Microsoft Leverages AI to Accelerate Windows Security Patching Amid Record-Breaking Vulnerability Surge
Microsoft is increasingly utilizing artificial intelligence to identify and patch security vulnerabilities, a shift that is resulting in higher volumes of security updates included in each release for Windows users. The company stated in a blog post on Thursday that it is using AI to identify potential issues earlier. According to Microsoft, this process allows them to “ensure that we are not compromising update quality as we gain speed,” while maintaining human involvement in code reviews.
The cybersecurity landscape has reached what some describe as an arms race. Hackers, including amateurs, are using AI to quickly exploit security weaknesses, while security researchers utilize similar tools to find issues faster. This dynamic has led to more frequent high-severity vulnerabilities. Microsoft is updating its Secure Development Lifecycle to explicitly account for potential AI-enabled attack techniques and exploit paths. Furthermore, the company is investing in new technology, including Windows-specific tools and agentic harnesses, to generate and validate security fixes with AI, while keeping humans in the loop to “make risk-based decisions.”
Record-Breaking Security Releases
The impact of AI-assisted vulnerability discovery is becoming evident in the scale of recent updates. Microsoft released fixes for more than 200 security flaws on Tuesday, the largest Patch Tuesday in the program’s history. While Microsoft does not promote a single headline figure for its monthly totals, Trend Micro’s Zero Day Initiative (ZDI) counted 208 CVEs, noting it was the largest monthly release they had ever seen, eclipsing a record of 177 set last year. Tenable counted 198 CVEs, also labeling it the largest release since the program began.

Tom Gallagher, vice president of engineering at Microsoft’s Security Response Center, stated in a blog post that the company expects Patch Tuesday releases to continue trending larger. This surge aligns with a warning issued in April by Britain’s National Cyber Security Centre, which cautioned organizations to prepare for a wave of urgent updates driven by AI-assisted discovery. ZDI noted that the number of CVEs Microsoft has shipped in 2026 already exceeds the total for all of 2018.
AI-Driven Vulnerability Discovery
Alongside its May release, Microsoft disclosed an internal system codenamed MDASH, which the company said independently identified 16 of that month’s vulnerabilities before any human researcher flagged them. This month, ZDI reported that at least one publicly disclosed flaw appeared to have been found using similar automated methods. Microsoft emphasized that its AI models assist in the production of patches from discovery through to development and deployment, working alongside engineers to solve problems faster.
High-Severity Threats and Exploits
The discovery of critical bugs has raised concerns about potential self-spreading attacks. One flaw, tracked as CVE-2026-45657, is rated 9.8 out of 10 in severity. ZDI described the bug as “wormable,” meaning it could jump from one computer to another across a network on its own, similar to the 2017 WannaCry attack. While Microsoft rated the flaw as “less likely” to be exploited, ZDI urged organizations to install the fix immediately as researchers began reverse-engineering the underlying vulnerability in the Windows kernel.
Other vulnerabilities have already seen active exploitation. CVE-2026-41091, an elevation-of-privilege bug in Microsoft Defender rated 7.8 out of 10, was added to the U.S. Cybersecurity and Infrastructure Security Agency’s catalog of actively exploited flaws on May 20. Additionally, three zero-day flaws were disclosed, including a BitLocker bypass tracked as CVE-2026-50507. These CVEs are linked to a researcher known as Nightmare Eclipse, who has been in a months-long standoff with Microsoft regarding the disclosure of unpatched Windows flaws on GitHub.
As Microsoft continues to integrate AI into its security processes, the company maintains that it is focusing on “faster protection, stronger engineering systems and more actionable guidance for customers.”
Find more reporting in our 科学&テクノロジー section.
