Microsoft Unveils MDASH for AI-Powered Vulnerability Discovery at Build 2026
Microsoft announced the expanded preview of its multi-model agentic scanning harness (MDASH) at Build 2026, an AI system designed to discover and validate exploitable vulnerabilities in codebases.
At Microsoft Build 2026, the tech giant unveiled significant advancements in its security tooling, aiming to bridge the growing gap between rapid AI-driven development and the challenges of maintaining robust security. The centerpiece of these announcements is the expanded preview of the Microsoft Security multi-model agentic scanning harness, codenamed MDASH. This innovative system is designed to tackle the complexities of modern codebases by leveraging a sophisticated orchestration of over 100 specialized AI agents and an ensemble of diverse AI models.
MDASH's core strength lies in its multi-model approach, which allows it to utilize a configurable panel of AI models. This includes state-of-the-art models for complex reasoning tasks and more cost-effective models for high-volume operations. By combining these different models, MDASH can dynamically trade off speed, recall, and cost, while also minimizing dependency on any single AI model. This flexibility is crucial for enterprise-scale vulnerability discovery, enabling teams to focus on genuinely exploitable risks rather than theoretical noise.
The system processes over 100 trillion signals daily, integrating with Microsoft Defender and GitHub Code Security. This integration aims to provide a unified view for both developers and security teams, facilitating early identification and remediation of vulnerabilities. The strategic implication is that AI-driven vulnerability discovery has matured from a research curiosity into a production-grade defense mechanism, with the agentic system itself offering a more durable advantage than any individual model.
Early performance metrics for MDASH have been impressive. The system recently achieved a CyberGym industry benchmark score of 96.55%, marking a significant improvement in less than three weeks. This performance has garnered attention from industry partners, including Accenture, PwC US, and Insight CISO, who are participating in the expanded preview. These partners highlight MDASH's potential to shift security scanning from a reactive, rule-based approach to a proactive, agentic system capable of reasoning through complex code like a seasoned security researcher.
Accenture's CISO, Kris Burkhardt, noted that MDASH reflects a meaningful shift towards agentic systems that can reason across complex codebases. Similarly, Morgan Adamski from PwC US sees strong potential for MDASH to simplify and strengthen SecOps, enabling organizations to operate with greater resilience. Jason Rader of Insight CISO emphasized the importance of Microsoft's role as a trusted vendor, providing both innovation and the necessary confidence, governance, and reliability that customers require.
Beyond vulnerability discovery, Microsoft is also enhancing code security through native integration between Microsoft Defender and GitHub Code Security. This generally available feature brings runtime context into the development workflow, helping teams prioritize and remediate code vulnerabilities more effectively. The goal is to embed security directly into the developer's workflow, ensuring that speed and safety are not mutually exclusive.
The broader context of these announcements at Build 2026 underscores a critical industry trend: the increasing tension between the accelerating pace of AI-powered development and the imperative for robust security. With AI models posing new threats and introducing complexities around insecure code, data exposure, and compliance, tools like MDASH are positioned as essential for navigating this landscape. Microsoft's strategy appears focused on providing developers with real-time guidance and security teams with comprehensive oversight across the entire development lifecycle.
Organizations interested in leveraging MDASH can reach out to their Microsoft account representative for more information on the expanded preview. The continued development and integration of such advanced AI security tools signal Microsoft's commitment to securing the future of software development in an increasingly AI-centric world.