Home News More Windows security updates to come as Microsoft leverages AI vulnerability detection, but 'only the highest-confidence findings reach the engineering team'
gaming Jul 13, 2026 · 👁 2 views · Syndicated from PC Gamer

More Windows security updates to come as Microsoft leverages AI vulnerability detection, but 'only the highest-confidence findings reach the engineering team'

I'm pretty staunchly opposed to the use of generative AI—for me, it's the one-two punch of dubiously sourced datasets and the argument that these models can replace the human creatives they so often rip off. That said, even I'm a little bit intrigued by AI's application in cybersecurity.Case in point, Microsoft recentl...

More Windows security updates to come as Microsoft leverages AI vulnerability detection, but 'only the highest-confidence findings reach the engineering team'

I'm pretty staunchly opposed to the use of generative AI—for me, it's the one-two punch of dubiously sourced datasets and the argument that these models can replace the human creatives they so often rip off. That said, even I'm a little bit intrigued by AI's application in cybersecurity.

Case in point, Microsoft recently shared that it is deploying AI to "identify [issues] faster, prioritize risk, and scale vulnerability discovery across the Windows codebase" as well as "reduce the time between discovery and customer protection." Specifically, Microsoft Security leverages a multi-model agentic scanning harness—or MDASH, for short.

MDASH uses multiple different AI models, including "leading third-party AI vulnerability discovery models," on dedicated Cloud infrastructure to scan for vulnerabilities within Windows.

The executive vice president of Windows + Devices, Pavan Davuluri, explains, "A scanner pipeline scans critical binaries and validates candidates using multi-model debate across multiple model families. Confirmed candidates then flow to a separate, Windows-specific prove pipeline that helps eliminate remaining false positives, so only the highest-confidence findings reach the engineering team."

Multiple times, the emphasis is placed on the use of AI tools "to reduce the time from discovery to protection," whereas 'human expertise' is still what handles key security decisions and fixes.

(Image credit: Microsoft)

Davuluri goes on to add, "As AI helps defenders discover more issues, customers will see a higher volume of security updates included in each security release. This is evidence that defenders are getting better at identifying and addressing issues. Our focus is to effectively utilize these AI tools to support faster protection, stronger engineering systems and more actionable guidance for customers."

Microsoft is far from the only company leveraging AI, with Firefox's CTO raving about Claude Mythos' bug-hunting capabilities after it found 271 vulnerabilities in the browser earlier this year. Last year, we also saw an AI hold the top spot in a leaderboard that ranks people who hunt for system vulnerabilities.

Obviously, I'm still not thrilled by the fact that these cybersecurity applications are necessitated by threat actors increasingly using AI in their attacks. For example, one AI-assisted hacking group hit targets with a complicated 'social engineering' scam involving deepfaked CEOs, spoofed Zoom calls, and a malicious troubleshooting program.

That said, both LLMs and AI agents can also be manipulated themselves, with security researchers finding that both bad maths and even poetry can be leveraged to get around AI models' safety guard rails. With all sides leveraging machine learning to some degree, it's hard not to feel like it's a bit of a race to the bottom—or wonder which side will win out.

Read full story at PC Gamer →

Original reporting appears on the publisher’s site.

Open original article →
Related Articles
gaming

Assassin's Creed Black Flag Resynced Could Be Doing FromSoftware a Favor

gaming

Destiny 2: Best Solar Stronghold Titan Build (Praxic Blade PvE)

gaming

Near-Perfect Single-Player FPS Games You Forgot Exist