Microsoft Unveils MDASH AI to Combat Cyber Threats

What MDASH Is and How It Works

MDASH was initially developed to protect Microsoft’s own code by leveraging multiple third-party AI models for security tasks. It functions as an agentic security system orchestrating more than 100 specialized AI agents across various frontier and distilled models.

Unlike traditional security approaches that rely on a single vendor or model, MDASH selects the most effective model for each specific security task. The system discovers, validates, and proves exploitable bugs end-to-end. Microsoft’s Autonomous Code Security team built the platform, and it now ranks at the top of the CyberGym AI security benchmark, outperforming single-model systems in real-world scenarios.

The technology is now available to other organizations through a private usage program, marking a significant shift towards scalable, AI-driven, collaborative security models across the industry.

The Growing AI Threat Landscape

Microsoft identifies five key areas where advanced AI models offer disproportionate advantages to attackers: patching, open-source software, custom code, publicly exposed systems, and baseline security hygiene. The rapid progression of AI capabilities has accelerated the cyber threat landscape beyond previous expectations.

AI models are increasingly matching advanced human skills in pinpointing security weaknesses with accuracy and depth, which lowers the barrier for sophisticated attacks at scale. This urgency is reflected in findings from Boston Consulting Group’s report, AI Is Raising the Stakes in Cybersecurity, which highlights a growing gap between threat exposure and defensive readiness.

“Organizations can no longer rely on legacy approaches to security alone,” states Kerissa Varma, Microsoft’s Chief Security Advisor for Africa. “In a world where vulnerabilities can be discovered and exploited at scale, manual processes simply cannot keep up. The need for modern, cloud-based infrastructure and AI-driven defence has become urgent.”

The African Cybersecurity Reality

The security challenge is particularly acute in Africa. According to the BCG report, nearly 60% of African companies reported experiencing AI-enabled cyberattacks in the past year, yet only half prioritize AI for defense.

Cybersecurity challenges are compounded by a significant workforce shortage. The report indicates that 82% of African organizations struggle to hire AI-cybersecurity talent. Microsoft has expanded its cybersecurity skills campaign to South Africa, aiming to close this gap. Through Ikamva Digital, industry-aligned learning is delivered across 50 TVET colleges, equipping youth with in-demand cybersecurity skills for roles like security analyst and IT administrator.

A Unified Defense Strategy

Microsoft encourages organizations to focus on foundational resilience, including modern cloud-based infrastructure, timely patching, robust security hygiene, and integrating AI for defense. The company’s Secure Now initiative provides actionable recommendations to address key risk areas, regardless of an organization’s use of Microsoft security solutions.

This work supports Microsoft’s broader Secure Future Initiative, which places security at the core of all company operations. The availability of MDASH through a private program signals Microsoft’s commitment to helping the broader industry match the rapid pace of AI-powered threats with equally sophisticated defensive measures.

As Varma notes, defending against modern cyber threats requires a shift from manual, legacy approaches to automated, AI-driven systems that operate at scale. MDASH represents one piece of that evolving strategy.