Key Takeaways
- Microsoft introduced a new AI-powered vulnerability discovery system called MDASH.
- The platform identified 16 new Windows vulnerabilities, including four Critical remote code execution flaws.
- MDASH uses more than 100 specialised AI agents instead of a single AI model.
- The system achieved 100% detection on a private Windows driver test with zero false positives.
In this post we are discussing 16 New Windows Vulnerabilities Discovered by Microsoft’s AI-Powered Agentic Security System. Recently, Microsoft announced a new AI-powered security system called MDASH (Microsoft Security multi-model agentic scanning harness) that can automatically find serious software vulnerabilities in Windows. Microsoft explains that the platform helped researchers discover 16 new security flaws, including several critical remote code execution bugs.
What is MDASH?
MDASH, short for Microsoft’s multi-model agentic scanning harness, is an AI-powered vulnerability discovery and remediation platform. Instead of depending on one AI model, the system combines multiple frontier and distilled models that work together through different stages of security analysis.
Table of Contents
Table of Contents
16 New Windows Vulnerabilities Discovered by Microsoft’s AI-Powered Agentic Security System
The new system was developed by Microsoft’s Autonomous Code Security team and uses more than 100 specialized AI agents working together. Instead of relying on a single AI model, the platform analyzes code, validates findings, and tests whether vulnerabilities can actually be exploited.
- Understanding Entra Agentic AI in Security From Manual Work to Fully Autonomous Agents
- How Windows 365 for Agents Performs Intelligent PowerPoint Editing in Cloud PC
- Enhancing Threat Detection and Identity Protection with AI Security Copilot Agents
What’s New in This Announcement?
Microsoft built a new AI system called MDASH. It uses many small AI agents working together to find security bugs faster. One of the biggest highlights is the discover of 16 vulnerabilities in Windows networking and authentication components during Microsoft’s Patch Tuesday cycle. Several of these bugs were found in highly sensitive services including:
- tcpip.sys
- ikeext.dll
- netlogon.dll
- dnsapi.dll
- http.sys
| Component | CVE | Severity | Type |
|---|---|---|---|
| tcpip.sys | CVE-2026-33827 | Critical | Remote Code Execution |
| tcpip.sys | CVE-2026-40413 | Important | Denial of Service (DoS) |
| tcpip.sys | CVE-2026-40405 | Important | Denial of Service |
| ikeext.dll | CVE-2026-33824 | Critical | Remote Code Execution |
| tcpip.sys | CVE-2026-40406 | Important | Information Disclosure |
| tcpip.sys | CVE-2026-35422 | Important | Security Feature Bypass |
| tcpip.sys | CVE-2026-32209 | Important | Security Feature Bypass |
| ikeext.dll | CVE-2026-35424 | Important | Denial of Service |
| telnet.exe | CVE-2026-35423 | Important | Information Disclosure |
| tcpip.sys | CVE-2026-40414 | Important | Denial of Service |
| tcpip.sys | CVE-2026-40401 | Important | Denial of Service |
| tcpip.sys | CVE-2026-40415 | Important | Remote Code Execution |
| http.sys | CVE-2026-33096 | Important | Denial of Service |
| tcpip.sys | CVE-2026-40399 | Important | Elevation of Privilege |
| netlogon.dll | CVE-2026-41089 | Critical | Remote Code Execution |
| dnsapi.dll | CVE-2026-41096 | Critical | Remote Code Execution |
AI Model Benchmark Performance Chart
The chart below shows the improvement of AI models in vulnerability discovery between 2024 and 2026. Earlier models achieved lower detection rates, while newer models such as GPT-5.5 and Claude Sonnet 4.6 showed significantly stronger performance. Microsoft’s MDASH multi-model system achieved one of the highest success rates by combining multiple AI models and specialised agents instead on asingle model.
MDASH Workflow Architecture
Microsoft’s MDASH system automates vulnerability discovery using multiple AI agents. The workflow includes repository analysis, code scanning, bug validation, proof-of-concept generation, and automated patch validation. More than 100 specialised AI agents work together to identify vulnerabilities, reduce false positives, reproduce bugs, and recommend fixes across large enterprise codebases.
Need Further Assistance or Have Technical Questions?
Join the LinkedIn Page and Telegram group to get the latest step-by-step guides and news updates. Join our Meetup Page to participate in User group meetings. Also, join the WhatsApp Community and the WhatsApp channel to get the latest news on Microsoft Technologies. We are there on Reddit as well.
Author
Anoop C Nair is a Workplace Technology solution architect with 25+ years of experience. Microsoft Certified Trainer. Microsoft MVP from 2015 onwards for consecutive 11+ years! He is a blogger, Speaker, and Founder of HTMD Community and HTMD Conference. His main focus is on Device Management technologies like Intune, Windows, and Cloud PC. He writes about technologies like Intune, SCCM, Windows, Cloud PC, Entra, and Microsoft Security.