Microsoft is using AI to find Windows 11 vulnerabilities faster
There’s a quiet arms race playing out inside every operating system: attackers find bugs, vendors patch them. Microsoft just changed the speed of that cycle for Windows 11.
The company announced on Wednesday that it has rebuilt parts of its vulnerability management pipeline around AI. The goal is simple — find critical flaws faster and ship fixes before attackers can weaponize them.
Pavan Davuluri, Microsoft’s EVP of Windows and Devices, said the shift was driven by the accelerating pace of AI-assisted vulnerability discovery. “AI helps our engineering teams identify exploitable issues more quickly and accelerates triage,” he wrote.
The new system has three layers. At the discovery stage, Windows engineering teams are using a scanning framework called MDASH that runs multiple frontier AI models in parallel. The idea is to surface a larger volume of potential vulnerabilities with fewer false negatives — problems a conventional static analyzer might miss.
Those candidates then enter a dedicated Windows validation pipeline. Only high-confidence results get forwarded to human engineers. Microsoft says this automated triage lets the team handle a much larger volume of potential bugs without drowning in noise.
The AI isn’t limited to raw discovery. It also helps developers understand faults and suggest fixes, and can locate similar issues elsewhere in the operating system. Another model helps decide which tests to run before an update ships.
Microsoft was careful to hedge the messaging: every fix is still reviewed by a human engineer before it reaches customers. The automation accelerates the front of the pipeline, but the release decision stays with people.
For regular users, the visible change is simple. Each month’s Windows 11 cumulative update will contain more fixes than before — some of which might never have been found without the AI layer.
The company also took the opportunity to nudge users who habitually defer updates. “As AI speeds up how attackers find and exploit vulnerabilities,” Davuluri noted, “delaying updates increases your exposure window.”
The subtext is clear. The same technology that helps Microsoft find bugs faster also helps bad actors find them faster. Patching on time is no longer a best practice — it’s table stakes.