Microsoft has unveiled a new multi-model artificial intelligence (AI)-powered system MDASH To facilitate discovery and remediation of the vulnerability on a larger scale, it said it was being tested by some customers as part of a limited private preview.
MDASH, its short form multi-moDl Agentle Scanning hArness, designed as a model-agnostic system that uses custom AI agents for different vulnerability classes to autonomously discover, validate, and prove exploitable flaws in complex codebases like Windows.
“Unlike the single-model approach, Harness Frontier organizes more than 100 specialized AI agents into a suite of distilled models to discover, debunk, and prove exploitable bugs from end-to-end,” said Taesoo Kim, vice president of agentic security at Microsoft.
MDASH is envisioned as a “structured pipeline” that takes a codebase and produces valid, proven conclusions through a series of actions.
It begins by analyzing the source code to create a threat model and attack surface, running specialized “auditor” agents on candidate code paths to flag potential issues, running a second set of “debater” agents that validate the findings, grouping semantically equivalent findings, and then finally proving the existence of vulnerabilities.
The system is driven by a configurable panel of models, including a state-of-the-art (SOTA) model used for reasoning, a distilled model for validation of high-volume passes, and a second separate SOTA model for independent counterpoints.
“Disagreement between models is a signal in itself: When an auditor flags something as suspicious and the debater can’t refute it, the a priori credibility of that conclusion increases,” Microsoft explained. “An auditor does not reason like a debater, who does not reason like a proverb. Each pipeline stage has its own role, prompt arrangements, tools, and stopping criteria.”
Redmond said the special agents were built based on previous common vulnerabilities and vulnerabilities (CVEs) and their patches. It also states that the architecture model allows portability across generations.
MDASH has already been put to the test, revealing 16 vulnerabilities that were fixed in this month’s Patch Tuesday release. The vulnerabilities extend across the Windows networking and authentication stack, including two critical flaws that could lead to remote code execution –
- CVE-2026-33824 (CVSS Score: 9.8) – A double-free vulnerability in “ikeext.dll” that could allow an unauthenticated attacker to send specially crafted packets to a Windows machine with Internet Key Exchange (IKE) version 2 enabled, leading to remote code execution.
- CVE-2026-33827 (CVSS Score: 8.1) – A race condition vulnerability in Windows TCP/IP (“tcpip.sys”) that allows an unauthenticated attacker to send a specially crafted IPv6 packet to a Windows node where IPSec is enabled, leading to a remote code execution exploit.
The MDASH news follows the launch of Anthropic’s Project Glasswing and OpenAI Daybreak, both of which are AI-powered cybersecurity initiatives designed to accelerate vulnerability discovery, verification, and remediation before they are discovered by bad actors.
Kim said, “The strategic implication is clear: the discovery of AI vulnerabilities has moved from research curiosity to production-grade defense at enterprise scale, and sustainable advantage lies in agentive systems based around models rather than any one model.”
