Microsoft announced the MDASH (Multi-model Agentic Scanning Harness) system—a multi-model agentic platform for automated detection, validation, and proof of exploitability of vulnerabilities in large codebases. According to the company, the system has already discovered 16 vulnerabilities that were fixed in the May 2026 Patch Tuesday release, including two critical remote code execution vulnerabilities in the Windows networking stack with CVSS scores of 9.8 and 8.1. The system is currently in a limited closed testing phase with selected customers.

Architecture: a pipeline of 100+ specialized agents

MDASH is designed as a model-agnostic system—it is not tied to a specific language model and, according to Microsoft, supports portability across model generations. The key architectural idea is the orchestration of more than 100 specialized AI agents running on an ensemble of state-of-the-art and distilled models. Each agent is optimized for a particular class of vulnerabilities and plays its role in a multi-stage pipeline.

The processing pipeline includes several sequential stages:

• Source code analysis — building a threat model and identifying the attack surface
• Audit — specialized “auditor” agents examine potentially vulnerable code paths
• Debate — a second group of “debater” agents validates the auditors’ findings by attempting to refute them
• Clustering — semantically equivalent findings are grouped together
• Proof — confirmation of the existence and exploitability of the vulnerability

A key mechanism is that of “disagreement”: state-of-the-art models are used for reasoning at the audit stage, distilled models for large-scale validation, and a separate state-of-the-art model acts as an independent adversary. As Microsoft explains, if an auditor flags a fragment of code as suspicious and the debater cannot refute it, the posterior confidence in the finding increases. According to the company, the specialized agents are built based on analysis of historical CVEs and corresponding patches.

Important to note: all descriptions of MDASH’s architecture and capabilities come solely from Microsoft and have not yet undergone independent verification.

Discovered vulnerabilities: two critical RCEs in the Windows networking stack

Of the 16 vulnerabilities that Microsoft attributes to MDASH, the company highlighted two critical ones affecting components of the Windows networking stack and authentication:

CVE-2026-33824 (CVSS 9.8) — a double-free vulnerability in the ikeext.dll library. An unauthenticated attacker can send specially crafted packets to a Windows machine with the Internet Key Exchange (IKE) version 2 protocol enabled, leading to remote code execution. The 9.8 CVSS score indicates maximum criticality: the attack requires no authentication, no user interaction, and is carried out over the network.

CVE-2026-33827 (CVSS 8.1) — a race condition vulnerability in the tcpip.sys Windows TCP/IP stack driver. An attacker can send a specially crafted IPv6 packet to a Windows host with IPSec enabled, which likewise leads to remote code execution. The lower CVSS score compared to the first vulnerability is likely due to the complexity of exploiting a race condition.

Both vulnerabilities are confirmed by official MSRC advisories. Exploitation status at the time of publication is unknown—neither CVE is included in the CISA KEV catalog.

Impact assessment

Both vulnerabilities affect core Windows networking components used in corporate environments. CVE-2026-33824 is particularly dangerous for organizations using VPN infrastructure based on IKEv2—this is the standard protocol for IPSec VPNs and is widely deployed in enterprise networks. CVE-2026-33827 threatens any Windows hosts with IPSec enabled in IPv6 networks, which is typical for large corporate and government infrastructures.

Unauthenticated remote code execution via the networking stack is one of the most dangerous classes of vulnerabilities, as it allows compromise without any user interaction and can be used for automated attacks.

Broader context: the race to build AI tools for vulnerability discovery

The MDASH announcement fits into an emerging trend: the largest technology companies are launching AI systems focused on automated vulnerability discovery. The source material mentions similar initiatives—Project Glasswing from Anthropic and Daybreak from OpenAI—however, these projects are not confirmed by independent sources within this analysis.

Microsoft Vice President for Agentic Security Tess Kim’s statement that “the durable advantage lies in the agentic system around the model, not in any single model” reflects a strategic shift: value is moving from raw model capabilities to orchestration architecture. Nonetheless, the assertion that AI-based vulnerability discovery has moved from a research stage to “enterprise-scale production-grade defense” is based primarily on the vendor’s self-reporting and requires independent confirmation.

Recommendations

• Install the May 2026 Patch Tuesday updates immediately—prioritizing patches for CVE-2026-33824 and CVE-2026-33827
• Prioritize CVE-2026-33824 (CVSS 9.8) for systems with IKEv2 enabled—this applies to VPN gateways and remote access servers
• Review IPSec configuration on Windows hosts in IPv6 networks—if immediate patching is not possible, consider temporarily restricting inbound IPv6 traffic to vulnerable systems
• Audit internet-exposed network services for open IKE ports (UDP 500, UDP 4500)
• Monitor MSRC advisories for updates on any active exploitation of these vulnerabilities

Regardless of how mature MDASH is as a tool, the vulnerabilities discovered with its help are real and confirmed by official Microsoft advisories. Organizations using IKEv2-based VPNs or IPSec in IPv6 networks should treat deploying patches for CVE-2026-33824 and CVE-2026-33827 as a first-order priority in the current update cycle.