{"slug": "microsofts-record-patch-tuesday-and-it-says-ai-found-the-bugs", "title": "Microsoft’s record Patch Tuesday, and it says AI found the bugs", "summary": "Microsoft shipped its largest-ever Patch Tuesday update, fixing a record 622 vulnerabilities, and attributed the surge to AI-powered bug discovery tools. Three zero-days were patched, two of which are already under active attack. The company warned that AI is both accelerating vulnerability detection and enabling attackers to reverse-engineer fixes faster.", "body_md": "Microsoft has never shipped a bigger security update. Its July [Patch Tuesday](https://thenextweb.com/news/nadella-reverse-information-paradox-ai-ip) fixed a record haul of flaws, and the company says AI is why the count keeps climbing.\n\nThe scale is hard to ignore. By Microsoft’s own [count](https://support.microsoft.com/en-us/servicing/os/windows-11/2026/07/july-14-2026-kb5101649-os-build-28000-2525), the update patched 622 vulnerabilities. That more than tripled June’s tally, which had set a record of its own. [Krebs on Security](https://krebsonsecurity.com/2026/07/microsoft-patches-a-record-570-security-flaws/), which first reported the release, put the figure at 570. Another 428 Chromium bugs in Edge sit on top.\n\n## Three zero-days, two under attack\n\nFifty-eight of the flaws count as critical. Three are zero-days, which means they were public or exploited before a fix existed. Two of those are already in active use.\n\nThe first, CVE-2026-56155, lets an attacker raise their privileges through Active Directory Federation Services, the system that signs a network’s logins. The second, CVE-2026-56164, does the same through on-premises SharePoint. Neither carries a scary severity score. Attackers are using both anyway.\n\nThat is the real lesson. CISA has added both to its known-exploited list and told federal agencies to patch within days. The third zero-day, a BitLocker bypass, needs physical access, so it is less urgent.\n\n## AI is writing the patch notes\n\nMicrosoft is blunt about the cause. In a [blog post](https://blogs.windows.com/windowsexperience/2026/07/09/evolving-windows-vulnerability-management-to-meet-the-speed-of-ai-powered-discovery/) a week earlier, Windows chief Pavan Davuluri warned customers to expect “a higher volume of security updates” as AI helps find more bugs, faster.\n\nThe tools are doing the digging. Microsoft’s own scanner, MDASH, found 16 of May’s flaws by itself. Anthropic’s [Mythos model](https://thenextweb.com/news/osfi-canada-banks-claude-mythos-warning) has been credited with a surge of fixes across the industry. The monthly count has risen with them, from 79 in March to 206 in June to 622 now.\n\nIt fits a wider theme. OpenAI recently showed off [an in-house AI hacker](https://thenextweb.com/news/gpt-red-openai-ai-hacker) that hunts flaws in its own models.\n\n## The same tools help attackers\n\nThere is a catch. Once a patch ships, attackers can compare it with the old code, spot the hole it plugs, and build an exploit within hours. The old habit of waiting a week to patch is fading.\n\nIt also breaks how teams triage. When a release carries 600 flaws and dozens rate critical, the label stops sorting anything. This month’s two exploited bugs prove it. Both score mid-tier, and both are in use.\n\nTeams are already stretched. Benchmarks built to measure AI’s [hacking skills keep getting saturated](https://thenextweb.com/news/ai-cyber-benchmarks-outpaced-hacking-tests), and researchers keep [tricking coding assistants](https://thenextweb.com/news/github-copilot-workflow-jailbreak-alan-turing-institute) into unsafe behaviour.\n\n## A rocky rollout\n\nThe update has not been smooth. Microsoft [paused the rollout](https://www.theregister.com/os-platforms/2026/07/15/microsoft-cancels-patch-tuesday-for-some-dell-users-over-surprise-shutdowns-overheating-devices/5271691) for some Dell devices with Intel chips, after reports of sudden shutdowns, overheating, and battery drain. A fix is due within days.\n\nFor everyone else, the advice is the same as ever, only more urgent. Sort by what is being exploited, not by the number on the box. And patch faster than you used to.\n\n## Get the TNW newsletter\n\nGet the most important tech news in your inbox each week.", "url": "https://wpnews.pro/news/microsofts-record-patch-tuesday-and-it-says-ai-found-the-bugs", "canonical_source": "https://thenextweb.com/news/microsoft-patch-tuesday-record-ai-found-flaws", "published_at": "2026-07-16 13:11:41+00:00", "updated_at": "2026-07-16 13:37:17.075497+00:00", "lang": "en", "topics": ["ai-tools", "ai-safety"], "entities": ["Microsoft", "CISA", "Anthropic", "OpenAI", "Pavan Davuluri", "Active Directory Federation Services", "SharePoint", "BitLocker"], "alternates": {"html": "https://wpnews.pro/news/microsofts-record-patch-tuesday-and-it-says-ai-found-the-bugs", "markdown": "https://wpnews.pro/news/microsofts-record-patch-tuesday-and-it-says-ai-found-the-bugs.md", "text": "https://wpnews.pro/news/microsofts-record-patch-tuesday-and-it-says-ai-found-the-bugs.txt", "jsonld": "https://wpnews.pro/news/microsofts-record-patch-tuesday-and-it-says-ai-found-the-bugs.jsonld"}}