Microsoft's Executive Vice President of the Windows and Devices Division, Pavan Davuluri, revealed in a blog post that the Windows team is fully leveraging AI to identify vulnerabilities. Subsequent Patch Tuesday security updates will include more vulnerability fixes. Microsoft emphasized that this does not mean the system has more security vulnerabilities, but rather that the company's ability to find vulnerabilities has improved.
AI Security System MDASH Launched
In May of this year, Microsoft introduced the multimodal AI security system MDASH (Microsoft Detection and Analysis for Security Hardening) internally. This system automatically scans critical Windows binary files, analyzes potential vulnerabilities using multiple AI models, filters false positives through a dedicated Windows verification process, and finally hands them over to engineers for manual confirmation and investigation, significantly improving the efficiency of vulnerability identification.
In addition to identifying vulnerabilities, Microsoft also applies AI to the subsequent repair process, mainly to assist engineers in analyzing the causes of vulnerabilities, generating candidate fix solutions, finding similar security issues, and automatically selecting regression test items. However, all patches still require review and verification by engineers before being officially released. AI plays an auxiliary role rather than replacing human involvement.
Patch Repair Volume Has Increased by Nearly 70%
The results are already reflected in the data. Referring to the content of the June Patch Tuesday patches, Microsoft claims to have fixed approximately 200 vulnerabilities, an increase of nearly 70% compared to around 118 in May. Microsoft has not yet announced the specific time when the AI-based vulnerability discovery and repair process will be fully implemented, but this trend indicates that the number of security updates will continue to rise in the future.
Microsoft's move signifies that AI is moving from external applications into the core aspects of operating system security. Using AI to combat vulnerabilities will become the new norm in cybersecurity. For Windows users, more vulnerabilities being identified and fixed in a timely manner is a positive signal for improving system security.
