Microsoft is using AI to find Windows security flaws
Cybercriminals only need to succeed once to cause serious damage. Security teams, on the other hand, have to stop every attack. As AI makes it easier to discover software vulnerabilities at record speed, Microsoft is changing how it protects Windows.

The company has announced a new AI-powered vulnerability management system designed to identify security flaws much earlier in the development process. Instead of waiting for bugs to be discovered after Windows updates are released, Microsoft wants AI to help engineers detect and fix weaknesses before they can be exploited.
At the center of the initiative is MDASH (Multi-model Agentic Scanning Harness), a cloud-based platform that coordinates more than 100 specialized AI agents to analyze Windows code, identify potential vulnerabilities, filter out false positives, and highlight the most serious issues for human engineers to review.
Microsoft says the technology has already proven its value. During internal testing, MDASH uncovered 16 vulnerabilities, including four classified as critical, all of which were patched before reaching users. Despite the heavy use of AI, Microsoft emphasizes that people remain responsible for the final decisions. Security experts will continue to verify findings, assess real-world risk, and approve fixes before they are included in Windows updates.
For Windows users, the biggest visible change may be an increase in the number of security fixes delivered each month. Enterprise IT teams could also face more testing as updates become more frequent, although Microsoft says technologies such as Known Issue Rollback (KIR) and Windows Autopatch should help reduce disruption if problems occur.
