About News Writing Resources Contact
All Stories
May 16, 2026 Microsoft Security Response Center

Microsoft's AI Finds 16 of Its Own Patch Tuesday Bugs

What Happened

Microsoft revealed on May 13 that MDASH, an AI-powered code scanner running against its own codebases, surfaced 16 of the vulnerabilities patched this week. The same week, Palo Alto Networks disclosed that frontier models scanning its internal code identified 75 vulnerabilities, several of them high-severity.

My Take
This is the most underrated story of the month. AI finding bugs in shipped enterprise code at this rate means two things — defenders just got a permanent edge, and so did attackers running the same models against the same code. The asymmetry that matters: Microsoft fixes once and patches everyone; an attacker only needs one unpatched org. Security budgets need to flip in 2027 from "buy more tools" to "subscribe to a model that audits everything you ship." The SAST/DAST industry as we know it has 24 months.
Read Original Source