Microsoft Patches Record 570 Security Flaws in Single Update, Credits AI-Powered Discovery Microsoft patched a record 570 security flaws in its July Patch Tuesday update, a 316% increase from the same month last year, crediting an AI-powered vulnerability discovery system for the surge. The update fixed three zero-day vulnerabilities, two of which were actively exploited in Active Directory Federation Services and SharePoint Server. Microsoft Patches Record 570 Security Flaws in Single Update, Credits AI-Powered Discovery - Microsoft's July Patch Tuesday fixed a record 570 vulnerabilities — a 316% increase from 137 in July 2025 and nearly triple the 200 patched in June 2026 1 https://www.bleepingcomputer.com/news/microsoft/microsoft-july-2026-patch-tuesday-fixes-massive-570-flaws-3-zero-days/ - The company credited an AI-powered vulnerability discovery system deployed across its Windows codebase for the surge in detections 2 https://techcrunch.com/2026/07/15/microsoft-patches-record-number-of-security-vulnerabilities-citing-its-use-of-ai/ - Three zero-day flaws were patched, including two actively exploited in Active Directory Federation Services and SharePoint Server 1 https://www.bleepingcomputer.com/news/microsoft/microsoft-july-2026-patch-tuesday-fixes-massive-570-flaws-3-zero-days/ - 59 of the 570 vulnerabilities were rated critical, with 48 enabling remote code execution across products including Office, Exchange, and SQL Server 1 https://www.bleepingcomputer.com/news/microsoft/microsoft-july-2026-patch-tuesday-fixes-massive-570-flaws-3-zero-days/ - Microsoft EVP Pavan Davuluri said 'the pace of vulnerability discovery is changing with advances in AI making it possible to find more issues, faster' 3 https://krebsonsecurity.com/2026/07/microsoft-patches-a-record-570-security-flaws/ Microsoft on Tuesday released security fixes for a record 570 vulnerabilities across its product line, the largest single Patch Tuesday in the company's history. The company explicitly credited an AI-powered vulnerability discovery system it recently deployed to scan its Windows codebase for the unprecedented volume of detections 1 https://www.bleepingcomputer.com/news/microsoft/microsoft-july-2026-patch-tuesday-fixes-massive-570-flaws-3-zero-days/ 2 . The July release dwarfs previous months: it represents a 316% increase from the 137 flaws patched in July 2025 and a 185% jump from the 200 vulnerabilities fixed in June 2026 4 . Of the 570 flaws, 59 were rated critical — 48 of which enable remote code execution — and three were zero-day vulnerabilities, with two already being exploited by attackers in the wild . 1 https://www.bleepingcomputer.com/news/microsoft/microsoft-july-2026-patch-tuesday-fixes-massive-570-flaws-3-zero-days/ The update touches virtually every major Microsoft product, including Office Excel, Word, PowerPoint, SharePoint , Active Directory, Exchange Server, SQL Server, Hyper-V, Remote Desktop Client, and the Windows kernel 1 . Microsoft now recommends enterprises install Windows 11 quality updates within three days, citing AI-driven cyberattacks that exploit new vulnerabilities faster than ever . 4 https://www.windowslatest.com/2026/07/15/microsoft-patched-a-record-570-windows-11-flaws-in-july-4x-last-year-as-ai-finds-bugs-faster/ The Zero-Days Two of the three zero-day vulnerabilities were already under active exploitation before Tuesday's patches. CVE-2026-56155 affects Active Directory Federation Services and allows an authenticated attacker to escalate privileges to administrator level. It was discovered internally by Microsoft's Detection and Response Team DART 1 . CVE-2026-56164 targets Microsoft SharePoint Server, where a missing authentication check enables an unauthorized network attacker to remotely escalate privileges. Microsoft recommended enabling the Antimalware Scan Interface AMSI and setting Request Body Scan to Full as a mitigation 1 . The third zero-day, CVE-2026-50661, is a BitLocker Security Feature Bypass that allows an attacker with physical access to a device to read encrypted data on storage devices. It was publicly disclosed before the patch was available 1 . AI as the Engine Microsoft had warned in recent weeks that the volume of its security updates would increase as it deployed AI-powered tools to hunt for bugs proactively. The company said its system scans the Windows codebase to identify flaws before threat actors can exploit them 2 . The sheer volume underscores a broader shift in the cybersecurity landscape: AI is accelerating both offense and defense simultaneously. Microsoft is not alone — Google released more than 900 security fixes in June 2026, similarly fueled by automated detection 3 . The Full Breakdown The 570 vulnerabilities break down by type as follows: 254 elevation-of-privilege flaws, 145 remote code execution bugs, 102 information disclosure issues, 35 denial-of-service vulnerabilities, 17 security feature bypasses, and 16 spoofing flaws 1 . The 59 critical-severity issues are concentrated in remote code execution 48 , elevation of privilege 9 , security bypass 1 , and spoofing 1 . Affected products span enterprise staples like Exchange Server and SQL Server alongside consumer-facing software like Office and Windows Media Foundation 1 . Industry Reaction Security researchers flagged both the scale and the implications of AI-accelerated vulnerability discovery. Satnam Narang, a senior staff research engineer at Tenable, warned that current exploit-risk models are calibrated for human attackers, not AI-powered ones. 'The exploitability index is centered around humans, not AI tools,' Narang said, noting that attackers are increasingly using AI to rapidly develop exploits for known vulnerabilities 3 . Adobe, Cisco, Mozilla, and Oracle are all similarly accelerating their own patch cycles, suggesting the industry is entering a new phase where AI-driven discovery — on both sides — compresses the window between disclosure and exploitation 3 . What's Next Microsoft's signal is clear: patch volumes will continue rising as AI scanning matures. The company's new guidance urging enterprises to apply updates within three days — rather than the traditional monthly cadence many organizations follow — reflects an environment where the gap between patch release and exploit development is shrinking rapidly 4 . Microsoft shares rose 2.8% on the day to $395.63, giving the company a market capitalization of roughly $2.94 trillion. The stock is down about 18% year-to-date amid broader pressure on large-cap tech 5 . Companies mentioned Further sources 1 BleepingComputer: Microsoft July 2026 Patch Tuesday fixes massive 570 flaws, 3 … ↗ https://www.bleepingcomputer.com/news/microsoft/microsoft-july-2026-patch-tuesday-fixes-massive-570-flaws-3-zero-days/ 2 TechCrunch: Microsoft patches record number of security vulnerabilities, citing… ↗ https://techcrunch.com/2026/07/15/microsoft-patches-record-number-of-security-vulnerabilities-citing-its-use-of-ai/ 3 Krebs on Security: Microsoft Patches a Record 570 Security Flaws ↗ https://krebsonsecurity.com/2026/07/microsoft-patches-a-record-570-security-flaws/ 4 WindowsLatest: Microsoft patched a record 570 Windows 11 flaws in July, 4x last… ↗ https://www.windowslatest.com/2026/07/15/microsoft-patched-a-record-570-windows-11-flaws-in-july-4x-last-year-as-ai-finds-bugs-faster/ 5 FMP stock quote for MSFT, accessed July 16, 2026 ↗ https://financialmodelingprep.com/ The stories that matter, in one email. Free — unsubscribe anytime.