Microsoft, Palo Alto Networks Uncover 91 Vulnerabilities Using AI-Driven Code Scanning
In a significant development for the cybersecurity landscape, Microsoft and Palo Alto Networks have reported substantial findings after employing artificial intelligence (AI) to analyze their own code for vulnerabilities. This advancement marks a pivotal moment in the ongoing evolution of vulnerability discovery, raising questions about the future of cybersecurity practices.
The Role of Advanced AI Models
The introduction of sophisticated AI models, such as Claude Mythos, has ignited discussions within the cybersecurity community about the potential transformation of vulnerability detection. While some organizations herald these AI models as a game-changer, others remain skeptical regarding their effectiveness.
On Tuesday, Microsoft announced that its latest Patch Tuesday updates, which addressed a total of 137 vulnerabilities, included over a dozen vulnerabilities identified by its newly developed AI system, MDASH (Multi-Model Agentic Scanning Harness). This system was created by the company’s Autonomous Code Security team.
Meanwhile, Palo Alto Networks disclosed on Wednesday that it utilized Claude Mythos and other advanced AI models to perform an extensive scan of its product portfolio, uncovering dozens of vulnerabilities in the process.
Microsoft’s MDASH System: A New Frontier in Vulnerability Detection
Microsoft’s MDASH system orchestrates more than 100 specialized AI agents across various frontier and distilled AI models to identify vulnerabilities in its codebases. The system is engineered to follow a structured pipeline that includes several distinct stages: preparation, scanning, validation, deduplication, and proof construction. Each agent within the system has a specific role; some focus on identifying potential vulnerabilities, while others assess their exploitability. The final stage aims to construct inputs that can trigger the identified bugs. This multi-stage debate architecture ensures that findings undergo rigorous scrutiny before being presented to human engineers.
According to Microsoft, MDASH was instrumental in discovering 16 of the vulnerabilities addressed in the latest Patch Tuesday updates. Among these, four were classified as critical, including unauthenticated remote code execution flaws in components such as the Windows kernel TCP/IP stack and the IKEv2 service.
In tests against pre-patch snapshots of two heavily audited Windows components, MDASH successfully recovered 96% and 100% of the confirmed vulnerabilities identified over the past five years. Additionally, on the public CyberGym benchmark, which encompasses 1,507 real-world vulnerability tasks, the AI system achieved an impressive 88% rating.
Currently, MDASH is in a limited private preview phase, with Microsoft inviting security teams to apply for early access.
Palo Alto Networks’ Record Advisory Release
Palo Alto Networks, known for its regular publication of 5-10 advisories per month, made headlines on Wednesday by releasing 26 new advisories, a record attributed to its early access to advanced AI models like Mythos. The company employed AI to analyze over 130 products across both SaaS-delivered and customer-operated environments, including those acquired through recent purchases of CyberArk, Chronosphere, and Koi.
The 26 advisories cover a total of 75 vulnerabilities. While some were identified by external researchers, the majority were detected internally through AI analysis. Importantly, none of the vulnerabilities are classified as critical, and there is no evidence suggesting they have been exploited in the wild. Three high-severity vulnerabilities were noted, but their exploitation necessitates highly specific configurations.
Palo Alto Networks anticipates a surge in vulnerability discovery and patching as AI scanning becomes increasingly prevalent. The firm emphasizes the urgency for organizations to act swiftly, as they may have only a 3-5 month window to stay ahead of adversaries.
The company also highlighted that while immediate efforts focus on remediating vulnerabilities, the long-term strategy involves integrating AI models directly into the software development lifecycle to prevent flaws from reaching production code.
Marc Benoit, CISO of Palo Alto Networks, stated, “Releasing 26 security advisories in a single day is a direct result of our internal security research utilizing Frontier AI models. Volume does not equal severity; rather, it reflects our commitment to finding issues while their exploitation status remains ‘none known.’”
For further insights into the evolving landscape of cybersecurity, including the implications of AI in vulnerability detection, visit SecurityWeek.
Keep reading for the latest cybersecurity developments, threat intelligence and breaking updates from across the Middle East.
