Build 2026: MDASH from Microsoft leaves preview with more than 100 AI agents specialized in threat hunting

Build 2026: Microsofts MDASH completes the preview with over 100 specialized AI agents for threat search

At the heart of Microsoft's build 2026 security news is an Agent AI security system designed to find real exploitable vulnerabilities, defenders and GitHub to connect and help developers fix them faster. Microsoft turns AI into a security triage tool. Microsoft wants to secure code, agents, data and models. MDASH uses AI agents to suppress scanner noises. Last month, Microsoft introduced MDASH to its multi-mount agent scanning system for Microsoft Security. Despite the unfortunate name, this was a big step aimed at reducing safety warnings from constant noise to those that cause directly exploitable vulnerabilities. The great news of Build 2026 is today that Microsoft bundles the MDASH function into a full security control level for companies and connects Defender, GitHub Code Security, Agent 365 and Purview. According to Aleš Holeček, Microsoft’s chief security architect, “the recognition of AI security centres has evolved from research interests to production-grade defense at company level, and the lasting advantage lies in the agent system around the model and not in a single model itself.”

How MDASH Changes Vulnerability Analysis

One of the major problems in security automation is the signal-to-noise ratio. When we release an algorithm or AI on a network or a code base, the automated tool often displays hundreds if not thousands of warning signals. Although it is probably true that all worrying implementation details that a security scanner finds can be problematic, they are not all worth a five-alarm reaction. Think about how Triage works in a war zone. Hundreds of wounded troops hit the triage zone. Doctors and nurses take a quick look at the individual cases and try to find out who needs life-saving measures, who can last for a while and who is too far away to save him. They then focus primarily on those who are seriously at risk and who can save them. MDASH (Official Codename MDASH) is essentially an agent-based AI system that selects vulnerabilities. Instead of overcoming damage limitation teams with constant insights into vulnerabilities, “MDASH gives priority to real, viable risks to knowledge to help teams focus on what can be exploited.”

Although Microsoft does not specify which models MDASH uses, the company specifies that there are state-of-the-art models used for demanding considerations and more cost-effective models for high-volume processes. The company specifies that it can harmonize speed, recall and costs and minimise the dependency on a particular model. They also say that the system becomes model-independent and can shift models if necessary. Holeček said: “This new agent security system orchestrates a pipeline of more than 100 specialized AI agents with the help of an ensemble of models to discover, validate and prove the usability in code bases written in common programming languages.”

I am not a big fan of citing benchmark results because tools can be tuned to the benchmark. However, Microsoft stated that MDASH has recently reached a CyberGym benchmark score of 96.55 %, compared to 88.45 % in the original announcement last month. The overall picture

Microsoft uses Build 2026 to integrate MDASH into a more comprehensive corporate security platform instead of continuing to discuss MDASH as a private preview. Redmond announced that MDASH is now available for authorized organizations in the extended preview and that includes Microsoft Defender integration. All this is part of Microsoft's efforts to secure the entire AI development lifecycle across code, agents, prompts, data and models, and then use it to secure the network itself. “We see that cyber threats are rapidly evolving, with Al accelerating both the extent and complexity of the attacks,” says Morgan Adamski, Principal and Deputy Platform Leader of Cyber, Data, and Tech Risk at PwC US. Adamski continues: “We see great potential for MDASH to simplify and strengthen SecOps and to help organisations act more robust and safer.”

In addition, Microsoft Defender and GitHub Code Security are integrated to integrate runtime context into developer and security workflows, so that risks can be found, prioritised and eliminated earlier in the life cycle. According to Microsoft, “vulnerabilities discovered in the code are automatically enriched with real production signals such as internet presence and data sensitivity to inform prioritization. Developers can then fix problems using Al-supported fixes that are generated, assigned and validated via GitHub Copilot Autofix and the GitHub Copilot Cloud Agent.”

Developers can then use GitHub Copilot Autofix and the GitHub Copilot Cloud Agent to generate, assign and validate fixes. Essentially, this range of tools will help network managers and developers to be one step ahead of some of the worst vulnerabilities while recognizing others before being used for the first time. Kris Burkhardt, Chief Information Security Officer at Accenture, says: “What Microsoft is building with MDASH reflects a significant change from reactive, rule-based scanning to agent systems, which, like an experienced security researcher, can lead to complex code bases.”

Microsoft wants to deploy the AI security layer

The history of Build is that Microsoft is positioned as a security layer for software development and deployment in AI age, in particular for companies anchored in the Microsoft ecosystem. Microsoft says: “There should never be a choice between innovation and security. The functions announced today include the entire development life cycle: discovering what can be exploited, controlling what is being done, protecting the data that Al depends on, and verifying that agents behave as intended before they enter production.”

The company makes an interesting claim. Microsoft says that progress in AI is not only dependent on groundbreaking skills. It depends on whether companies can trust the systems they create and deploy. This means, of course, that systems that build up and with the Microsoft infrastructure can promote this trust. Holeček describes it as follows: “[confidence] is the red thread of all the innovations announced on Build 2026 and the guiding principle of our approach. For the future of Al is not only for those who progress the fastest, but for those who can innovate with confidence.”

To be fair: This is Microsoft, a company with a very long success story in making big swings, hitting the ball and throwing it out of the park. If Microsoft tools can prove the usability and connect it with the fix, this could redesign the vulnerability management of companies and make organizations much safer. Would your team prefer less, more trustworthy security warnings or more comprehensive scans to identify more possible problems? Let us know below in the comments.