Agents
Microsoft MDASH: 100+ AI Agents Find 16 Windows Vulnerabilities Including 4 Critical RCEs, Top CyberGym Benchmark at 88.45%
Microsoft's Autonomous Code Security team unveiled MDASH (Multi-Model Agentic Scanning Harness), an ensemble of 100+ specialized AI agents across frontier and distilled models that found 16 previously unknown Windows vulnerabilities — including 4 critical RCEs in the TCP/IP stack, IKEEXT, HTTP.sys, and Netlogon — without any human researcher identifying them first. MDASH scored 88.45% on the CyberGym benchmark (1,507 real-world tasks), 5 points above the next entry, and achieved 96-100% recall on 5 years of confirmed MSRC cases. Two of the critical flaws (CVE-2026-40361 and CVE-2026-40364) are rated 'more likely to be exploited.'
↳ Follow the thread