Microsoft Taps AI to Find Windows Vulnerabilities | eWeek

Microsoft Taps AI to Find Windows Vulnerabilities Before Hackers Do

Microsoft is using AI-assisted tools to help identify Windows vulnerabilities earlier, allowing engineers to fix more security flaws before attackers can exploit them.

Microsoft is using AI-assisted tools to help identify Windows vulnerabilities earlier, allowing engineers to fix more security flaws before attackers can exploit them./ Image: Microsoft

Jul 13, 2026
3 minute read
eWeek content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More

Don't be surprised if Windows security updates start getting bigger. Microsoft says AI is helping engineers uncover more vulnerabilities before attackers do.

Microsoft announced that future security releases are expected to include more fixes, as AI enables its engineers to identify security issues that previously may have been harder or slower to detect. 

Pavan Davluri, vice president for Windows + Devices at Microsoft, portrayed the move as the future of Windows security, saying, “The fastest way to reduce customer exposure is to find issues before attackers can use them.” 

To support that shift, Microsoft is using a multi-model AI framework that scans Windows code, validates its findings, and then sends weaknesses flagged with high confidence to Microsoft’s engineers, so humans remain in the loop. The company also updated Microsoft Secure Development Lifecycle to account for AI-powered attack techniques, arguing that defensive practices must evolve alongside advances in AI.

AI-driven security pays Windows customers a visit

In a blog post released on July 9, the company announced the change, framing it as an adaptation to “emerging threats.”

Central to this change is Microsoft Security’s new Multi-model Agentic Scanning Harness (MDASH), an AI-assisted vulnerability discovery system that uses multiple AI models to scan Windows code for potential security flaws. MDASH compares results from multiple AI models and autonomous agents before passing likely vulnerabilities through a validation pipeline. Microsoft separately said its broader security ecosystem processes more than 100 trillion signals each day. 

Working lifecycle of MDASH.
Working lifecycle of MDASH/Image: Microsoft

Microsoft said the approach will help its engineers identify more vulnerabilities across Windows at greater speed and scale, allowing more issues to be fixed before they can be exploited.

The company maintains that it will continue to “collaborate with the Microsoft Security Response Center (MSRC) to continuously refine the end-to-end process from vulnerability discovery and issue filing to remediation and validation.”

Part of Microsoft’s optimization playbook

While Microsoft did not directly link the announcement to Windows K2, this latest announcement fits within Microsoft’s broader effort to improve the Windows update experience. Earlier this year, Microsoft pledged to keep Windows updates more reliable and less disruptive for users.

Part of this latest effort aligns with that objective. Microsoft said the increased pace of AI-assisted vulnerability discovery and remediation will not come at the expense of update quality, noting that security updates will continue to undergo extensive validation for compatibility, reliability, and real-world usage before broad release. 

Advertisement

What Microsoft recommends for customers

While receiving frequent security updates is important, installing them promptly is just as important.

For organizations, Microsoft recommends testing updates before broad deployment. The announcement also highlighted Windows Autopatch, which can automate update rollout and, for systems that require minimal downtime, the use of hotpatch to apply certain security fixes without requiring a restart.

For users, the message is simple: as Windows security updates add more fixes, staying current remains the best way to benefit from those protections.

Related News: Researchers say they've identified the first agentic ransomware. Learn what JadePuffer can do.

Joseph Chisom Ofonagoro

Joseph is a Technical Writer with about 3 years of experience in the industry, also advancing a career in cyber threat intelligence. He is passionate about the responsible use of technology, a passion that led him into cybersecurity. As an undergrad, he leads a novel community of technology enthusiasts at his school, NOUN, where he guides and shares resources for beginners in tech. His writing experience includes a diverse range of topics, from consumer tech to startups to tutorials. Additionally, he periodically shares case studies and research reports on cybersecurity on his social media pages.

eWeek Logo

eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site's focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

Property of TechnologyAdvice. © 2026 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.