Microsoft is going all in with a new AI-powered Windows security strategy – what it means for you

Follow ZDNET: Add us as a favorite resource on Google.
Highlights taken by ZDNET
- Microsoft is accelerating its use of AI to detect vulnerabilities in Windows.
- New test methods have already sent significant fixes to customers.
- Business managers should be prepared to see more improvements with each update.
In the ongoing battle between hackers who attack corporate networks and the engineers who protect them, one side has an unfair advantage. Bad guys can attack thousands unsuccessfully without consequence, but if they succeed once, they can reap wealth and wreak havoc. The good guys have to repel all attacks.
Adding AI to the mix makes the problem even worse, with attackers able to discover new vulnerabilities and attack them at an increased speed. The biggest target is Microsoft Windows, which runs on more than 1.5 billion PCs and servers worldwide.
Also: 5 ways to strengthen your network against the new speed of AI attacks
To fight back, Microsoft is going all-in on an automated, AI-based process to find those vulnerabilities early, bring them back to developers for review, and deliver updates quickly.
The details are in a new blog post from Pavan Davuluri, EVP of Microsoft’s Windows + Devices division titled Evolving Windows vulnerability management to meet the pace of AI-powered discovery.
The fastest way to reduce customer exposure is to find problems before attackers exploit them. Windows extends its ability across the board to detect problems earlier, accelerate engineering work to fix them, strengthen validation, and deliver timely, high-quality updates that keep customers secure.
By applying AI to every security analysis, we can quickly identify patterns, prioritize vulnerabilities, and measure vulnerability across the entire Windows codebase. This helps reduce the time between customer acquisition and protection.
Davuluri said that Microsoft Security has built cloud-based scanning pipelines and validation pipelines for MDASH, “a multi-model scanning harness,” to identify Windows vulnerabilities to the extent, reduce false positives, and detect problems with high developer confidence quickly, reducing the opportunity for malicious actors to launch zero-day attacks.
Microsoft launched MDASH in May, recommending the new tools for finding 16 vulnerabilities, four of which were rated critical. All are included with the patches in that month’s security update. A new testing framework (“harness”) was developed by the Microsoft Autonomous Code Security (ACS) team; the company said it is “programming more than 100 specialized AI agents at the border and dirty models to find, counter, and prove exploitable bugs end-to-end.”
Also: New in Microsoft Windows 11 recovery tool is the final undo button – a way to enable it
Those AI-powered tools will be involved much earlier in the development process, according to Microsoft:
We continue to improve our internal systems and processes so that vulnerability discovery is considered a separate task, but part of how we build, update and improve Windows before new features or updates are released. As part of this we are reviewing our Secure Development Lifecycle (SDL) best practices to ensure our secure approach by design clearly accounts for potential AI-enabled attack techniques and exploits.
That means using AI to help identify potential problems early in the development process, while relying on human knowledge to analyze findings, make risk-based decisions and ensure repairs meet the quality expectations of bar customers.
That promise to continue to rely on people’s knowledge is important. Whenever AI is involved at scale, there is a temptation to trust its results and skip the necessary verification steps. And it’s being launched at a time when Microsoft is targeting its most experienced employees — about 7% of the company’s US-based workforce — with a “voluntary retirement plan.”
As longtime Microsoft watchers Todd Bishop and Kurt Schlosser noted last month, “For those left behind, there’s another concern: the loss of institutional knowledge and experience as more longtime employees walk in the door at once.” Those remaining security engineers will have to deal with increased workload without having more experienced colleagues to help them.
What does this new AI-powered pipeline mean for the people responsible for maintaining Windows PCs? First, it means more problems fixed in each update. “Customers will see a higher volume of security updates included in each security release,” Microsoft acknowledged.
That, unfortunately, will increase the burden on business customers to test updates before sending them and monitor those updates afterwards. If they see a problem during initial testing, Microsoft said, those administrators can use a technology called Known Issue Rollback (KIR) to roll back the change that caused the problem, rather than having to roll out the entire update to get things working again.
Also: You can quickly restore Windows 11 from scratch even if it can’t start – here’s how
That faster speed may encourage some enterprise customers to accelerate their deployment of modern patching tools like Windows Autopatch in Microsoft Intune, which includes the ability to deliver hotpatch updates that don’t require a reboot. Similar tools are available for installing security updates on Windows servers, and without requiring a reboot.
“As the speed of risk detection increases,” Davuluri said, “customers don’t have to choose between speed and stability.” That’s a worthy goal, to be sure, but maintaining that balance means Microsoft developers and customers will have to move faster than ever to keep up with the pace of those new AI tools.



.jpg)