Microsoft has quietly launched a public preview of its MDASH vulnerability-scanning technology, putting AI-powered bug hunting into the hands of security teams via the Defender command-line interface and a GitHub connector. The move follows a record-shattering July Patch Tuesday that saw the company fix as many as 622 flaws—many of them unearthed by the same multi-model system.
MDASH Goes Public: What the Preview Includes
The preview appears in Microsoft Security Exposure Management, where admins can enable MDASH (Multi-Model Agentic Scanning Harness) scans that tap multiple large language models, a debate mechanism between models, and a dedicated proof pipeline to eliminate false positives. Only the highest-confidence findings ever reach a human engineer, according to a May security blog post by Pavan Davuluri, Microsoft’s executive vice president of Windows + Devices.
During the preview, scans can be triggered manually through the Defender CLI or automatically via a GitHub connector that integrates into CI/CD workflows. There’s no separate product to install—MDASH runs on dedicated cloud infrastructure and analyzes code artifacts that the user selects. Microsoft has not yet published pricing or a general availability date, and the preview is likely restricted to selected tenants or those enrolled in the Security Exposure Management preview program.
The technology isn’t new inside Microsoft. The company credits MDASH with helping researchers identify 16 Windows networking and authentication vulnerabilities for the July 2026 Patch Tuesday, including several critical remote-code-execution bugs. But this is the first time external organizations can directly interact with the scanning harness, rather than simply benefiting from its output after the fact.
Who Benefits—and How—from AI-Powered Bug Hunting
The public preview is aimed squarely at security teams, but the ripple effects touch every Windows user.
Home users will see no immediate change, but the bigger picture matters. As Microsoft finds and fixes vulnerabilities before attackers do, the monthly security updates become larger. July’s batch dwarfed any previous month, with some outlets reporting 570 flaws and others as many as 622. That translates to a more hardened operating system over time, provided users install updates promptly.
Power users and enthusiasts who experiment with Defender CLI can now scan their own binaries—or open-source projects they contribute to—for potential vulnerabilities. The Defender CLI is already used for on-demand scanning, but adding MDASH gives it research-grade depth. Microsoft’s documentation suggests scans can run against container images, libraries, and entire repositories. Still, the false-positive rate, while low due to the multi-model debate, isn’t zero, so findings need manual review.
IT administrators and SecOps teams gain a new weapon. Instead of waiting for Patch Tuesday and then scrambling to test and deploy, they can proactively scan internal line-of-business applications, third-party components, and custom code. The GitHub connector means a scan can be part of a pull request, catching bugs before they merge. Microsoft’s own teams use a similar pipeline, Davuluri said: “A scanner pipeline scans critical binaries and validates candidates using multi-model debate across multiple model families.”
Yet the tool is not a replacement for existing vulnerability management. Output from MDASH is a signal, not a verdict. Administrators must still triage results, understand impact, and develop remediation plans. And because the system uses multiple models—some of them third-party, including what Microsoft calls “leading third-party AI vulnerability discovery models”—the scans consume cloud compute time, which may eventually be billable once the preview ends.
The Road to MDASH: A Season of Record Patches
Microsoft’s public pivot into AI-driven vulnerability discovery didn’t happen overnight. It responds to an arms race where attackers already wield generative AI for reconnaissance, phishing, and exploit generation. A particularly brazen campaign used deepfaked CEOs and spoofed Zoom calls to trick employees into installing malware.
Meanwhile, the industry has seen a flurry of AI bug-finding breakthroughs. In early 2026, Anthropic’s Claude Mythos model discovered 271 vulnerabilities in Firefox’s codebase. Mozilla’s CTO called the results “staggering,” and Anthropic later restricted the model’s access because its capabilities exceeded those of most human experts. A related, more heavily guarded model, Mythos 5, can find and exploit vulnerabilities autonomously. The model available to the public, Fable 5, applies classifiers that downgrade to a safer version when a request edges into cyber territory.
Microsoft’s own work straddles both internal tooling and possible commercial offerings. MDASH is the internal harness, proven over months on Windows code. Then there’s Project Perception, a rumored service first reported by The Information via Neowin. That product would route code-analysis tasks among models from Microsoft, OpenAI, and Anthropic, picking the least-expensive model suitable for each job. The Information pegged a July 2026 launch, but Microsoft has not confirmed it. Crucially, there is no evidence that Project Perception produced any of the fixes in the latest Patch Tuesday; that appears to be MDASH’s doing.
The relationship between MDASH and Project Perception remains unclear—they could be related efforts, or Perception could be a future commercial layer built on technology similar to MDASH. For now, admins should keep the two separate in their planning.
Your Action Plan: Testing MDASH and Prepping for Bigger Patch Tuesdays
The immediate takeaway for Windows admins is twofold: treat July’s updates as a major deployment cycle, and begin evaluating MDASH for your own environment.
-
Prioritize July patches immediately. Microsoft has rated several of the July vulnerabilities as “critical” or “exploitation more likely.” Focus on internet-facing systems, remote code execution flaws, and any bugs with known exploit code. Microsoft’s Security Update Guide offers filterable lists with all the details.
-
Onboard the MDASH preview. If your organization uses Microsoft 365 E5 or a comparable license, check the Security Exposure Management dashboard for the preview toggle. From there, install the Defender CLI extension (if not already present) and follow the quick-start guide to initiate scans. GitHub Actions users can find a connector template in the Microsoft GitHub repository under “security-exposure-management.”
-
Integrate scans into your development lifecycle. Start with a pilot repository that has low risk. Configure the GitHub connector to trigger on pull requests that touch critical components. Review every finding with a developer and security engineer; do not auto-merge based on MDASH alone. Track false positives and feed them back to Microsoft through the feedback channel in Security Exposure Management.
-
Plan for more, larger Patch Tuesdays. Microsoft has been transparent: as AI uncovers more bugs, updates will grow. The July load may become the norm, not the exception. That means you must shore up patch deployment processes—automated testing, ring-based rollout, and robust rollback plans. If you’re still patching manually or with ad hoc scripts, now is the time to invest in patch management tools.
-
Ignore the Project Perception hype for now. Until Microsoft announces the service publicly, it doesn’t exist for your planning purposes. When it does surface, compare it with MDASH: Perception may be aimed at cloud workloads or third-party applications rather than the Windows codebase. Early media reports suggest a heavy OpenAI and Anthropic integration, which could bring unique scanning modalities but also new cost and access-control questions.
What’s Next: More AI, More Patches, and Possibly Project Perception
Microsoft is all but certain to expand MDASH’s scope. The company could add support for more model families, integrate findings directly into its Security Copilot experience, or allow automated remediation for low-risk issues. Public previews like this one often lead to general availability within a quarter or two, and given the July Patch Tuesday volume, there’s clear executive support for scaling AI-driven discovery.
The rumored Project Perception, if it appears in July as reported, will further shake up the landscape. It would be a direct competitor to Anthropic’s restricted offerings, and its multi-model routing could make it cost-effective for routine scans that don’t need the most powerful—and expensive—LLMs.
For the Windows community, the era of AI-powered vulnerability discovery has officially moved from research paper to production. That’s good news for defenders, but it also raises the bar: threat actors are building their own AI tooling, and the only way to stay ahead is to find and fix flaws faster than ever. MDASH in public preview is the first tangible step toward that reality.
One final note: the July 2026 Patch Tuesday also included fixes for at least two actively exploited zero-days, according to the Cybersecurity and Infrastructure Security Agency. As you test MDASH, do not lose sight of the threat landscape outside your own code. Patch what Microsoft ships now, and use AI to harden what you build for the future.