Microsoft: Our AI-Powered Bug Hunting Means More Windows Security Patches #AI


Expect more security patches to appear in future Windows updates as Microsoft harnesses AI to speed up the discovery of software bugs in the OS. 

“As AI helps defenders discover more issues, customers will see a higher volume of security updates included in each security release,” Microsoft EVP Pavan Davuluri wrote in a blog post that’s intended to shed light on how it’s using powerful AI models to find and patch vulnerabilities, a growing trend across the tech industry.

In Microsoft’s case, the company has been using an AI system called MDASH, which can source from dozens of different specialized AI agents to find and validate software flaws. 

In May, Microsoft said MDASH helped it uncover 16 Windows vulnerabilities. Davuluri now says it has been running MDASH on the Windows codebase over “dedicated cloud infrastructure for scanning and proving.” The automated pipeline is designed to eliminate false positives and refer the “highest-confidence findings” to the company’s engineering team for review.  

(Credit: Microsoft)

Another goal is to use AI to discover problems earlier in the Windows development process, all the while relying on “human expertise to evaluate findings, make risk-based decisions and ensure fixes meet the quality bar customers expect,” he says.

“Our focus is to effectively utilize these AI tools to support faster protection, stronger engineering systems, and more actionable guidance for customers,” Davuluri adds. 

Finding and patching software bugs more quickly is obviously good, especially amid signs that hackers are starting to embrace AI as well. The only problem is that Microsoft has a history of rolling out Windows updates with errors. As a result, consumers and businesses often hold off from updating, even though it could leave their PCs and IT systems vulnerable. 

In his blog post, Davuluri acknowledges the issue, saying, “as the pace of vulnerability discovery increases, customers shouldn’t have to choose between speed and stability. Our job is to help customers stay protected while deploying updates with confidence. Windows will continue investing in the systems, engineering practices, and platform protections needed to reduce exposure responsibly at global scale.”

Microsoft’s use of AI also represents a test of whether the technology can truly improve and streamline Windows’ security, since AI-driven programming has faced criticism for making mistakes or creating shoddy code. Davuluri notes: “We’re making the following investments to help ensure that we are not compromising update quality as we gain speed.”

Recommended by Our Editors

The investments include validating the proposed Windows updates “across a range of testing environments, including the Security Update Validation Program (SUVP) and internal validation designed to help evaluate compatibility, reliability, and real-world usage scenarios.”  

“We’re also investing in new technology, including Windows-specific tools and agentic harnesses to enable end-to-end generation and validation of fixes using AI, keeping humans in the loop when it comes to code review,” he added. 

Still, customers can report a problematic Windows update. Enterprise customers can also use the Known Issue Rollback function to rein in a bad, non-security component of a Windows update without fully uninstalling it, ensuring the patches remain in place. For consumers, Microsoft will use the rollback feature on Windows devices if a bad update is detected.

“The most important guidance is to stay current and take security updates as soon as possible,” Davuluri says. “Timely patching is one of the most effective ways to reduce exposure, especially as AI accelerates the speed at which vulnerabilities can be discovered and exploited.”

About Our Expert





Click Here For The Original Source.

——————————————————–

..........

.

.

National Cyber Security

FREE
VIEW