Microsoft says its Codename MDASH—an agentic AI system designed to cut through vulnerability-scanner noise—has moved beyond preview. At Build 2026, the company is folding MDASH into a broader enterprise security control plane that connects Microsoft Defender,
By the time security tools finish scanning a modern codebase, teams are often staring at an avalanche of red flags. Microsoft’s answer at Build 2026 isn’t just “scan harder.” It’s trying to decide what should be handled first—using AI agents built to triage vulnerability findings into something closer to actionable. exploit-focused risk.
The company’s Codename MDASH. first introduced last month as Microsoft Security’s multi-model agentic scanning harness. is now exiting preview. In today’s Build update. Microsoft says MDASH is being folded into a full enterprise security control plane. and it includes Microsoft Defender integration. The goal is to reduce security alert noise down to issues that directly tie to exploitable vulnerabilities.
Microsoft chief security architect Aleš Holeček framed the shift in blunt terms: AI vulnerability discovery has moved “from research curiosity into production-grade defense at enterprise scale. ” and the lasting advantage. he said. sits in the agentic system around the model—not any single model itself.
Under the hood, Microsoft is describing MDASH as an orchestrated pipeline of more than 100 specialized AI agents. Holeček said this ensemble of models is designed to discover. validate. and prove exploitability across codebases written in popular programming languages. Microsoft also said it uses state-of-the-art models for heavy reasoning and lower-cost models for high-volume operations. letting it trade speed. recall. and cost while minimizing dependence on any given model. The company says that design makes the system model-agnostic, so it can move models when necessary.
Microsoft isn’t just aiming for fewer alerts. It’s trying to fix the “signal-to-noise” problem that makes automated vulnerability work exhausting. The company describes MDASH as prioritizing “real, actionable risks over noisy findings” so security teams can focus on what can be exploited.
As a benchmark point, Microsoft said MDASH recently reached a CyberGym benchmark score of 96.55%, up from an earlier 88.45% in its original announcement last month.
That’s where the Build 2026 story becomes bigger than MDASH itself. Microsoft is presenting the update as part of a wider enterprise security platform effort—connecting not only security scanning, but the tools that surround development, runtime, data governance, and ongoing verification.
At Build 2026, Microsoft says MDASH is connected with Microsoft Defender, GitHub Code Security, Agent 365, and Purview. The integration, Microsoft says, is designed to bring runtime context into developer and security workflows so risks can be found, prioritized, and fixed earlier in the lifecycle.
Microsoft also provided a clearer picture of how vulnerability enrichment and remediation are meant to work together. The company says vulnerabilities discovered in code are automatically enriched with real production signals—such as internet exposure and data sensitivity—to inform prioritization. From there. Microsoft says developers can remediate issues using AI-assisted fixes generated. assigned. and validated through GitHub Copilot autofix and the GitHub Copilot cloud agent.
In other words, Microsoft is pushing toward a workflow where vulnerability discovery isn’t the end of the story. It’s the start of something that leads to verification and repair.
That shift also landed with outside experts watching Microsoft’s approach take shape. Morgan Adamski. Principal and Deputy Platform Leader of Cyber. Data. and Tech Risk at PwC US. said. “We see strong potential for MDASH to simplify and strengthen SecOps. helping organizations operate with greater resilience and confidence.”.
Kris Burkhardt, Chief Information Security Officer at Accenture, called the direction a “meaningful shift from reactive, rule-based scanning to agentic systems that can reason across complex codebases like a skilled security researcher.”
Microsoft’s positioning is equally direct: it wants to act as the security layer for AI-era software development and deployment—especially for companies deeply embedded in the Microsoft ecosystem. The company says. “There should never be a choice between innovation and safety. ” and that the capabilities announced today span the full development lifecycle: discovering what’s exploitable. governing what’s running. protecting the data AI depends on. and verifying that agents behave as intended before they reach production.
In the same thread, Microsoft made a claim that trust—not just model breakthroughs—will determine who moves fastest with AI safely. The company says progress in AI depends on more than breakthrough capabilities, arguing that organizations need to trust the systems they build and deploy.
Holeček tied that theme to the broader Build 2026 announcements as well. saying. “[Trust] is the common thread across the innovations announced at Build 2026 and the principle guiding our approach. Because the future of Al will belong not just to those who move fastest. but to those who can innovate with trust.”.
Whether this turns into a practical advantage will come down to what security teams experience after the rollout—fewer. higher-confidence alerts. and faster paths from finding a flaw to validating that a fix actually helps. For now, Microsoft is clearly betting that the next step in vulnerability management isn’t just automating more scans. It’s orchestrating agents that can triage, enrich context, and drive remediation inside the tools teams already use.
Microsoft MDASH Microsoft Security agentic AI vulnerability triage Microsoft Defender GitHub Code Security Agent 365 Purview GitHub Copilot autofix AI security agents Build 2026