Microsoft has introduced a new multi-model artificial intelligence driven System named MDASH to help identify and fix security vulnerabilities at scale. The company stated that the system is currently being tested by a select group of customers as part of a limited private preview. This announcement comes as part of the company’s broader cybersecurity efforts, with the tool already credited with discovering 16 flaws in Windows that were addressed during the most recent Patch Tuesday update.
MDASH, which stands for multi-model agentic scanning harness, is designed to function as a model-agnostic system. This means it can work with various AI models, using specialized agents tailored for different types of vulnerability detection. The system aims to automate the process of finding security weaknesses in software, reducing the reliance on manual code review and traditional scanning tools.
The 16 vulnerabilities identified by MDASH were included in the February Patch Tuesday release from Microsoft. These flaws spanned different components of the Windows operating system, ranging from elevation of privilege issues to remote code execution bugs. While Microsoft did not disclose the specific severity of each flaw discovered by MDASH, the company emphasized that the system’s ability to surface these issues before they are exploited in the wild is a significant step forward for proactive security.
How MDASH Works
The system uses multiple AI agents that operate in parallel, each focusing on a distinct security domain. For example, one agent might scan for memory corruption issues while another examines API call patterns for logic flaws. These agents are not pre-programmed with specific rules but instead learn from code patterns and historical vulnerability data. The model-agnostic nature of MDASH allows Microsoft to swap or upgrade the underlying AI models without rebuilding the entire system.
Microsoft explained that the agents communicate with each other and share findings, creating a collaborative scanning environment. This approach helps reduce false positives and improves the accuracy of vulnerability detection. The system is designed to prioritize flaws based on potential impact, providing developers with actionable reports rather than a raw list of potential problems.
Implications for Security
The integration of AI into vulnerability discovery represents a shift in how software security is approached. Traditional methods involve static analysis tools and manual penetration testing, which can be time consuming and miss complex, multi-step attack chains. MDASH aims to fill this gap by simulating how an attacker might chain together different weaknesses to gain deeper access to a system.
Security experts note that while AI driven tools are becoming more common, the multi-agent approach used by MDASH is relatively novel. By deploying multiple specialized AI models, Microsoft can cover a wider attack surface than a single monolithic model. The system is also designed to learn from new vulnerabilities as they are discovered, continuously improving its detection capabilities.
Current Status and Future Plans
Microsoft is currently running MDASH as a limited private preview with a small number of enterprise customers. The company has not announced a public release date for the system. However, the fact that it has already contributed to Patch Tuesday fixes suggests that Microsoft is confident in its capabilities for internal use.
The 16 flaws found by MDASH in the latest Patch Tuesday batch are a fraction of the overall vulnerabilities fixed by Microsoft this month. Nevertheless, the discovery highlights the potential for AI to supplement human security researchers. Microsoft’s security response team will continue to rely on a combination of automated tools and human expertise to handle the thousands of submissions reported each year.
Looking ahead, Microsoft plans to expand the capabilities of MDASH to cover more types of software beyond Windows. The company is also exploring ways to integrate the system with its cloud security offerings, such as Microsoft Defender for Cloud. These developments could help organizations automate parts of their vulnerability management workflows, potentially reducing the window between a flaw’s discovery and its remediation.
Source: Delimiter Online
