LIVE THREATS
MEDIUM Agentic AI Red Teaming Emerges as Defence Against AI-Speed Attack Chains // HIGH AI Agents Weaponised to Generate Custom Attack Tools in LatAm Campaigns // HIGH GPT-5.5 Matches Specialist Models in Vulnerability Discovery, Democratising Cyber Offence // HIGH Microsoft MDASH Agentic AI System Discovers 16 Critical Windows Vulnerabilities // MEDIUM OpenAI Daybreak Deploys Agentic AI Models for Vulnerability Detection and Patching // LOW State Machine Guardrails Proposed to Rein In Uncontrolled AI Agent Tool Access // CRITICAL Mini Shai-Hulud Supply Chain Worm Compromises Mistral AI, Guardrails AI and TanStack … // HIGH Adversaries Leverage LLMs to Accelerate Exploit Development and Attack Automation // CRITICAL AI-Developed Zero-Day Exploit Used in Mass Exploitation Attempt, Mandiant Warns // CRITICAL AI-Generated Zero-Day Exploit Bypasses 2FA in First Confirmed Wild Use //
ATLAS OWASP HIGH Significant risk · Prioritise patching Agentic AI Research Industry News LLM Security RELEVANCE ▲ 7.8

Microsoft MDASH Agentic AI System Discovers 16 Critical Windows Vulnerabilities

SOURCE The Hacker News ↗
TL;DR HIGH
  • What happened: Microsoft's MDASH agentic AI system autonomously found 16 Windows flaws, two rated critical RCE.
  • Who's at risk: Windows environments with IKEv2 or IPSec enabled are most directly exposed via the two critical CVEs discovered by MDASH.
  • Act now: Apply May 2026 Patch Tuesday updates immediately, prioritising CVE-2026-33824 and CVE-2026-33827 · Audit internal use of agentic AI security tooling for excessive agency and insufficient human oversight controls · Monitor for MDASH private preview access and evaluate its integration risks before broad deployment
Microsoft MDASH Agentic AI System Discovers 16 Critical Windows Vulnerabilities

Overview

Microsoft has publicly detailed MDASH (Multi-Model Agentic Scanning Harness), an AI-driven vulnerability discovery system that autonomously identified 16 security flaws patched in the May 2026 Patch Tuesday release. Two of these are rated critical, both enabling unauthenticated remote code execution against Windows systems. The disclosure marks a notable inflection point: a major vendor is now deploying autonomous, multi-agent AI systems to conduct offensive-style security research on its own products at scale.

MDASH operates as a structured pipeline that ingests source code, builds a threat model and attack surface map, then routes candidate code paths through specialised “auditor” agents. A second tier of “debater” agents validates findings, and a final “prover” stage confirms exploitability. The system orchestrates more than 100 specialised AI agents across frontier and distilled models, with disagreement between model outputs used as a credibility signal — a technique with direct implications for how agentic systems reason under uncertainty.

Technical Analysis

MDASH’s architecture is model-agnostic and stage-separated: state-of-the-art (SOTA) models handle reasoning, distilled models manage high-volume validation passes, and an independent SOTA model provides counterpoint. This ensemble approach is designed to reduce false positives and increase finding confidence without centralising reasoning in a single model.

The two critical CVEs uncovered include:

  • CVE-2026-33824 (CVSS 9.8): A double-free vulnerability in ikeext.dll exploitable by an unauthenticated attacker via specially crafted IKEv2 packets, leading to RCE.
  • CVE-2026-33827 (CVSS 8.1): A race condition in tcpip.sys triggered by a crafted IPv6 packet on IPSec-enabled Windows nodes, also resulting in RCE.

Both vulnerabilities were discovered through automated static analysis and proof-of-exploitability pipelines, with no manual researcher involvement reported at the discovery stage.

Framework Mapping

MITRE ATLAS:

  • AML.T0047 – ML-Enabled Product or Service: MDASH is a deployed AI system used in production security workflows, introducing new trust and scope questions.
  • AML.T0040 – ML Model Inference API Access: The pipeline’s reliance on frontier model APIs introduces third-party model dependency risks.
  • AML.T0043 – Craft Adversarial Data: MDASH’s auditor agents generate adversarial inputs to validate exploitability, mirroring attacker tradecraft.

OWASP LLM Top 10:

  • LLM08 – Excessive Agency: An autonomous system capable of proving exploitable bugs end-to-end represents a high-agency deployment requiring stringent scope controls.
  • LLM09 – Overreliance: Operators integrating MDASH findings into patch pipelines without independent validation risk overreliance on AI-confirmed findings.
  • LLM05 – Supply Chain Vulnerabilities: Model-agnostic architecture introduces risk if underlying frontier or distilled models are compromised or degraded.

Impact Assessment

The immediate risk is to unpatched Windows systems exposed to IKEv2 or IPSec traffic. The broader security implication is the normalisation of fully autonomous agentic AI in vulnerability research pipelines, raising questions about governance, auditability, and the potential for such systems — or adversarial equivalents — to be weaponised. MDASH’s emergence alongside Anthropic’s Project Glasswing and OpenAI Daybreak signals an industry-wide shift toward AI-native offensive security tooling.

Mitigation & Recommendations

  • Apply all May 2026 Patch Tuesday patches immediately; treat CVE-2026-33824 and CVE-2026-33827 as critical priorities.
  • Restrict IKEv2 and IPSec exposure at network boundaries where patching is delayed.
  • Organisations evaluating MDASH or similar agentic security tools should enforce human-in-the-loop review before findings trigger automated remediation.
  • Establish model provenance and integrity controls for any AI scanning pipeline integrated into CI/CD or patch workflows.

References

◉ AI THREAT BRIEFING

Stay ahead of the threat.

Twice-weekly digest of critical AI security developments — every story mapped to MITRE ATLAS and OWASP LLM Top 10. Free.

No spam. Unsubscribe anytime.