Microsoft's AI Vulnerability Hunter Unearths 16 Windows Security Flaws, Four Critical

Introduction: A New Era in Vulnerability Discovery

Microsoft has introduced an innovative artificial intelligence system designed to automatically identify security weaknesses in Windows. This system, known as MDASH, has already found 16 previously undisclosed vulnerabilities in the operating system, including four critical remote code execution (RCE) flaws. Security experts believe this development could fundamentally change how software vulnerabilities are discovered and addressed.

Microsoft's AI Vulnerability Hunter Unearths 16 Windows Security Flaws, Four Critical — Source: www.computerworld.com

The MDASH platform was built by Microsoft's Autonomous Code Security team in collaboration with the Windows Attack Research and Protection group. It will enter a private preview for enterprise customers starting next month, as detailed in a recent Microsoft blog post.

All 16 vulnerabilities were patched as part of Microsoft's May 12 Patch Tuesday release. In its announcement, Microsoft noted, "Cyber defenders are facing an increasingly asymmetric battle. Attackers are using AI to increase the speed, scale, and sophistication of attacks."

Critical Windows Components Affected

The four critical vulnerabilities impact core Windows components that are widely deployed across enterprise environments, according to Microsoft. Among them:

CVE-2026-33827: a remote unauthenticated use-after-free flaw in the Windows IPv4 stack, exploitable through specially crafted packets carrying the Strict Source and Record Route option.
CVE-2026-33824: a pre-authentication double-free issue in the IKEEXT service, affecting RRAS VPN, DirectAccess, and Always-On VPN deployments.
Two additional critical flaws impact Netlogon and the Windows DNS Client, both carrying CVSS scores of 9.8.

The remaining 12 vulnerabilities are rated "Important" and include denial-of-service, privilege-escalation, information disclosure, and security feature bypass flaws. These affect components such as tcpip.sys, http.sys, ikeext.dll, and telnet.exe.

How MDASH Orchestrates AI Agents

According to Microsoft, MDASH orchestrates more than 100 specialized AI agents across multiple frontier and distilled models. Each agent is assigned to a different stage of the vulnerability discovery pipeline:

Some agents scan source code for potential flaws.
Others validate whether findings are genuine.
Another stage attempts to construct triggering inputs capable of reproducing the issue before the finding reaches a human engineer for review.

As Taesoo Kim, Microsoft vice president for agentic security, explained: "The model is one input. The system is the product."

The architecture is intentionally designed to remain largely model-agnostic, allowing Microsoft to swap underlying AI models without rebuilding the broader orchestration pipeline. This detail is significant because MDASH arrives only weeks after Microsoft announced Project Glasswing, a partnership involving Anthropic and others to evaluate AI-driven vulnerability discovery using Anthropic's Claude Mythos Preview model.

Project Glasswing and the Broader Context

Project Glasswing represents Microsoft's growing investment in AI-powered security research. By collaborating with Anthropic and other organizations, Microsoft aims to explore how advanced AI models can be used to identify zero-day vulnerabilities before malicious actors exploit them. The MDASH system builds on these efforts, demonstrating that AI can actively hunt for flaws in one of the world's most widely used operating systems.

Implications for Enterprise Security

The discovery of 16 vulnerabilities through an automated AI system underscores the potential for machine learning to augment human security researchers. For enterprise customers, this means faster identification and remediation of critical flaws—especially those affecting networking components like IPv4, VPN services, and DNS. Microsoft's approach also reduces the time window during which attackers could exploit zero-day vulnerabilities.

As the cybersecurity landscape becomes increasingly asymmetric, tools like MDASH could level the playing field, enabling defenders to keep pace with AI-powered attacks. The private preview for enterprise customers will likely provide valuable feedback for scaling this technology across Microsoft's product portfolio.

Key Takeaways

MDASH identified 16 Windows vulnerabilities, including four critical RCE flaws.
Critical flaws affect IPv4 stack, IKEEXT service, Netlogon, and DNS Client.
The system uses over 100 specialized AI agents in a modular pipeline.
Project Glasswing complements MDASH by exploring AI-driven vulnerability discovery with external partners.

For more details on the patched vulnerabilities, refer to the official Microsoft Security Response Center.