Microsoft's MDASH Found 16 of This Month's Windows Bugs. Palo Alto Found 75 in One Scan.

For years, AI finding software vulnerabilities at scale was a forecast. This week it became a line item. Microsoft's MDASH autonomously found 16 of the bugs in May's Patch Tuesday. Palo Alto Networks pointed frontier models at its own codebase and surfaced 75 flaws in a single scan — against a baseline of about five a month.

REDMOND, WA — Microsoft and Palo Alto Networks disclosed on May 13, 2026 that AI-driven vulnerability discovery has moved from research demonstration to operational practice. Microsoft's MDASH — short for multi-model agentic scanning harness, a model-agnostic system that orchestrates more than 100 specialized AI agents across an ensemble of frontier and distilled models — autonomously discovered 16 of the vulnerabilities fixed in Microsoft's May 2026 Patch Tuesday release, four of them rated critical, including unauthenticated remote-code-execution flaws in the Windows kernel TCP/IP stack and the IKEv2 service. Separately, Palo Alto Networks said it scanned its entire codebase with frontier models including Anthropic's Mythos and found 75 security flaws, covered across 26 CVEs — against a baseline in which the company typically identifies about five vulnerabilities a month.

The disclosures land alongside The CyberSignal's recent reporting on the NGINX Rift vulnerability — an 18-year-old critical RCE that F5's DepthFirst AI found in roughly six hours — to mark the same threshold from three vendors at once: autonomous AI systems are now finding critical, real vulnerabilities in production code faster than human review ever did. Taesoo Kim, Microsoft's vice president of agentic security, described the MDASH architecture as orchestrating "more than 100 specialized AI agents across an ensemble of frontier and distilled models to discover, debate, and prove exploitable bugs end-to-end." Microsoft also reported benchmark results: against pre-patch snapshots of two heavily audited Windows components, MDASH recovered 96 percent and 100 percent of the vulnerabilities confirmed over the past five years, and it scored 88 percent on the public CyberGym benchmark of 1,507 real-world vulnerability tasks. MDASH is currently in limited private preview with select customers.

The Numbers Are the Disclosure

The framing that matters here is quantitative. Microsoft's MDASH did not find a clever bug; it found 16 of them in a single Patch Tuesday cycle, four critical, including unauthenticated remote-code-execution flaws in two of the most security-sensitive components Windows has — the kernel TCP/IP stack and the IKEv2 service. Palo Alto Networks did not find a few extra issues; it went from a baseline of roughly five vulnerabilities a month to 75 flaws across 26 CVEs from a single codebase scan, an order-of-magnitude jump. And F5's DepthFirst AI found the NGINX Rift RCE, dormant for 18 years, in about six hours. Three vendors, the same week, the same result: AI systems auditing production code are operating at a discovery rate that human-only review never approached.

Microsoft's benchmark numbers are what move this from impressive demo to operational claim. Against pre-patch snapshots of two heavily audited Windows components, MDASH recovered 96 percent and 100 percent of the vulnerabilities that had been confirmed over the previous five years — meaning it found, in a single run, nearly everything human researchers had found over half a decade. On the public CyberGym benchmark of 1,507 real-world vulnerability tasks, it scored 88 percent. Those are not the numbers of a tool that occasionally gets lucky. They describe a capability that, pointed at a codebase, can be expected to surface most of what is there.

The Same Capability Cuts Both Ways

Every one of these disclosures is a defensive use of AI — vendors auditing their own code before attackers can. That is genuinely good news, and it should not be minimized. But the capability is not vendor-exclusive, and defenders should not pretend otherwise. The CyberSignal has tracked the offensive side of this same curve: Google's disclosure of the first AI-generated zero-day caught in the wild, Germany's warning that China is close to an AI 'superhacker' and building it in secret, and Kaspersky's finding of apparently LLM-developed code in a North Korean Kimsuky backdoor. MDASH and Mythos are the defensive mirror image of all three. The honest reading is that the AI vulnerability discovery economy is now functioning on both sides of the line at once.

What that does to defender economics is compress the response window. If a vendor's AI can find 16 critical-adjacent bugs in a Patch Tuesday cycle, an adversary's AI can plausibly find comparable bugs in the same codebase — and the gap between disclosure and exploitation, already shrinking, gets shorter still. Patch SLAs written in 2024 and 2025 assumed a world where critical flaws in well-audited code surfaced rarely and exploitation took time to develop. That world is the one MDASH, Mythos, and DepthFirst just ended. The defensive AI tooling helps, but it does not buy back the time; it raises the discovery rate for everyone, and the side that patches slower loses more.

What Vulnerability Management Has to Become

The operational response is not complicated, but it requires admitting the patch cadence has structurally changed. Recalibrate patch SLAs for critical-severity vulnerabilities around an "AI found this in hours" discovery model rather than the slower pace older programs assumed. For Microsoft and Palo Alto Networks customers specifically, the near-term consequence is concrete: more of every vendor's patch releases will be AI-discovered, which means larger patch sets arriving on a faster cadence — and the May Patch Tuesday, with 16 MDASH-discovered CVEs in it, is the new normal, not an anomaly. Brief executives and boards that this is now the operating environment, and that falling behind the patch curve is a faster route to compromise than it was a year ago.

For DevSecOps and AppSec teams, the disclosures are also an invitation. The same class of tooling — MDASH-equivalent harnesses, frontier-model code scanning, DepthFirst-style autonomous auditing — is becoming available to defenders who are not Microsoft. Organizations that build software should be investigating AI-driven vulnerability discovery against their own codebases now, on the assumption that if they do not find the long-dormant bugs in their stack, an AI-equipped attacker eventually will. Pre-script the scenario where a vendor announces an AI-discovered critical CVE in something you depend on, and the scenario where an AI audit finds an 18-year-old flaw in your own code — because, as the NGINX Rift case showed, both are now routine outcomes rather than hypotheticals.

The CyberSignal Analysis

Signal 01 — AI Vulnerability Discovery Is Operational at Vendor Scale — Recalibrate Patch SLAs Now

Three vendors in one week — Microsoft's MDASH with 16 Patch Tuesday CVEs, Palo Alto Networks with 75 flaws in one scan, F5's DepthFirst with the 18-year-old NGINX Rift RCE — establish that autonomous AI vulnerability discovery is operational, not experimental. MDASH's benchmark numbers, recovering 96 to 100 percent of five years of confirmed bugs and scoring 88 percent on CyberGym, confirm it is a reliable capability, not an occasional success. The practical consequence is a faster, larger patch cadence from every major vendor. Vulnerability management programs should recalibrate critical-severity patch SLAs around an "AI-discovered in hours" model, plan for larger patch sets arriving more often, and brief boards that falling behind the patch curve is now a materially faster route to compromise.

Signal 02 — The Capability Is Not Vendor-Exclusive — Plan for the Offensive Mirror Image

Every MDASH and Mythos disclosure is defensive, but the capability generalizes. The CyberSignal has tracked the offensive side of the same curve — the first AI-generated zero-day in the wild, Germany's Chinese 'superhacker' warning, LLM-developed code in a North Korean backdoor. Defenders should assume adversaries can point comparable tooling at the same codebases, which compresses the disclosure-to-exploitation window further. The response is twofold: shorten patch deployment windows to match the compressed threat timeline, and for organizations that build software, investigate AI-driven vulnerability discovery against your own code now — on the assumption that the long-dormant bugs an AI audit would find are the same ones an AI-equipped attacker will find if you do not. Pre-script both the "AI-discovered CVE in a dependency" and "AI audit finds an old flaw in our code" scenarios.

What to Do This Week

1. Recalibrate patch SLAs for critical-severity vulnerabilities around an "AI-discovered in hours" model. Plan for larger patch sets arriving on a faster cadence — May's Patch Tuesday, with 16 MDASH-discovered CVEs, is the new baseline, not an outlier.
2. For Microsoft customers: prioritize the May 2026 Patch Tuesday, and note that four of the MDASH-discovered flaws are critical, including unauthenticated RCE in the Windows kernel TCP/IP stack and the IKEv2 service.
3. For Palo Alto Networks customers: track the 26 CVEs from the company's Mythos-assisted codebase scan as patches are released, and update your vendor risk register to reflect AI-augmented internal security review.
4. For DevSecOps and AppSec teams: investigate AI-driven vulnerability discovery against your own codebases now — MDASH-equivalent harnesses and frontier-model code scanning are becoming broadly available, and the long-dormant bugs you do not find, an AI-equipped attacker eventually will.
5. Pre-script two scenarios in your incident-response and vulnerability-management playbooks: a vendor announcing an AI-discovered critical CVE in something you depend on, and an AI audit surfacing a long-dormant flaw in your own code. Brief boards that this is the new operating environment.

Sources