cd /news/artificial-intelligence/microsoft-goes-all-in-on-new-ai-powe… · home topics artificial-intelligence article
[ARTICLE · art-52955] src=zdnet.com ↗ pub= topic=artificial-intelligence verified=true sentiment=· neutral

Microsoft goes all in on new AI-powered Windows security strategy - what it means for you

Microsoft is accelerating its use of AI to detect vulnerabilities in Windows, deploying a multi-model agentic scanning harness (MDASH) that has already found and patched 16 vulnerabilities. The company aims to reduce the time between discovery and customer protection by integrating AI earlier in the development process, while still relying on human expertise for evaluation.

read5 min views1 publishedJul 9, 2026
Microsoft goes all in on new AI-powered Windows security strategy - what it means for you
Image: Zdnet (auto-discovered)

Follow ZDNET: Add us as a preferred source on Google.

ZDNET's key takeaways

  • Microsoft is accelerating its use of AI to detect vulnerabilities in Windows.
  • The new test routines have already deployed critical fixes to customers.
  • Enterprise admins should be prepared to see more fixes in each update.

In the ongoing battle between the criminals who attack corporate networks and the engineers who defend them, one side has an unfair advantage. The bad guys can launch a thousand unsuccessful attacks without consequences, but if they succeed once, they can reap riches and create havoc. The good guys have to repel every attack.

Adding AI to the mix makes the problem even worse, with attackers able to find new vulnerabilities and attack them at dramatically increased speed. The biggest target of all is Microsoft Windows, which runs on more than 1.5 billion PCs and servers worldwide.

Also: 5 ways to fortify your network against the new speed of AI attacks

To fight back, Microsoft is going all-in on an automated, AI-based process to find those vulnerabilities earlier, deliver them to engineers for review, and deliver updates faster.

The details are in a new blog post from Pavan Davuluri, EVP of Microsoft's Windows + Devices division titled Evolving Windows vulnerability management to meet the speed of AI-powered discovery.

The fastest way to reduce customer exposure is to find issues before attackers can use them. Windows is expanding its ability across the platform to find issues earlier, accelerate the engineering work to fix them, strengthen validation, and deliver timely, high-quality updates that keep customers protected.

By applying AI across security analysis, we can identify patterns faster, prioritize risk, and scale vulnerability discovery across the Windows codebase. This helps reduce the time between discovery and customer protection.

Davuluri said Microsoft Security has built dedicated cloud-based scanning and validation pipelines for MDASH, its "multi-model agentic scanning harness," to identify Windows vulnerabilities at scale, reduce false positives, and get high-confidence issues to engineers faster, shrinking the opportunity for malicious actors to launch zero-day attacks.

Microsoft introduced MDASH in May, crediting the new tools with discovering 16 vulnerabilities, four of them rated Critical. All of them were patched in that month's security update. The new test framework (the "harness") was developed by the Microsoft Autonomous Code Security (ACS) team; the company said it "orchestrates more than 100 specialized AI agents across an ensemble of frontier and distilled models to discover, debate, and prove exploitable bugs end-to-end."

Also: Microsoft's new Windows 11 recovery tool is the ultimate Undo button - how to enable it

Those AI-powered tools are going to get involved much earlier in the development process, according to Microsoft:

We continue to evolve our internal systems and practices so that vulnerability discovery is not treated as a separate activity, but as part of how we build, review and improve Windows before new features or updates are released. As a part of this we are updating our Secure Development Lifecycle (SDL) best practices to ensure our secure-by-design approach explicitly accounts for potential AI-enabled attack techniques and exploit paths.

That means using AI to help identify potential issues earlier in the development process, while relying on human expertise to evaluate findings, make risk-based decisions and ensure fixes meet the quality bar customers expect.

That promise to continue relying on human expertise is an important one. Whenever AI is involved at scale, there's a temptation to trust its results and skip over the necessary verification steps. And it's being introduced at a time when Microsoft is targeting some of its most experienced employees -- about 7% of the company's US-based workforce -- with a "voluntary retirement program."

As longtime Microsoft watchers Todd Bishop and Kurt Schlosser noted last month, "For those staying behind, there's another worry: the loss of institutional knowledge and experience as so many longtime employees head for the door at once." Those security engineers who remain will have to cope with the increased workload without having some of their most experienced colleagues around to help.

What does this new AI-powered pipeline mean for the humans responsible for maintaining Windows PCs? For starters, it means more issues fixed in each update. "Customers will see a higher volume of security updates included in each security release," Microsoft acknowledged.

That will, unfortunately, increase the burden on enterprise customers to test updates before deploying them and monitor those updates afterward. If they see an issue during initial testing, Microsoft said, those admins can use a technology called Known Issue Rollback (KIR) to revert the change that caused the problem, rather than having to uninstall an entire update to get things running again.

Also: You can soon restore Windows 11 from scratch even if it can't boot up - here's how

That accelerated pace might incentivize some corporate customers to speed up their deployment of modern patching tools like Windows Autopatch in Microsoft Intune, which includes the ability to deliver hotpatch updates that don't require a reboot. Similar tools are available for applying security updates to Windows Servers, also without requiring a reboot.

"As the pace of vulnerability discovery increases," Davuluri said, "customers shouldn't have to choose between speed and stability." That's a worthy goal, to be sure, but maintaining that balance means Microsoft's engineers and customers are going to have to move faster than ever to match the pace of those new AI tools.

Featured

Editorial standards

── more in #artificial-intelligence 4 stories · sorted by recency
── more on @microsoft 3 stories trending now
sponsored brought to you by zahid.host 4,200+ EU-deployed projects
reading about agents? ship yours in a single git push.

Run your AI side-project on zahid.host

EU-based hosting, git-push deploys, automatic HTTPS, no cold starts. Free tier with a custom domain — perfect for shipping the agent you just read about.

$git push zahid main
Live at https://your-agent.zahid.host
Get free account → Pricing
from €0/mo · no card required
LIVE [news/microsoft-goes-all-i…] indexed:0 read:5min 2026-07-09 ·