Microsoft is overhauling how it manages Windows security updates after internal AI tools began surfacing vulnerabilities faster than its engineering teams could process them under the old patch cycle, the company said in a July 9 post on the Windows Experience Blog.
An AI system built to hunt for bugs
The shift centers on a system Microsoft calls MDASH, the Multi-model Agentic Scanning Harness, which orchestrates more than 100 specialized AI agents across a mix of frontier and smaller distilled models. According to Microsoft, candidate flaws move through a scanner pipeline, get cross-checked as models debate each other’s findings, and then pass through a Windows-specific “prove” stage that builds a working exploit to rule out false positives before anything reaches a human engineer.
Microsoft first detailed MDASH in a May 12 post, crediting the system with finding 16 previously unknown vulnerabilities in Windows networking and authentication components, including four critical remote-code-execution flaws in the TCP/IP stack and IKEv2 service, all patched in that month’s Patch Tuesday release. On CyberGym, a public benchmark covering 1,507 real-world vulnerability-reproduction tasks, Microsoft says MDASH scored 88.45%, about five points ahead of the next-best system on the leaderboard.
Why Patch Tuesday is changing
In the July update, Microsoft said MDASH has moved past testing and is now used by security engineers across Windows, Azure and identity systems as part of routine workflows. That means customers should expect more security updates bundled into each monthly release, not fewer, as the tool catches issues that previously went unnoticed for longer.
To manage the added volume, Microsoft is expanding optional preview “D” releases, patches published roughly two weeks ahead of the main Patch Tuesday cycle so IT teams can test fixes early, and pushing organizations toward hotpatching through Windows Autopatch and Azure Arc, which install fixes without a reboot. The company also said it wants customers to move from fixed monthly patch schedules toward risk-based prioritization, backed by its Known Issue Rollback tool for quickly reversing problematic updates.
“The fastest way to reduce customer exposure is to find issues before attackers can use them,” Windows and Devices head Pavan Davuluri said in the post.