%20--%3e%3cdefs%3e%3cstyle%3e%20.st0%20{%20fill:%20%23061b40;%20}%20.st1%20{%20fill:%20%23306af1;%20}%20.st2%20{%20fill:%20%235ce5cf;%20}%20%3c/style%3e%3c/defs%3e%3cg%3e%3cpath%20class='st0'%20d='M55,10.5h9v3h-9v9h12V7.5h-12v3ZM64,19.5h-6v-3h6v3Z'/%3e%3cpolygon%20class='st0'%20points='69%2016.5%2078%2016.5%2078%2019.5%2069%2019.5%2069%2022.5%2081%2022.5%2081%2013.5%2072%2013.5%2072%2010.5%2081%2010.5%2081%207.5%2069%207.5%2069%2016.5'/%3e%3cpolygon%20class='st0'%20points='95%2010.5%2095%207.5%2083%207.5%2083%2022.5%2095%2022.5%2095%2019.5%2086%2019.5%2086%2016.5%2095%2016.5%2095%2013.5%2086%2013.5%2086%2010.5%2095%2010.5'/%3e%3cpath%20class='st0'%20d='M40,1.5v21h11.6l1.4-1.4v-7.6h0c0,0-1.4-1.5-1.4-1.5l1.4-1.4V2.9l-1.4-1.4h-11.6ZM50,19.5h-7v-6h7v6ZM50,10.5h-7v-6h7v6Z'/%3e%3c/g%3e%3cpath%20class='st1'%20d='M23.1,24L14.7,4.8l-4.9,11.2h3.8l-1.8,4H3.3L12.1,0H2C.9,0,0,.9,0,2v20c0,1.1.9,2,2,2h21.1Z'/%3e%3cpath%20class='st2'%20d='M34,0h-16.8l10.6,24h6.2c1.1,0,2-.9,2-2V2C36,.9,35.1,0,34,0ZM32.5,20h-4V4h4v16Z'/%3e%3c/svg%3e)
Today, as cybersecurity becomes increasingly important, Microsoft's own code security team launched a multi-model intelligent agent scanning framework called MDASH on May 13. This new system's design concept has revolutionized traditional single AI models, adopting a multi-agent collaboration strategy to enhance the accuracy and efficiency of code security detection.
The MDASH framework integrates over 100 specialized AI agents based on different cutting-edge large models or lightweight models. These agents each take on specific roles throughout the vulnerability detection process, including code preparation, vulnerability scanning, result verification, data deduplication, evidence generation, and patch validation. This clearly defined division of labor enables the system to fully leverage the strengths of each model when handling complex security testing tasks.
In authoritative CyberGym public benchmark tests, MDASH showed remarkable performance, surpassing Anthropic's Mythos model and OpenAI's GPT-5.5. After multiple rounds of testing, MDASH successfully uncovered 16 previously undiscovered vulnerabilities, including four high-risk remote code execution vulnerabilities, demonstrating its strong ability to identify vulnerabilities.
Even more impressive is that in private test driver verification with 21 manually implanted vulnerabilities, MDASH achieved a 100% identification rate with zero false positives. This achievement shows that MDASH not only accurately identifies vulnerabilities but also effectively reduces false positives, greatly improving the reliability of security testing.
Notably, retrospective test data shows that MDASH also performed well in recall rates for historical vulnerabilities, achieving a 96% recall rate for clfs.sys vulnerabilities over the past five years and a 100% recall rate for tcpip.sys. This data fully proves MDASH's strength in the field of vulnerability detection.
Currently, MDASH has begun assisting Microsoft's internal engineering teams in product security enhancements and has started internal preview testing for limited customers. It is expected that this new system will play an important role in future cybersecurity work, protecting users' digital assets.
Key Points:
🌟 MDASH uses a multi-agent collaboration strategy, integrating over 100 specialized AI agents to improve vulnerability detection efficiency.
🔍 In CyberGym tests, MDASH successfully found 16 new vulnerabilities, surpassing GPT-5.5 and Mythos models.
✅ In private tests, MDASH achieved a 100% vulnerability identification rate with no false positives, showing its high accuracy and reliability.