Microsoft MDASH enters limited private preview for AI-driven vulnerability discovery at scale
Security Tool/Service
Summary
Hide ▲
Show ▼
Microsoft's MDASH has entered limited private preview, adding a new AI-driven vulnerability discovery service that can validate and prove exploitable defects at scale. The system matters because it is designed to move from candidate findings to validated bugs across complex codebases such as Windows. Early testing already surfaced 16 Windows flaws fixed in Patch Tuesday, including two critical remote-code-execution issues.
Related Happenings
Amazon security patch release for CVE-2026-50549
Security Patch Release
H score29
First: 09.07.2026 14:00
Last: 09.07.2026 14:00
Sources 1
About this happening:
**Amazon, Google and Cursor** shipped fixes for **GhostApproval**, a flaw in AI coding assistants that let deceptive repository paths bypass approval prompts. The patch response c...
Amazon security patch release for CVE-2026-50549
Security Patch ReleaseAbout this happening: **Amazon, Google and Cursor** shipped fixes for **GhostApproval**, a flaw in AI coding assistants that let deceptive repository paths bypass approval prompts. The patch response c...
AI coding assistants GhostApproval symlink security flaw
Vulnerability
H score22
First: 09.07.2026 07:27
Last: 09.07.2026 07:27
Sources 1
About this happening:
A **July 8** disclosure identified **GhostApproval**, a **symlink** flaw in **six AI coding assistants** that can redirect approved writes into **~/.ssh/authorized_keys** or **~/....
AI coding assistants GhostApproval symlink security flaw
VulnerabilityAbout this happening: A **July 8** disclosure identified **GhostApproval**, a **symlink** flaw in **six AI coding assistants** that can redirect approved writes into **~/.ssh/authorized_keys** or **~/....
Defensive guidance for splitting behavioral detections around AI coding agents on Windows endpoints
Defensive Guidance
First: 08.07.2026 20:02
Last: 08.07.2026 20:02
Sources 1
About this happening:
AI coding agents on **Windows endpoints** are triggering attacker-style detections, forcing defenders to separate benign automation from real **credential theft** risk. A **June 2...
Defensive guidance for splitting behavioral detections around AI coding agents on Windows endpoints
Defensive GuidanceAbout this happening: AI coding agents on **Windows endpoints** are triggering attacker-style detections, forcing defenders to separate benign automation from real **credential theft** risk. A **June 2...
SKILLCLOAK and SKILLDETONATE expose AI coding-agent skill scanner evasion with runtime-packed malware
Technical Analysis
H score22
First: 06.07.2026 09:33
Last: 06.07.2026 09:33
Sources 1
About this happening:
**SKILLCLOAK** shows that malicious **AI coding-agent skills** can be rewritten to evade static scanners while still executing, exposing **credentials**, **source code**, and term...
SKILLCLOAK and SKILLDETONATE expose AI coding-agent skill scanner evasion with runtime-packed malware
Technical AnalysisAbout this happening: **SKILLCLOAK** shows that malicious **AI coding-agent skills** can be rewritten to evade static scanners while still executing, exposing **credentials**, **source code**, and term...
Microsoft Quantum Safe Program PQC transition
Advisory/Mitigation
H score25
First: 01.07.2026 00:20
Last: 01.07.2026 00:20
Sources 1
About this happening:
**Microsoft** is **accelerating** its **Quantum Safe Program** to move **critical products and services** to **post-quantum cryptography (PQC)** by **2029**, tightening the organi...
Microsoft Quantum Safe Program PQC transition
Advisory/MitigationAbout this happening: **Microsoft** is **accelerating** its **Quantum Safe Program** to move **critical products and services** to **post-quantum cryptography (PQC)** by **2029**, tightening the organi...
Timeline
-
13.05.2026 16:46 2 articles · 1mo ago
Microsoft unveils MDASH in limited private preview
Initial DisclosureMicrosoft unveiled MDASH, a multi-model agentic scanning harness in limited private preview that uses more than 100 specialized AI agents to discover, validate, and prove exploitable defects in complex codebases like Windows. The system had already been tested on Windows code and identified 16 vulnerabilities fixed in Patch Tuesday, including CVE-2026-33824 in ikeext.dll and CVE-2026-33827 in tcpip.sys, both of which could lead to remote code execution.
Show sources
- Microsoft's MDASH AI System Finds 16 Windows Flaws Fixed in Patch Tuesday — thehackernews.com — 13.05.2026 16:46
- Microsoft's MDASH AI System Finds 16 Windows Flaws Fixed in Patch Tuesday — thehackernews.com — 13.05.2026 16:46