AI-powered vulnerability discovery has crossed from research curiosity into production engineering, according to Microsoft.
The proof: an 88.45% score on the public CyberGym benchmark of 1,507 real-world vulnerability reproduction tasks, roughly five points ahead of the next entry on the leaderboard.
Microsoft’s announcement, published on Tuesday, said the system behind that score is codenamed MDASH, short for multi-model agentic scanning harness.
Built by the tech giant’s Autonomous Code Security team, it orchestrates over 100 specialized AI agents across an ensemble of frontier and distilled models.
Auditor agents flag candidate findings. Debater agents argue for and against each one’s reachability and exploitability. Prover agents construct triggering inputs in order to ensure the bug actually fires.
The architecture is the point, Microsoft said. “The harness does the work, and the model is one input,” the blog post reads.
That framing is backed by retrospective recall numbers against Microsoft Security Response Center cases.
MDASH rediscovered 96% of confirmed bugs in clfs.sys over five years, and 100% in tcpip.sys over the same window. On StorageDrive (a private interview driver Microsoft uses for offensive security candidates) the system found all 21 deliberately injected vulnerabilities with zero false positives.
16 CVEs in Today’s Patch Tuesday
The headline production win is the cohort of 16 CVEs across the Windows networking and authentication stack, disclosed in this week’s Patch Tuesday.
Four carry Critical severity, including remote unauthenticated code execution flaws in the Windows kernel TCP/IP stack and the IKEv2 service. Ten are kernel-mode and the majority are reachable from a network position without credentials.
Microsoft said that two findings, both disclosed in April’s Patch Tuesday, illustrate what an agentic pipeline catches that a single-model scanner does not.
CVE-2026-33827 is a remote unauthenticated use-after-free in tcpip.sys, triggered by IPv4 packets carrying Strict Source and Record Route (SSRR) options, where the lifetime violation only becomes visible by cross-referencing a correctly handled site elsewhere in the same code base.
CVE-2026-33824 is an unauthenticated IKEv2 double-free in ikeext.dll spanning six source files, reachable over UDP/500 against any host configured as an IKEv2 responder (RRAS VPN, DirectAccess, Always-On VPN), with LocalSystem RCE as the payoff.MDASH is being used internally by Microsoft engineering teams and is now in limited private preview for a small set of customers.
