CONNECT WITH US
Gaming

Gaming

More Windows security updates to come as Microsoft leverages AI vulnerability detection, but 'only the highest-confidence findings reach the engineering team'

Published on

Add as a preferred source on Google
More Windows security updates to come as Microsoft leverages AI vulnerability detection, but 'only the highest-confidence findings reach the engineering team'

I'm pretty staunchly opposed to the use of generative AI—for me, it's the one-two punch of dubiously sourced datasets and the argument that these models can replace the human creatives they so often rip off. That said, even I'm a little bit intrigued by AI's application in cybersecurity.

Case in point, Microsoft recently shared that it is deploying AI to "identify [issues] faster, prioritize risk, and scale vulnerability discovery across the Windows codebase" as well as "reduce the time between discovery and customer protection." Specifically, Microsoft Security leverages a multi-model agentic scanning harness—or MDASH, for short.

MDASH uses multiple different AI models, including "leading third-party AI vulnerability discovery models," on dedicated Cloud infrastructure to scan for vulnerabilities within Windows.

The executive vice president of Windows + Devices, Pavan Davuluri, explains, "A scanner pipeline scans critical binaries and validates candidates using multi-model debate across multiple model families. Confirmed candidates then flow to a separate, Windows-specific prove pipeline that helps eliminate remaining false positives, so only the highest-confidence findings reach the engineering team."

Multiple times, the emphasis is placed on the use of AI tools "to reduce the time from discovery to protection," whereas 'human expertise' is still what handles key security decisions and fixes.

Davuluri goes on to add, "As AI helps defenders discover more issues, customers will see a higher volume of security updates included in each security release. This is evidence that defenders are getting better at identifying and addressing issues. Our focus is to effectively utilize these AI tools to support faster protection, stronger engineering systems and more actionable guidance for customers."

Microsoft is far from the only company leveraging AI, with Firefox's CTO raving about Claude Mythos' bug-hunting capabilities after it found 271 vulnerabilities in the browser earlier this year. Last year, we also saw an AI hold the top spot in a leaderboard that ranks people who hunt for system vulnerabilities.

Obviously, I'm still not thrilled by the fact that these cybersecurity applications are necessitated by threat actors increasingly using AI in their attacks. For example, one AI-assisted hacking group hit targets with a complicated 'social engineering' scam involving deepfaked CEOs, spoofed Zoom calls, and a malicious troubleshooting program.

That said, both LLMs and AI agents can also be manipulated themselves, with security researchers finding that both bad maths and even poetry can be leveraged to get around AI models' safety guard rails. With all sides leveraging machine learning to some degree, it's hard not to feel like it's a bit of a race to the bottom—or wonder which side will win out.



Source link

Disclaimer

We strive to uphold the highest ethical standards in all of our reporting and coverage. We StartupNews.fyi want to be transparent with our readers about any potential conflicts of interest that may arise in our work. It's possible that some of the investors we feature may have connections to other businesses, including competitors or companies we write about. However, we want to assure our readers that this will not have any impact on the integrity or impartiality of our reporting. We are committed to delivering accurate, unbiased news and information to our audience, and we will continue to uphold our ethics and principles in all of our work. Thank you for your trust and support.