Microsoft AI System Discovers 16 Windows Flaws in Patch Tuesday
REDMOND, Wash. — Microsoft’s internal AI-powered security tool, known as MDASH, identified 16 Windows vulnerabilities fixed in the company’s May 2025 Patch Tuesday update, The Hacker News reported.
The discoveries highlight the expanding use of artificial intelligence in proactive cybersecurity defense, with Microsoft deploying its own AI systems to detect flaws in its software before they can be exploited by malicious actors.
The 16 vulnerabilities found by MDASH were among the fixes included in Microsoft’s May 2025 Patch Tuesday release, the company’s monthly security update cycle that delivers patches to hundreds of millions of Windows devices worldwide, including enterprise systems across government and private-sector networks.
Patch Tuesday updates are closely watched by IT administrators and cybersecurity professionals, as unpatched Windows vulnerabilities remain among the most common vectors for cyberattacks targeting U.S. businesses and government agencies.
AI in Vulnerability Detection
The deployment of MDASH represents an application of AI in the cybersecurity domain — an area where both technology companies and the federal government have signaled increased investment. Rather than relying solely on human security researchers to identify flaws through manual code review and testing, AI systems like MDASH can analyze vast codebases at scale to flag potential security issues.
Microsoft has been among the most active major technology companies in integrating AI across its product lines, from its Copilot assistant to enterprise security tools. The use of AI to find vulnerabilities in its own flagship operating system reflects the technology’s application in defensive security operations.
Broader Implications
The findings come as the cybersecurity industry increasingly turns to AI-driven tools to keep pace with the volume and sophistication of threats. The U.S. Cybersecurity and Infrastructure Security Agency has repeatedly urged organizations to apply Patch Tuesday updates promptly, citing the risk that disclosed vulnerabilities will be rapidly weaponized.
For enterprise IT departments, the MDASH-discovered patches cover vulnerabilities Microsoft’s AI system flagged ahead of the monthly release cycle, according to The Hacker News.
Cybersecurity researchers have noted the dual-use nature of AI in the field — while defenders use AI to find and fix vulnerabilities, threat actors are similarly exploring AI-assisted methods to discover and exploit them.
