Microsoft unveils MDASH, a multi-modal, agentic security system designed to discover and patch vulnerabilities at enterprise scale.

The launch comes amid a broader AI arms race in cybersecurity, where the pace of vulnerability discovery and patching is accelerating and defenses must keep up.

Experts say MDASH’s effectiveness comes from its harness and tooling around models, not just the models themselves, though harness-based approaches may face limits as new models emerge.

MDASH runs as a system of over 100 specialized sub-agents that split work between hunting vulnerabilities and debating their validity and exploitability, rather than relying on a single model.

Microsoft’s security chief notes that model diversity and agent-based harness are core advantages, letting teams pick the best model for different security tasks and integrate into CI/CD pipelines.

MDASH was developed by Microsoft’s Autonomous Code Security team, including members of Team Atlanta, which previously won DARPA’s AI Cyber Challenge with an autonomous cyber-reasoning system.

In initial Windows testing, MDASH surfaced 16 previously unknown vulnerabilities, including four critical remote-takeover flaws that were addressed during Patch Tuesday.

MDASH is the first multi-modal service included in UC Berkeley’s CyberGym benchmark, scoring 88.4% on real-world vulnerability analysis tasks, higher than Mythos Preview at 83.1%.

MDASH is offered in private preview with models like GPT-5.5, GPT-5.6, GPT-5.5-Cyber, Sonnet, and Opus; access is available to applicants during the preview phase.

Industry voices caution that MDASH’s progress in tooling and multi-model collaboration does not imply a specific model absence, emphasizing ongoing evaluation of harness-based approaches vs. model capabilities.

In practice, MDASH’s architecture enables deployment across enterprises with a focus on rapid vulnerability discovery and patching through diverse model usage.

The system’s design centers on collaboration among sub-agents, which collectively perform discovery and critical evaluation rather than relying on a single perspective.