Skip to main content

Microsoft turns AI loose on Windows bugs, patch numbers set to soar

Microsoft is taking a new approach to Windows security: letting AI do the heavy lifting when it comes to finding vulnerabilities. The company's Windows and Devices chief, Pavan Davuluri, recently shared that the team has been leaning heavily on artificial intelligence to identify security holes. And the early numbers are striking—June's Patch Tuesday updates patched roughly 200 vulnerabilities, a jump of nearly 70% compared to May's 118.

But before you start worrying that Windows is falling apart, Microsoft wants to make one thing clear: this doesn't mean the operating system is suddenly riddled with more bugs. It means the company is simply getting better at spotting them.

AI steps into the security lab

Back in May, Microsoft quietly rolled out an internal system called MDASH—short for Microsoft Detection and Analysis for Security Hardening. It's a multimodal AI security system that automatically scans critical Windows binary files, using multiple AI models to analyze potential vulnerabilities. The system then filters out false positives through a dedicated Windows verification process before handing the findings over to human engineers for manual confirmation.

This isn't just about finding bugs faster. Microsoft is also using AI to help with the repair process. The AI can assist engineers in analyzing what caused a vulnerability, generating candidate fixes, finding similar security issues, and even picking out regression tests. But here's the key: every patch still needs a human engineer to review and sign off before it ships. AI is playing a supporting role, not calling the shots.

What the numbers tell us

The impact is already visible in the data. The June Patch Tuesday release fixed about 200 vulnerabilities, compared to around 118 in May. That's a significant leap, and Microsoft says it's largely thanks to the new AI-driven approach. The company hasn't announced exactly when the AI-based vulnerability discovery and repair process will be fully implemented across the board, but the trend is clear: security updates are going to keep climbing.

What this means for Windows users

For everyday Windows users, more patches might sound like a hassle—nobody loves rebooting for updates. But in this case, more patches actually mean better security. More vulnerabilities are being caught and fixed before attackers can exploit them. Microsoft's move signals that AI is moving from external applications into the core of operating system security. Using AI to combat vulnerabilities is becoming the new normal in cybersecurity.

Key Points

  • Microsoft is using an internal AI system called MDASH to automatically scan Windows binaries for vulnerabilities.
  • June's Patch Tuesday fixed ~200 vulnerabilities, up nearly 70% from May's ~118.
  • AI assists with analysis, fix suggestions, and test selection, but human engineers still approve all patches.
  • The increase in patches reflects better detection, not a decline in Windows security.
  • AI-driven security is becoming standard practice for Microsoft.