Microsoft's MDASH exits preview with 100+ AI agents to hunt real security flaws

At Build 2026, Microsoft announced that MDASH (Microsoft Security multi-model agentic scanning harness) is exiting preview and becoming a full enterprise security control plane. The system orchestrates over 100 specialized AI agents using an ensemble of models—heavy reasoning models for complex tasks and lower-cost models for high-volume operations—to discover, validate, and prove exploitability across codebases. This model-agnostic approach lets Microsoft trade speed, recall, and cost, and minimize dependence on any single model. MDASH has already improved its CyberGym benchmark score from 88.45% to 96.55%.

MDASH now integrates with Microsoft Defender, GitHub Code Security, Agent 365, and Purview, creating a unified vulnerability management pane. The key innovation is its triage capability: instead of overwhelming teams with false positives, MDASH prioritizes real, actionable risks. Microsoft chief security architect Aleš Holeček stated, "AI vulnerability discovery has crossed from research curiosity into production-grade defense at enterprise scale." This release is part of Microsoft's broader push to secure the full AI development lifecycle—code, agents, prompts, data, and models—and addresses rapidly evolving cyber threats amplified by AI.