Microsoft, Palo Alto Networks Find Many Vulnerabilities by Using AI on Their Own Code
Microsoft and Palo Alto Networks have leveraged advanced AI systems to discover numerous vulnerabilities in their own codebases. Microsoft's MDASH AI system identified 16 vulnerabilities fixed in the latest Patch Tuesday updates, including four critical ones affecting components like the Windows kernel TCP/IP stack and IKEv2 service. Palo Alto Networks used the Claude Mythos AI model to find 75 vulnerabilities across over 130 products, none of which are critical, and no known exploitation in the wild has been reported. These findings highlight a significant increase in vulnerability discovery driven by AI-assisted code analysis. Both companies emphasize the importance of rapid remediation and foresee AI integration into software development lifecycles to prevent future flaws. The vulnerabilities discovered vary in severity, with Microsoft reporting some critical issues and Palo Alto Networks reporting mostly medium and high severity vulnerabilities requiring specific configurations for exploitation.
AI Analysis
Technical Summary
Microsoft's MDASH AI system orchestrates over 100 specialized AI agents to scan, validate, and construct proofs of vulnerabilities in Microsoft codebases, successfully identifying 16 vulnerabilities in the latest Patch Tuesday, including four critical unauthenticated remote code execution flaws. MDASH demonstrated high accuracy on historical vulnerability data and public benchmarks. Palo Alto Networks employed the Claude Mythos AI model and other frontier AI technologies to analyze more than 130 products, resulting in 26 advisories covering 75 vulnerabilities, none critical and with no known exploitation. The AI-driven approach accelerates vulnerability discovery and patching, signaling a shift towards integrating AI into secure software development lifecycles. Both companies have released patches for the discovered vulnerabilities, with Microsoft’s fixes included in Patch Tuesday updates and Palo Alto Networks issuing multiple advisories.
Potential Impact
The impact includes the identification of multiple vulnerabilities, some critical, in widely used Microsoft components, potentially reducing the window of exposure through timely patching. Palo Alto Networks’ findings, while numerous, do not include critical vulnerabilities and have no known exploitation in the wild, indicating a lower immediate risk. The use of AI has significantly increased the volume and speed of vulnerability discovery, which may lead to faster remediation but also implies a potential increase in disclosed vulnerabilities that organizations must address promptly.
Mitigation Recommendations
Microsoft has released official patches for the vulnerabilities discovered by MDASH as part of its Patch Tuesday updates. Palo Alto Networks has published 26 security advisories covering 75 vulnerabilities, all patched or mitigated. Organizations using affected Microsoft and Palo Alto Networks products should apply the latest security updates promptly. There is no indication of exploitation in the wild for these vulnerabilities. The vendor advisories represent the authoritative source for remediation status. Patch status is confirmed as official fixes are available. No additional mitigation beyond applying vendor patches is indicated.
Microsoft, Palo Alto Networks Find Many Vulnerabilities by Using AI on Their Own Code
Description
Microsoft and Palo Alto Networks have leveraged advanced AI systems to discover numerous vulnerabilities in their own codebases. Microsoft's MDASH AI system identified 16 vulnerabilities fixed in the latest Patch Tuesday updates, including four critical ones affecting components like the Windows kernel TCP/IP stack and IKEv2 service. Palo Alto Networks used the Claude Mythos AI model to find 75 vulnerabilities across over 130 products, none of which are critical, and no known exploitation in the wild has been reported. These findings highlight a significant increase in vulnerability discovery driven by AI-assisted code analysis. Both companies emphasize the importance of rapid remediation and foresee AI integration into software development lifecycles to prevent future flaws. The vulnerabilities discovered vary in severity, with Microsoft reporting some critical issues and Palo Alto Networks reporting mostly medium and high severity vulnerabilities requiring specific configurations for exploitation.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
Microsoft's MDASH AI system orchestrates over 100 specialized AI agents to scan, validate, and construct proofs of vulnerabilities in Microsoft codebases, successfully identifying 16 vulnerabilities in the latest Patch Tuesday, including four critical unauthenticated remote code execution flaws. MDASH demonstrated high accuracy on historical vulnerability data and public benchmarks. Palo Alto Networks employed the Claude Mythos AI model and other frontier AI technologies to analyze more than 130 products, resulting in 26 advisories covering 75 vulnerabilities, none critical and with no known exploitation. The AI-driven approach accelerates vulnerability discovery and patching, signaling a shift towards integrating AI into secure software development lifecycles. Both companies have released patches for the discovered vulnerabilities, with Microsoft’s fixes included in Patch Tuesday updates and Palo Alto Networks issuing multiple advisories.
Potential Impact
The impact includes the identification of multiple vulnerabilities, some critical, in widely used Microsoft components, potentially reducing the window of exposure through timely patching. Palo Alto Networks’ findings, while numerous, do not include critical vulnerabilities and have no known exploitation in the wild, indicating a lower immediate risk. The use of AI has significantly increased the volume and speed of vulnerability discovery, which may lead to faster remediation but also implies a potential increase in disclosed vulnerabilities that organizations must address promptly.
Mitigation Recommendations
Microsoft has released official patches for the vulnerabilities discovered by MDASH as part of its Patch Tuesday updates. Palo Alto Networks has published 26 security advisories covering 75 vulnerabilities, all patched or mitigated. Organizations using affected Microsoft and Palo Alto Networks products should apply the latest security updates promptly. There is no indication of exploitation in the wild for these vulnerabilities. The vendor advisories represent the authoritative source for remediation status. Patch status is confirmed as official fixes are available. No additional mitigation beyond applying vendor patches is indicated.
Technical Details
- Article Source
- {"url":"https://www.securityweek.com/microsoft-palo-alto-networks-find-many-vulnerabilities-by-using-ai-on-their-own-code/","fetched":true,"fetchedAt":"2026-05-13T16:06:23.611Z","wordCount":1304}
Threat ID: 6a04a17fcbff5d8610e557ab
Added to database: 5/13/2026, 4:06:23 PM
Last enriched: 5/13/2026, 4:06:31 PM
Last updated: 5/13/2026, 6:23:42 PM
Views: 5
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.