Skip to main content
CybersecurityVulnerability Management

Microsoft Ramps Up Vulnerability Detection with AI-Driven Scanning Tools

Modern office workspace with laptop, papers, and blurred computer screen.

“As AI helps defenders discover more issues, customers will see a higher volume of security updates included in each security release,” Microsoft warned in a July 9 blog post, framing an upcoming rise in Windows updates as the direct consequence of using AI to hunt down more zero‑day vulnerabilities.

Microsoft’s AI push: identification, prioritization and scale

In its post, Microsoft said it is applying AI to “identify patterns faster, prioritize risk and scale vulnerability discovery across the Windows codebase.” The company described this increase in discovered issues as “evidence that defenders are getting better at identifying and addressing issues,” and said its focus is to use AI tools to “support faster protection, stronger engineering systems and more actionable guidance for customers.”

Microsoft explicitly tied the expected surge in security updates to this improved discovery capability: as more issues are found — including zero‑day vulnerabilities — more fixes will be included in each security release that customers must apply.

MDASH: the multi‑model approach behind the scan pipeline

A named component of Microsoft’s approach is the multi‑model agentic scanning harness (MDASH). According to the company, MDASH “uses several models to find novel vulnerabilities.” To operate at Windows scale, Microsoft said it established “dedicated cloud infrastructure for scanning and proving.”

Microsoft described the workflow briefly: a scanner pipeline examines critical binaries and validates candidate findings using “multi‑model debate across multiple model families.” Confirmed candidates then move to a separate, Windows‑specific “prove pipeline” designed to eliminate remaining false positives so “only the highest‑confidence findings reach the engineering team.” Microsoft argues this automation both increases the volume of potential vulnerabilities that can be handled and shortens the review window, thereby “shrinking the attack window for zero‑day exploits.”

Secure Development Lifecycle updates and retained human oversight

Microsoft said it is also updating its Secure Development Lifecycle (SDL) best practices to account for “AI‑enabled attack techniques and exploit paths.” At the same time, the company emphasized that human oversight will remain in the process “in order to maintain the high quality of updates.”

The company’s framing links faster, AI‑driven discovery with continued engineering and human review designed to reduce false positives and preserve update quality.

CISA’s reported use of Anthropic Fable and CVE Board commentary

The Microsoft announcement comes amid other reports that the US Cybersecurity and Infrastructure Security Agency (CISA) is “reportedly using Anthropic Fable to scan for vulnerabilities across government systems.” The story also notes that in April CISA’s Lindsey Cerkovnik, who represents the agency on the CVE Board, called for “frontier AI companies to play a bigger role in software vulnerability disclosures.”

Those details place Microsoft’s internal shift alongside public sector experimentation and advocacy for leveraging frontier AI in disclosure processes.

Cobalt and Orca studies underscore limits and risks of AI scanning

Not everyone agrees that automation alone is adequate. A June Cobalt study cited by the report found that the percentage of organizations relying entirely on AI automation for vulnerability scanning fell from 29% to 9% between 2025 and 2026. The same Cobalt polling showed that 78% of respondents said fully automated scanning tools missed critical vulnerabilities.

Complementing that finding, an Orca Security study published on July 9 claimed that 81% of organizations run vulnerable AI packages, and that 99.9% of fixable AI vulnerabilities remain unpatched. Those figures frame a gap between the presence of vulnerable AI components in environments and the rate at which organizations are remediating them.

What this means for technologists, policymakers, and enterprises

  • Technologists and security teams: Microsoft’s message signals a higher cadence of Windows security updates as more issues are found by MDASH and similar tools; teams will need to adjust patch‑management workflows to handle a larger volume of updates while relying on human review to filter false positives.
  • Policymakers and regulators: Reports that CISA is “reportedly using Anthropic Fable” and CISA representation on the CVE Board calling for frontier AI involvement suggest public agencies are experimenting with and endorsing more AI in disclosure processes — a development they will monitor for efficacy and risk.
  • Enterprises and procurement leaders: The Cobalt and Orca findings — falling reliance on fully automated scanning, missed critical vulnerabilities, widespread vulnerable AI packages and an almost complete backlog of unpatched fixable AI flaws — underline that purchasing, patching and vendor guidance must account for AI‑related vulnerability risk and increased update volumes.

Microsoft frames the coming surge as proof that defenders are finding more problems, not that the software is suddenly less secure. But the concurrent studies and the reported CISA experiments highlight a mixed picture: AI is expanding discovery, prompting more patches, and forcing organizations and public agencies to reconcile faster finding with the practical limits of automation and patching. Microsoft’s stated goal — to pair AI discovery with stronger engineering, more actionable guidance and continued human oversight — will be the measure against which customers and observers judge whether that surge in updates becomes protection or friction.

Source: Infosecurity Magazine — Microsoft Warns of Increase in Number of Security Updates