Microsoft has deployed an AI system called MDASH, its multi-model agentic scanning harness, to hunt for security flaws across the Windows codebase before attackers can exploit them. The system runs on dedicated cloud infrastructure built specifically for this scanning work. Microsoft says the goal is to shrink the gap between when a bug is discovered and when a fix reaches customers.

MDASH combines several AI models, including third-party vulnerability discovery tools, in a two-stage pipeline. A scanner pass checks critical binaries and uses multi-model debate, where separate model families weigh in on whether a candidate is a genuine flaw, to filter out noise. Confirmed candidates then move to a Windows-specific “prove” stage built to eliminate remaining false positives before anything reaches a human engineer.

Microsoft is not limiting the automation to discovery alone. The company says it is folding AI into the fix stage too, using it to help engineers understand failures faster, draft candidate patches consistent with surrounding code, surface related issues elsewhere in the codebase and select the regression tests a change is likely to affect. Human reviewers remain in the loop for code review, according to Pavan Davuluri, the Windows and Devices executive who described the system in a July 9 blog post.

The trade-off is volume. Microsoft says that as AI surfaces more issues, customers will see a higher number of fixes bundled into each monthly security release. That is a notable framing choice: a larger patch count from a system built to move faster is presented by Microsoft as evidence the scanning is working, not evidence that Windows security is deteriorating. Enterprises that size patch-testing windows around a roughly stable monthly count should plan for that count to climb.

Microsoft has not disclosed how many vulnerabilities MDASH has surfaced since deployment or what share of monthly fixes now originate from AI-assisted scanning versus traditional review. That gap makes the system’s actual speedup, and its false-positive rate against prior manual processes, difficult to verify from outside the company.

The shift reflects an asymmetry now shaping most AI security work. If AI models can find memory-safety and logic bugs faster than human auditors, both defenders and attackers gain access to that capability, and the side that scans and patches first keeps the advantage. Microsoft is pairing MDASH with its existing Security Update Validation Program and leaning on Known Issue Rollback, a mechanism that lets customers revert a single problematic fix without uninstalling an entire update. That combination is meant to absorb the risk of shipping AI-assisted patches at a faster pace without forcing customers to choose between speed and stability.

Microsoft is also updating its Secure Development Lifecycle standards to explicitly account for AI-enabled attack techniques and exploit paths, and it is coordinating the discovery-to-remediation pipeline with the Microsoft Security Response Center. The company frames this as an internal capability it plans to spread across other product divisions, not a Windows-only experiment.

For enterprise security and IT teams, the practical takeaway is that monthly patch volumes are likely to trend upward as a matter of policy, not because Windows has become less secure. Patch-management tooling such as Windows Autopatch’s hotpatch mode, phased deployment rings and Azure Arc’s rebootless server updates will matter more for absorbing that higher cadence without downtime, and security teams should recalibrate their patch-testing cycles now rather than after a release cycle catches them by surprise.

Based on a July 9, 2026 blog post from Microsoft’s Windows and Devices team, published on the official Windows Experience Blog.