Expect more security patches to appear in future Windows updates as Microsoft harnesses AI to speed up the discovery of software bugs in the OS.
“As AI helps defenders discover more issues, customers will see a higher volume of security updates included in each security release,” Microsoft EVP Pavan Davuluri wrote in a blog post that’s intended to shed light on how it’s using powerful AI models to find and patch vulnerabilities, a growing trend across the tech industry.
In Microsoft’s case, the company has been using an AI system called MDASH, which can source from dozens of different specialized AI agents to find and validate software flaws.
In May, Microsoft said MDASH helped it uncover 16 Windows vulnerabilities. Davuluri now says it has been running MDASH on the Windows codebase over “dedicated cloud infrastructure for scanning and proving.” The automated pipeline is designed to eliminate false positives and refer the “highest-confidence findings” to the company’s engineering team for review.
(Credit: Microsoft)
Another goal is to use AI to discover problems earlier in the Windows development process, all the while relying on “human expertise to evaluate findings, make risk-based decisions and ensure fixes meet the quality bar customers expect,” he says.
“Our focus is to effectively utilize these AI tools to support faster protection, stronger engineering systems, and more actionable guidance for customers,” Davuluri adds.
Finding and patching software bugs more quickly is obviously good, especially amid signs that hackers are starting to embrace AI as well. The only problem is that Microsoft has a history of rolling out Windows updates with errors. As a result, consumers and businesses often hold off from updating, even though it could leave their PCs and IT systems vulnerable.
In his blog post, Davuluri acknowledges the issue, saying, “as the pace of vulnerability discovery increases, customers shouldn’t have to choose between speed and stability. Our job is to help customers stay protected while deploying updates with confidence. Windows will continue investing in the systems, engineering practices, and platform protections needed to reduce exposure responsibly at global scale.”
Microsoft’s use of AI also represents a test of whether the technology can truly improve and streamline Windows’ security, since AI-driven programming has faced criticism for making mistakes or creating shoddy code. Davuluri notes: “We’re making the following investments to help ensure that we are not compromising update quality as we gain speed.”
Recommended by Our Editors
The investments include validating the proposed Windows updates “across a range of testing environments, including the Security Update Validation Program (SUVP) and internal validation designed to help evaluate compatibility, reliability, and real-world usage scenarios.”
“We’re also investing in new technology, including Windows-specific tools and agentic harnesses to enable end-to-end generation and validation of fixes using AI, keeping humans in the loop when it comes to code review,” he added.
Still, customers can report a problematic Windows update. Enterprise customers can also use the Known Issue Rollback function to rein in a bad, non-security component of a Windows update without fully uninstalling it, ensuring the patches remain in place. For consumers, Microsoft will use the rollback feature on Windows devices if a bad update is detected.
“The most important guidance is to stay current and take security updates as soon as possible,” Davuluri says. “Timely patching is one of the most effective ways to reduce exposure, especially as AI accelerates the speed at which vulnerabilities can be discovered and exploited.”
About Our Expert

Michael Kan
Principal Reporter
Experience
I’ve been a journalist for over 15 years. I got my start as a schools and cities reporter in Kansas City and joined PCMag in 2017, where I cover satellite internet services, cybersecurity, PC hardware, and more. I’m currently based in San Francisco, but previously spent over five years in China, covering the country’s technology sector.
Since 2020, I’ve covered the launch and explosive growth of SpaceX’s Starlink satellite internet service, writing 600+ stories on availability and feature launches, but also the regulatory battles over the expansion of satellite constellations, fights with rival providers like AST SpaceMobile and Amazon, and the effort to expand into satellite-based mobile service. I’ve combed through FCC filings for the latest news and driven to remote corners of California to test Starlink’s cellular service.
I also cover cyber threats, from ransomware gangs to the emergence of AI-based malware. In 2024 and 2025, the FTC forced Avast to pay consumers $16.5 million for secretly harvesting and selling their personal information to third-party clients, as revealed in my joint investigation with Motherboard.
I also cover the PC graphics card market. Pandemic-era shortages led me to camp out in front of a Best Buy to get an RTX 3000. I’m now following how the AI-driven memory shortage is impacting the entire consumer electronics market. I’m always eager to learn more, so please jump in the comments with feedback and send me tips.
Click Here For The Original Source.
