The system combines multiple AI models to detect and respond to cyber threats, as Microsoft joins OpenAI and Anthropic in building AI-driven cybersecurity tools.

Microsoft launched MDASH, a system of multiple AI models that work together to analyze software code and identify weaknesses. The system splits the task into steps. One set of AI tools scans code for possible flaws. Another determines whether the findings are real. A final step attempts to create a working exploit to confirm the flaw exists.

Microsoft benchmarked MDASH against Anthropic’s Mythos and OpenAI’s Gen-5.5 using CyberGym, a tool developed at UC Berkeley. CyberGym measures the effectiveness of AI models to reproduce real-world cyber vulnerabilities. The benchmark includes 1,507 real-world vulnerabilities across 188 software projects.

On this benchmark, MDASH achieved the highest success rate, at 88.45%, meaning it reproduced known vulnerabilities in about 88% of test cases. MDASH edged out both Mythos and Gen-5.5, who scored 83.1% and 81.8%, respectively. 

In Microsoft-controlled testing, MDASH identified all 21 test vulnerabilities in a controlled environment with no false positives. It also detected 96% to 100% of known past vulnerabilities in selected Windows components.

MDASH is different than the Anthropic and OpenAI tools as it uses multiple AI components to complete a task. Microsoft said more than 100 specialized AI agents work together in stages to scan, verify, and confirm vulnerabilities. By comparison, the others use a single AI agent to detect cyber threats, perform assessments, and test vulnerabilities.

Microsoft is currently limiting access to MDASH to the company and a small group of customers, echoing Anthropic’s highly public policy, which limited access to Mythos to large technology companies, leading cybersecurity firms, and select government agencies. OpenAI is opening access to GPT-5.5-Cyber to a broader base of cyber professionals, but is vetting all applicants before granting access.