Microsoft Security Previews MDASH to Automate Vulnerability Discovery With 100 Agents

Jun 4, 2026

Microsoft Security demonstrated MDASH, a multi-model agentic scanning harness (a framework coordinating multiple AI models for complex tasks) designed to find exploitable vulnerabilities. The system orchestrates over 100 specialized AI agents that work together to analyze codebases, debate potential security flaws, and prove whether a bug is actually exploitable.

Agent Count: 100+ specialized agents
Architecture: Multi-model agentic scanning harness
Integration: GitHub Copilot local environment
Output Formats: SARIF logs and HTML reports
Remediation: Automatic fixes via CLI command

This move addresses the growing bottleneck in cybersecurity where discovery outpaces the human capacity to verify and patch. By moving beyond static analysis to an agentic workflow, MDASH joins peers like Claude Code Security and Codex Security in applying autonomous agents to vulnerability detection. It validates findings through autonomous "proof of exploit" steps rather than surfacing unconfirmed issues.

Developers can run MDASH scans directly within their local GitHub Copilot environment to identify and remediate issues. The system generates HTML reports and SARIF (a standard format for sharing static analysis results) logs for prioritization, allowing users to apply fixes via a CLI command. This builds on Microsoft's earlier release of the AI Red Teaming Agent.

View the full update on x.com

Microsoft Security

@msftsecurity9h ago

100+ specialized AI agents, one goal: find exploitable vulnerabilities before attackers do. Meet MDASH, Microsoft Security’s multi-model agentic scanning harness. Watch Sarah Young show it in action at #MicrosoftBuild. https://t.co/TIiRkYnSEO

822

View on X

Still wondering? A few quick answers below.

MDASH is a multi-model agentic scanning harness that uses over 100 specialized AI agents to autonomously discover and validate exploitable vulnerabilities in code.

The system uses a swarm of specialized agents to analyze code, debate potential flaws, and perform autonomous "proof of exploit" steps to confirm if a bug is actually dangerous.

MDASH is designed to run directly within a local GitHub Copilot environment, allowing developers to scan and fix code without leaving their primary workspace.

It generates standardized SARIF logs and HTML reports, providing detailed documentation of discovered vulnerabilities and their exploitability to help teams prioritize remediation efforts.

Every HeadsUpAI update is written based on its original source and reviewed before it's published. Read our editorial standards →

Keep reading

Microsoft Launches AI Red Teaming Agent to Automate Adversarial Safety Testing

Microsoft released the AI Red Teaming Agent in preview to automate the discovery of security risks in generative AI applications. The tool simulates adversarial attacks to measure vulnerabilities and generate safety scorecards, shifting safety engineering from manual probing to autonomous evaluation.

Microsoft ResearchMay 1

Microsoft Research Identifies Four Critical Risks in Interconnected AI Agent Networks

Microsoft Research red-teamed a network of over 100 autonomous agents to uncover vulnerabilities that only appear during agent-to-agent interactions. These network-level risks, including self-propagating worms and manufactured consensus, suggest that individual agent safety is insufficient for securing interconnected ecosystems.

Vercel Releases deepsec to Automate Deep Security Audits With Coding Agents

VercelMay 4

Vercel Releases deepsec to Automate Deep Security Audits With Coding Agents

Vercel open-sourced deepsec, a security harness that uses autonomous coding agents to identify and investigate vulnerabilities in large-scale codebases. Unlike traditional scanners that rely on static patterns, this tool uses high-reasoning models to trace data flows and validate findings through a multi-stage pipeline. By moving security audits into an agentic framework, teams can perform deep reviews that were previously too slow or expensive for manual researchers.

OpenAIMar 6

Codex Security Launches to Find, Validate, and Patch Code Vulnerabilities

OpenAI launched Codex Security, an AI agent that identifies complex code vulnerabilities, validates them automatically, and proposes targeted fixes. It cuts triage noise significantly, so security teams focus on real threats rather than false positives.

What is Microsoft MDASH?

How does MDASH find vulnerabilities?

Where can developers use MDASH?

What reports does MDASH provide?

Keep reading

Microsoft Launches AI Red Teaming Agent to Automate Adversarial Safety Testing

Microsoft Launches AI Red Teaming Agent to Automate Adversarial Safety Testing

Microsoft Research Identifies Four Critical Risks in Interconnected AI Agent Networks

Microsoft Research Identifies Four Critical Risks in Interconnected AI Agent Networks

Vercel Releases deepsec to Automate Deep Security Audits With Coding Agents

Vercel Releases deepsec to Automate Deep Security Audits With Coding Agents

Codex Security Launches to Find, Validate, and Patch Code Vulnerabilities

Codex Security Launches to Find, Validate, and Patch Code Vulnerabilities

Keep reading

Microsoft Launches AI Red Teaming Agent to Automate Adversarial Safety Testing

Microsoft Launches AI Red Teaming Agent to Automate Adversarial Safety Testing

Microsoft Research Identifies Four Critical Risks in Interconnected AI Agent Networks

Microsoft Research Identifies Four Critical Risks in Interconnected AI Agent Networks

Vercel Releases deepsec to Automate Deep Security Audits With Coding Agents

Vercel Releases deepsec to Automate Deep Security Audits With Coding Agents

Codex Security Launches to Find, Validate, and Patch Code Vulnerabilities

Codex Security Launches to Find, Validate, and Patch Code Vulnerabilities