The MDASH Blueprint: Defence at AI Speed

AI vulnerability discovery has crossed from a research curiosity into an engineering discipline — and the lesson underneath it is one I keep coming back to: the model is one input; the system is the product. A single large model, no matter how capable, can’t reliably reason across the proprietary, unpublished surface area of an enterprise codebase without drowning defenders in speculative noise. What works is orchestration — an ensemble of models and specialised agents that prepare, scan, validate, de-duplicate, and prove findings before a human ever sees them.

The blueprint below is MDASH — Microsoft’s Multi-Model Agentic Scanning Harness. In its 5.12.2026 cohort it discovered and helped patch 16 zero-day vulnerabilities, including 4 critical, largely pre-authentication RCEs across kernel- and user-mode components such as tcpip.sys, ikeext.dll, netlogon.dll, and dnsapi.dll. What makes it durable isn’t any one model — it’s the pipeline around the model, and what survives when the next model arrives.

⬇ Download the full blueprint (PDF, 15 MB)

The problem: single models hit a wall

Defence at AI Speed — the autonomous system outperforming single-model security

From research to production: the 5.12.2026 cohort discovered and patched 16 zero-days, including 4 critical pre-authentication RCEs across kernel- and user-mode Windows components

The limits of single-model analysis — three barriers: complexity and scale, deep system invariants, and the noise problem

Introducing MDASH

Introducing MDASH — Microsoft's Multi-Model Agentic Scanning Harness: an ensemble of models orchestrating 100+ specialised agents

The autonomous blueprint — a 5-stage pipeline: Prepare, Scan, Validate, Dedup, and Prove

How it validates and proves

Validation through adversarial debate — an Auditor model flags a suspect path while a Debater model cross-examines it at a decision gate, spiking credibility when the finding survives

The Prove stage — a CLFS proving plugin injects private filesystem domain knowledge to bridge the knowledge gap and turn a theoretical finding into an executable proof

Diagnostic matrix — single-model AI versus the MDASH agentic harness across reasoning scope, validation method, architecture, and lifespan/portability

Proof in the wild

Case study — CVE-2026-33827, a remote unauthenticated use-after-free in tcpip.sys that single models miss because release and reuse are separated by non-trivial control flow

Case study — CVE-2026-33824, an unauthenticated IKEv2 double-free escalating to LocalSystem RCE, found only through cross-file analysis

Ground-truth telemetry — 21 of 21 vulnerabilities found with zero false positives; 96% recall on clfs.sys and 100% recall on tcpip.sys MSRC cases

CyberGym benchmark — MDASH scores 88.45% versus 83.1% for the next best entry across 1,507 real-world vulnerability-reproduction tasks over 188 OSS-Fuzz projects

Why it lasts

Escaping the model lottery — context files, proving plugins, and configuration persist in the harness, so adopting a new model is a configuration flip rather than a rebuild

The durable advantage in the AI era — the right question is not "which model does it use?" but "what does it do with the model, and what survives when the next model arrives?"

The takeaway

The right question to ask of an AI security tool is no longer “which model does it use?” but “what does it do with the model, and what survives when the next model arrives?” MDASH is an answer to that question: validation through multi-agent debate is the difference between an actionable fix and a noisy triage backlog.

⬇ Download the full blueprint (PDF)

¶ Discussion

Comments are powered by Giscus / GitHub Discussions. They appear here once configured — see Configure Giscus in the project README and update GISCUS in src/consts.ts.