Microsoft Revolutionizes Windows Security with Over 100 AI Agents
Le brief IA que les pros lisent chaque soir
Les 7 actus IA du jour, décryptées en 5 min. Gratuit.
Inclus dès l'inscription : notre sélection des meilleurs guides & comparatifs IA.
Choisis ton rythme
Gratuit · Pas de spam · Désabonnement en 1 clic
Microsoft recently introduced an innovative security system based on artificial intelligence, named MDASH (Multi-Model Agentic Scanning Harness). This system utilizes over 100 specialized AI agents to automatically detect vulnerabilities in software, particularly within the Windows operating system. Unlike traditional methods that rely on a single AI model, MDASH orchestrates a multitude of agents across various advanced and distilled models.
During Patch Tuesday on May 12, 2026, Microsoft announced that MDASH had discovered 16 new vulnerabilities in the networking and authentication stack of Windows. Among these, four were classified as critical, including remote code execution vulnerabilities in essential components such as tcpip.sys, IKEv2 (ikeext.dll), netlogon.dll, and dnsapi.dll. Microsoft specified that ten of these vulnerabilities affect kernel mode, and most can be exploited remotely without requiring prior authentication.
The operation of MDASH relies on a four-step pipeline. Initially, the system analyzes the source code to map the potential attack surface. Next, specialized auditing agents scour the code for suspicious areas. In a third phase, a group of agents, referred to as "debators," assesses the exploitability of the findings. Finally, Evidence Leader agents attempt to trigger the identified vulnerabilities using specific inputs.
MDASH achieved an impressive score of 88.45% on the public benchmark CyberGym, which includes 1,507 real vulnerabilities. This score places the system at the top of the rankings, about five points ahead of the next best-ranked model. However, this comparison may be misleading, as MDASH employs a comprehensive framework of AI agents, whereas other models are evaluated individually.
Microsoft did not disclose the specific models used to achieve this score, only mentioning "SOTA models" (state-of-the-art) and "distilled models." The development of MDASH was supported by Microsoft's autonomous code security team, including members of Team Atlanta, winners of the DARPA AI Cyber Challenge. For this competition, the team built an autonomous cyber reasoning system capable of detecting and fixing bugs in complex open-source projects.
MDASH is currently available in a limited private preview for select external customers. This initiative comes amid a backdrop where other companies, such as OpenAI and Anthropic, are also investing in AI cybersecurity to counter threats amplified by artificial intelligence systems. Microsoft emphasizes that its own codebase, including Windows, Hyper-V, and Azure, is particularly challenging to audit as it is not included in public training data.
The MDASH pipeline is designed to be model-agnostic, allowing for the testing of new models against old ones simply by changing the configuration. Plugins also enable the integration of domain-specific knowledge, such as kernel calling conventions or IPC trust boundaries, which the foundational models do not inherently know.
Brief IA — L'actualité IA en français
L'essentiel de l'actualité de l'intelligence artificielle, décrypté et expliqué chaque jour.