Stay updated with ZDNET: Set us as a preferred source on Google.
ZDNET’s main points
- Microsoft is transforming AI into a tool for prioritizing security threats.
- Microsoft aims to protect code, AI agents, data, and models.
- MDASH leverages AI agents to filter out irrelevant security warnings.
Last month, Microsoft launched MDASH, known as the Microsoft Security multi-model agentic scanning harness. While the name might not be the catchiest, this initiative represents a significant step forward. Its goal is to streamline the overwhelming flood of security alerts, highlighting only those vulnerabilities that pose a genuine, immediate risk.
At Build 2026, the latest update is that Microsoft is integrating MDASH into a comprehensive enterprise security platform. This move links together Defender, GitHub Code Security, Agent 365, and Purview into a unified control plane.
Also: AI agents are rapidly expanding in the enterprise, and Microsoft aims to fully oversee them
Aleš Holeček, Microsoft’s chief security architect, explains that “AI has moved beyond experimental research into practical, enterprise-level defense. The real competitive edge now comes from the entire AI system working together, not just a single AI model.”
How MDASH transforms vulnerability detection
A major challenge in security automation is the overwhelming number of false positives. When automated security tools scan networks or codebases, they frequently detect hundreds or even thousands of potential problems.
While many of the issues flagged by scanners might technically be problematic, not every one of them warrants an urgent response.
Consider how medical triage operates in a crisis. Many injured individuals arrive, and medical staff quickly evaluate everyone to determine who requires immediate care, who can safely wait, and who is beyond saving. They then focus their efforts on those most at risk who can still be helped.
Also: Work IQ is Microsoft’s major investment in agent-driven enterprise IT, and I have concerns
MDASH (referred to officially as “Codename MDASH”) acts as an AI-driven triage system for security vulnerabilities. Instead of bombarding teams with an endless list of findings, it “prioritizes genuine, high-risk threats over less critical alerts, enabling teams to act on what can actually be exploited.”
Microsoft hasn’t revealed which specific AI models power MDASH, but the company mentions using advanced models for complex analysis and more cost-effective models for processing large volumes of data.
Microsoft states this approach balances speed, thoroughness, and expenses while reducing reliance on any single AI model. It also makes the platform flexible, allowing easy swapping of models when better options become available.
Holeček adds, “This advanced security platform coordinates over 100 specialized AI agents using multiple models to identify, validate, and demonstrate potential exploits in widely used programming languages.”
I’m usually skeptical of benchmark scores, since systems can be optimized specifically for those tests. However, Microsoft reports that MDASH recently achieved a CyberGym score of 96.55%, a notable jump from the 88.45% it posted when first announced last month.
Expanding the security vision
At Build 2026, Microsoft is incorporating MDASH into a broader enterprise security strategy, moving past its status as a limited private preview.
The tech giant revealed that MDASH is now accessible to a wider range of eligible organizations, including added Microsoft Defender compatibility. This fits into Microsoft’s commitment to securing the entire AI development process, covering code, agents, prompts, data, and models, and using that foundation to strengthen network security.
“Cyber threats are advancing quickly, with AI amplifying both the scale and complexity of attacks,” explains Morgan Adamski, Principal and Deputy Platform Leader of Cyber, Data, and Tech Risk at PwC US. “We believe MDASH has real potential to streamline and improve security operations, making organizations more resilient and confident.”
Furthermore, Microsoft Defender and GitHub Code Security are being combined to provide runtime insights into both developer and security workflows. This helps identify, assess, and resolve threats earlier in the development cycle.
Microsoft explains, “Code vulnerabilities are automatically enhanced with real-world production data, such as exposure on the internet and data sensitivity, to guide prioritization. Developers can then apply AI-driven fixes that are created, assigned, and verified using GitHub Copilot autofix and the GitHub Copilot cloud agent.”
Also: Catching bugs early: The move toward proactive security
Developers can take advantage of GitHub Copilot autofix and the Copilot cloud agent to automatically generate, allocate, and test repairs. Essentially, this suite of tools helps both network administrators and developers identify critical vulnerabilities in advance, while also detecting issues before they ever reach production environments.
Kris Burkhardt, CISO at Accenture, comments, “What Microsoft is developing with MDASH marks a meaningful shift from traditional rule-based scanning to intelligent systems capable of reasoning through complex codebases as expert security analysts would.”
Microsoft’s role in AI security
At this year’s Build conference, Microsoft is positioning itself as the go-to security platform for AI-powered software creation and operation, particularly for companies already invested in the Microsoft ecosystem.
Microsoft emphasizes, “Innovation and safety must go hand in hand. The new features announced today address the complete development lifecycle: identifying exploitable weaknesses, monitoring what’s live, safeguarding AI data, and verifying proper agent behavior before deployment.”
The company makes a compelling argument: AI progress isn’t solely about building powerful systems. It’s also about whether organizations can trust those systems. The underlying message is that Microsoft-based infrastructure is designed to earn that trust.
Also: The endless cycle of patching: Why legacy security strategies fall short
Holeček summarizes this approach: “[Trust] is the unifying principle behind all the Build 2026 announcements and our overall strategy. Because AI leadership won’t just belong to those who act fastest, it will belong to those who can build with confidence and responsibility.”
To be fair, Microsoft has a strong history of making bold moves and successfully delivering on them. If it can demonstrate exploitability and tie that directly to resolution workflows, it could fundamentally change enterprise security practices and significantly boost organizational safety.
Also: Moving beyond damage control: Rethinking application security for today’s enterprises
Would your team prefer receiving fewer but more reliable security alerts, or a broader scan that surfaces more potential issues? Share your thoughts in the comments below.
Catch up with my latest work on social media. Make sure to sign up for my weekly newsletter, and connect with me on Twitter/X at @DavidGewirtz, on Facebook at Facebook.com/DavidGewirtz, on Instagram at Instagram.com/DavidGewirtz, on Bluesky at @DavidGewirtz.com, and on YouTube at YouTube.com/DavidGewirtzTV.
