Microsoft’s MDASH turns vulnerability discovery into a multi-agent system

Microsoft’s new MDASH system marks a notable shift in AI-assisted security: instead of asking one model to scan for flaws, it coordinates more than 100 specialized agents across an ensemble of models to do the work in parallel. On Patch Tuesday, that setup surfaced 16 Windows vulnerabilities, including four classified as critical. For teams tracking AI security tooling, the significance is less about a single impressive result than the operating model behind it.

MDASH, short for Multi-Model Agentic Scanning Harness, is built as a model-agnostic, plug-in–driven pipeline. That matters because it lowers the dependency on any one foundation model and makes room for heterogeneous detectors to participate in a shared workflow. In practice, that gives Microsoft a way to compose specialized agents, route tasks, and compare outputs without locking the system to a single vendor or architecture. The design reads less like a one-off scanner and more like an orchestration layer for vulnerability hunting.

The scale is what changes the conversation. More than 100 agents working as part of the system implies a different set of tradeoffs from the familiar single-model security assistant: more coverage, more parallelism, and potentially faster triage, but also more moving parts to manage. Microsoft says the system ran across frontier and distilled models, but it has not disclosed the specific models used. That lack of disclosure is normal in this context, but it also makes external evaluation harder, especially for teams trying to understand how much of the result comes from the architecture versus the underlying models.

The benchmark number adds to the interest, but it should be read carefully. MDASH scored 88.45% on CyberGym, which Microsoft describes as the highest result to date. That is a meaningful high watermark for a multi-agent security system, yet it does not settle the broader benchmarking question. Comparing agentic ensembles with single-model baselines is not straightforward. Multi-agent systems can benefit from division of labor, voting, and task specialization in ways that make raw scores difficult to compare across methods. For buyers and builders, the score is best treated as a sign of capability, not a universal verdict.

What makes MDASH operationally relevant is not just that it found vulnerabilities, but that it did so in a way that starts to resemble enterprise software rather than a lab demo. A 100-plus-agent pipeline needs orchestration, monitoring, and integration with the rest of the security stack. It has to fit into existing workflows for triage, validation, prioritization, and patch management. Otherwise, detection speed becomes a bottleneck elsewhere in the process. In that sense, the real question for deployment is not whether the system can surface issues, but whether security teams can absorb its output without adding noise or risk.

That is where governance enters the picture. A plug-in architecture and model-agnostic design can improve flexibility, but they also raise transparency questions. Teams will want to know how the system makes decisions, how disagreements between agents are resolved, what gets logged, and how reproducible a finding is when it moves from automated detection to human review. The more the system relies on orchestration across many agents, the more important it becomes to understand failure modes, confidence signals, and auditability.

The market implications are hard to miss. MDASH suggests that vulnerability discovery is moving toward standardized multi-model playbooks rather than isolated AI probes. Competitors in security tooling will likely feel pressure to match that scale, or at least to explain why a simpler approach is preferable. Benchmarking norms may evolve as well, since multi-agent systems challenge the assumptions behind apples-to-apples comparisons. If this class of tooling is going to be adopted in production, the next competitive frontier will probably be as much about governance, transparency, and integration as it is about raw detection performance.

For technical teams evaluating AI-driven security products, MDASH is an important signal: the category is maturing from proof-of-concept scanning toward orchestrated systems that can actually ship. The gains are real, but so are the requirements. At this scale, success depends not only on finding vulnerabilities quickly, but on making the process legible, repeatable, and compatible with how enterprise security actually works.