Microsoft’s MDASH AI beats Anthropic’s Mythos in bug detection, finds 16 new Windows flaws
The multi-agent AI system scored 88.45% on the CyberGym benchmark, outpacing both Anthropic and OpenAI in vulnerability discovery
Microsoft just dropped what might be the most consequential cybersecurity tool of 2026, and it’s not a firewall or an antivirus update. It’s an AI system called MDASH that found 16 previously unknown Windows vulnerabilities, including four critical remote code execution flaws, and helped patch 570 security issues in a single month.
For context, finding even one critical RCE vulnerability in the Windows kernel TCP/IP stack is headline-worthy. Finding four across critical components like the kernel and IKEv2 service, then patching them before bad actors could exploit them, is the kind of thing that keeps CISOs sleeping at night instead of staring at their ceiling.
What MDASH actually is
MDASH stands for Multi-model Agentic Scanning Harness. It’s an ensemble of over 100 specialized AI agents working across multiple models to find, validate, and help fix security bugs.
The system was developed by Microsoft’s Autonomous Code Security team and formally unveiled on May 12, 2026. All 16 newly discovered vulnerabilities were addressed in the May 2026 Patch Tuesday update, meaning MDASH didn’t just find the bugs. It found them fast enough to fit within Microsoft’s existing monthly security cadence.
MDASH scored 88.45% on the CyberGym benchmark, an industry-standard test for AI-driven vulnerability detection. Anthropic’s Claude Mythos Preview came in at 83.1%. OpenAI’s GPT-5.5 scored 81.8%.
Microsoft announced plans to offer a limited private preview to enterprise customers starting June 2026.
The competitive landscape is getting awkward
Microsoft is simultaneously beating Anthropic on the CyberGym benchmark while participating in Anthropic’s Project Glasswing coalition, a collaborative initiative that gives select partners early access to AI-driven security tools. That coalition includes AWS, Google, and Apple.
The four critical RCE flaws that MDASH uncovered deserve particular attention. Remote code execution vulnerabilities in kernel-level components are the skeleton keys of cybersecurity. An attacker exploiting an unpatched RCE in the TCP/IP stack could potentially take over a system without any user interaction.
Why crypto and digital asset investors should care
The entire crypto ecosystem runs on code. Smart contracts, bridge protocols, wallet infrastructure, exchange backends. Every piece of it is software, and every piece of software has bugs. The same class of vulnerabilities that MDASH found in Windows, remote code execution flaws in networking stacks, are precisely the kind of bugs that have led to some of the largest crypto exploits in history.
The enterprise preview launching in June 2026 will be worth watching closely. The firms that integrate these capabilities early will have a meaningful edge.