According to Pavan Davuluri, executive VP for Windows + Devices, the company now uses a multi-model agentic scanning harness (MDASH) to scale discovery and shrink the attack window for zero-day exploits.
How Microsoft Uses MDASH to Accelerate Patching
Microsoft has shifted vulnerability discovery from a separate activity to a core part of the build and review process. Davuluri stated that the company employs MDASH, a tool that integrates multiple leading third-party AI vulnerability discovery models, to scan critical binaries.

The process operates via a two-stage pipeline. First, a scanner pipeline uses “multi-model debate” across different model families to validate candidates. Second, confirmed candidates move to a Windows-specific “prove pipeline” designed to eliminate false positives. This ensures only high-confidence findings reach engineering teams, which Davuluri claims shortens the review window for new vulnerabilities.
Industry Shift: Oracle and VMware Adopt High-Frequency Updates
Microsoft isn’t the only vendor pivoting to AI-accelerated patching. Oracle recently announced it will add a monthly critical patch dump to its existing quarterly security update service, citing AI bug-finders as the catalyst for the increased frequency.

To address this, VMware introduced "Express Patches." Unlike traditional updates, these ship independently and can be applied in any order without requiring a full product upgrade first.
| Vendor | AI-Driven Change | Patching Strategy |
|---|---|---|
| Microsoft | MDASH Scanning | Higher volume per release; push for auto-patching |
| Oracle | AI Bug-Finders | New monthly critical patch dump |
| VMware | N/A | “Express Patches” for independent deployment |
The Push Toward Automated Patch Management
Davuluri argues that the rise in patch volume justifies a heavier investment in automated patching tools. He suggests that customers using these tools will be better equipped to keep pace with the increased frequency of security releases.
By applying AI across security analysis, Microsoft claims it can prioritize risk and identify patterns faster across the entire Windows codebase.
FAQ: AI and Security Patching
Why are there suddenly more Windows security updates?
What is MDASH?
The multi-model agentic scanning harness is a Microsoft tool that uses various AI models to identify and validate software vulnerabilities in the Windows codebase.
Do I need automated patching tools now?
According to Microsoft, automated tools are becoming essential to keep pace with the increased volume of security updates generated by AI discovery.
How is your organization handling the increase in patch frequency? Are you moving toward full automation or sticking to manual verification? Let us know in the comments or subscribe to our newsletter for more enterprise security insights.
