microsoft aims to explore how advanced AI models can be used to identify zero-day vulnerabilities before malicious actors exploit them. The MDASH system builds on these efforts, demonstrating that AI can actively hunt for flaws in one of the world's most widely used operating systems.

Implications for Enterprise Security

The discovery of 16 vulnerabilities through an automated AI system underscores the potential for machine learning to augment human security researchers. For enterprise customers, this means faster identification and remediation of critical flaws—especially those affecting networking components like IPv4, VPN services, and DNS. Microsoft's approach also reduces the time window during which attackers could exploit zero-day vulnerabilities.

As the cybersecurity landscape becomes increasingly asymmetric, tools like MDASH could level the playing field, enabling defenders to keep pace with AI-powered attacks. The private preview for enterprise customers will likely provide valuable feedback for scaling this technology across Microsoft's product portfolio.

Key Takeaways

• MDASH identified 16 Windows vulnerabilities, including four critical RCE flaws.
• Critical flaws affect IPv4 stack, IKEEXT service, Netlogon, and DNS Client.
• The system uses over 100 specialized AI agents in a modular pipeline.
• Project Glasswing complements MDASH by exploring AI-driven vulnerability discovery with external partners.

For more details on the patched vulnerabilities, refer to the official Microsoft Security Response Center.

Related Articles

• How to Sustain Disruptive Scientific Innovation as Your Career Progresses
• Climate Scientist Warns 2026 on Track to Shatter Global Heat Record
• AI Agents Get Their Own Secure Desktops: Amazon WorkSpaces Eliminates Legacy Application Barriers
• The Sudden Spike: Why Illinois Gas Prices Now Lead the Nation Outside the West Coast
• How to Check If Your Edge Browser Passwords Are Exposed (and What to Do About It)
• Extreme New Ice Phase Pushes Limits of Water's Solid State
• The Anti-Aging Power of Travel: A Science-Backed Guide to Living Longer
• 2026 Poised to Overtake 2024 as the Hottest Year, Says Renowned Climatologist