AppSec
Microsoft MDASH Moves Vulnerability Discovery Into Agent Pipelines
Published June 03, 2026 by Dillip Chowdary
Microsoft MDASH is the clearest Build 2026 signal that vulnerability scanners are becoming coordinated agent systems. Microsoft describes the preview as a multi-model scanning harness that uses more than 100 specialized AI agents to discover, validate, and prove exploitability in codebases.
The system sits inside a broader security stack. Microsoft says MDASH uses more than 100 trillion signals per day, integrates with Microsoft Defender, and connects into GitHub Code Security so findings can be prioritized with production exposure and remediated with Copilot-assisted workflows.
Why This Is Different From SAST
Classic static analysis produces candidate findings. MDASH-style systems try to reason across code, runtime context, and exploitability evidence before presenting a result. The value is not just recall; it is reducing theoretical noise so developers spend time on issues that matter.
Microsoft says the harness recently reached a 96.55% CyberGym benchmark score after a roughly 10% improvement in less than three weeks. The number is useful, but the enterprise question is operational: can the system preserve evidence, respect role-based access, and fit disclosure processes when it finds sensitive flaws?
What AppSec Teams Should Do
Teams evaluating MDASH or similar systems should define reviewer ownership before enabling broad scans. Agent-discovered vulnerabilities need access controls, finding provenance, model and prompt versioning, exploit proof containment, and a clear policy for external disclosure.
The practical path is staged adoption: begin with non-production repositories, compare findings against existing SAST and DAST queues, measure confirmed exploitability, then only connect production runtime signals after the evidence workflow is trustworthy.