Microsoft announces MDASH agentic vulnerability scanning and integrated code security tooling
Microsoft Build 2026 introduces multi-model agentic scanning harness (MDASH) for AI-driven vulnerability discovery and native GitHub Code Security integration with Microsoft Defender to accelerate secure development.
Attack Brief
TargetSoftware development lifecycle; code repositories; AI-assisted development toolsVectorVulnerability discovery and exploitation via AI models; insecure code generation; data exposure in development workflows
Technical Details
IoCsMicrosoft Security multi-model agentic scanning harness (codename MDASH)GitHub Code Security (formerly GitHub Advanced Security)Microsoft DefenderMicrosoft Agent 365AffectedOrganizations using AI-assisted code development, GitHub repositories, and Microsoft Defender for code scanning
Impact
SectorsSoftware developmentEnterprise security operationsConfirmed DamagePotential vulnerability exploitation through AI-generated code; data exposure in development pipelines; compliance gaps from shadow AI tool usage
Mitigation
PatchesMDASH expanded preview integration with Microsoft DefenderNative GitHub Code Security integration with Microsoft DefenderDetectionMDASH orchestrates 100+ specialized AI agents across ensemble models to discover, validate, and prove exploitability; processes over 100 trillion signals daily; CyberGym benchmark score 96.55%
Context
Similar AttacksShift from reactive rule-based vulnerability scanning to proactive agentic AI systems for identifying exploitable risk at enterprise scale