Microsoft is reportedly preparing an AI-assisted vulnerability discovery service called Project Perception, but there is no evidence that it produced the fixes in Windows’ latest Patch Tuesday. The more immediate Windows security story is MDASH, Microsoft’s existing multi-model scanning system, which the company has already tied to vulnerability research and is now previewing through Microsoft Security Exposure Management.
As reported by Neowin, citing The Information, Project Perception would route code-analysis tasks among models from Microsoft, OpenAI, and Anthropic. The aim is to find and help remediate software flaws while selecting the most suitable model for each job, rather than relying on one expensive frontier model for every scan. The report says Microsoft may launch the product in July, though Microsoft has not publicly announced its availability, pricing, supported workloads, or customer eligibility.
Microsoft’s public work is called MDASH, short for Multi-Model Agentic Scanning Harness. In a May security blog post, Microsoft said MDASH had helped researchers identify 16 Windows networking and authentication vulnerabilities for that month’s Patch Tuesday, including critical remote-code-execution bugs.
Microsoft describes MDASH as an agentic system rather than a single model: multiple models and specialized agents inspect code, validate possible findings, and pass the highest-confidence results to engineers. Microsoft’s Security Exposure Management release notes now list an MDASH public preview, with scans available through Defender CLI and a GitHub connector.
That matters because it makes the suggestion that Project Perception created the latest Windows patches speculative. Neowin notes that a relationship between Perception and MDASH is unclear. The names may describe related efforts, or Perception could be a future commercial layer built around similar internal technology, but neither point has been confirmed by Microsoft.
That is good for defenders only if organizations keep up with deployment and testing. AI may accelerate discovery, but it does not remove the operational work: validating fixes against line-of-business applications, prioritizing internet-facing systems, and deploying updates quickly where exploitation is known or likely.
Anthropic’s Mythos 5 illustrates why access to these tools is sensitive. Anthropic says its restricted model can find and exploit software vulnerabilities at a level beyond most human security experts, while its broadly available Fable 5 applies classifiers and falls back to a less capable model for cyber-related requests. Project Perception, if it appears, could face similar access controls.
For Windows admins, the actionable item remains unchanged: treat the July security updates as a major deployment cycle and use Microsoft’s published advisories—not reports about an unreleased AI product—to set patch priority.
As reported by Neowin, citing The Information, Project Perception would route code-analysis tasks among models from Microsoft, OpenAI, and Anthropic. The aim is to find and help remediate software flaws while selecting the most suitable model for each job, rather than relying on one expensive frontier model for every scan. The report says Microsoft may launch the product in July, though Microsoft has not publicly announced its availability, pricing, supported workloads, or customer eligibility.
Perception is separate from MDASH, for now
Microsoft’s public work is called MDASH, short for Multi-Model Agentic Scanning Harness. In a May security blog post, Microsoft said MDASH had helped researchers identify 16 Windows networking and authentication vulnerabilities for that month’s Patch Tuesday, including critical remote-code-execution bugs.Microsoft describes MDASH as an agentic system rather than a single model: multiple models and specialized agents inspect code, validate possible findings, and pass the highest-confidence results to engineers. Microsoft’s Security Exposure Management release notes now list an MDASH public preview, with scans available through Defender CLI and a GitHub connector.
That matters because it makes the suggestion that Project Perception created the latest Windows patches speculative. Neowin notes that a relationship between Perception and MDASH is unclear. The names may describe related efforts, or Perception could be a future commercial layer built around similar internal technology, but neither point has been confirmed by Microsoft.
More fixes, not automatic fixes
The July Patch Tuesday volume—reported at roughly 570 vulnerabilities across Microsoft products—has renewed attention on AI-assisted bug discovery. More effective internal scanning will likely mean larger security update batches, because Microsoft can uncover defects before attackers or outside researchers do.That is good for defenders only if organizations keep up with deployment and testing. AI may accelerate discovery, but it does not remove the operational work: validating fixes against line-of-business applications, prioritizing internet-facing systems, and deploying updates quickly where exploitation is known or likely.
Anthropic’s Mythos 5 illustrates why access to these tools is sensitive. Anthropic says its restricted model can find and exploit software vulnerabilities at a level beyond most human security experts, while its broadly available Fable 5 applies classifiers and falls back to a less capable model for cyber-related requests. Project Perception, if it appears, could face similar access controls.
For Windows admins, the actionable item remains unchanged: treat the July security updates as a major deployment cycle and use Microsoft’s published advisories—not reports about an unreleased AI product—to set patch priority.
References
- Primary source: Neowin
Published: 2026-07-17T11:32:01+00:00
Loading…
www.neowin.net - Related coverage: pcgamer.com
More Windows security updates to come as Microsoft leverages AI vulnerability detection, but 'only the highest-confidence findings reach the engineering team' | PC Gamer
Humans still make the key decisions and handle fixes, though.www.pcgamer.com - Related coverage: thehackernews.com
Microsoft Patches Record 622 Flaws, Including Two Zero-Days Under Active Attack
Microsoft fixes a record 622 CVEs, including two exploited SharePoint and AD FS zero-days, while a Kerberos RC4 change could break service account logthehackernews.com
- Related coverage: tweakers.net
Loading…
tweakers.net - Related coverage: windowslatest.com
Loading…
www.windowslatest.com - Related coverage: windowscentral.com
Windows now uses AI to find and help fix vulnerabilities, but it's not replacing humans | Windows Central
Microsoft is deploying MDASH across Windows to discover issues earlier, draft fixes faster, and ship denser security updates.www.windowscentral.com