What it is
MDASH is Microsoft’s codename for its multi-model agentic scanning harness, built by the Autonomous Code Security team. Microsoft describes it as a structured vulnerability-discovery and remediation pipeline with preparation, scan, validation, deduplication, and proof stages.
The public May 2026 record says the harness orchestrates more than 100 specialized agents across multiple frontier and distilled models, with component-specific plugins and validation stages for exploitability.
What is verified
Microsoft’s May 12, 2026 Security Blog post says that the 5.12.2026 Patch Tuesday cohort included 16 CVEs found using MDASH across Windows networking and authentication components. Microsoft lists the CVE IDs, components, severity labels, and bug classes, and includes technical deep dives for two Critical remote code execution issues:
- CVE-2026-33827 in
tcpip.sys. - CVE-2026-33824 in
ikeext.dll.
The same cohort includes Critical RCEs in Netlogon and the Windows DNS client: CVE-2026-41089 and CVE-2026-41096.
Why it matters
MDASH is a production security-engineering signal from a major software vendor. It is not only a benchmark result; Microsoft tied the system to public CVEs in a monthly security release for mature, high-value Windows components.
The evidence index is high because the primary source is Microsoft, the vulnerability list is explicit, and the issues have public Patch Tuesday advisory records.