Microsoft just dropped what might be the most consequential cybersecurity tool of 2026, and it’s not a firewall or an antivirus update. It’s an AI system called MDASH that found 16 previously unknown Windows vulnerabilities, including four critical remote code execution flaws, and helped patch 570 security issues in a single month.

For context, finding even one critical RCE vulnerability in the Windows kernel TCP/IP stack is headline-worthy. Finding four across critical components like the kernel and IKEv2 service, then patching them before bad actors could exploit them, is the kind of thing that keeps CISOs sleeping at night instead of staring at their ceiling.

What MDASH actually is

MDASH stands for Multi-model Agentic Scanning Harness. It’s an ensemble of over 100 specialized AI agents working across multiple models to find, validate, and help fix security bugs.

The system was developed by Microsoft’s Autonomous Code Security team and formally unveiled on May 12, 2026. All 16 newly discovered vulnerabilities were addressed in the May 2026 Patch Tuesday update, meaning MDASH didn’t just find the bugs. It found them fast enough to fit within Microsoft’s existing monthly security cadence.