Microsoft’s New AI Weapon Against Vulnerabilities

Hinzugefügt: 2026-05-15

[00:00:00]This is Twit.

[00:00:02]>> I haven't had time to write this. I I I wondered when I saw this patch Tuesday release and then I it was later confirmed, but Microsoft, not surprisingly, has developed their own in-house version of uh Anthropic Mythos, right? This thing that's finding all the security vulnerabilities everywhere. Um their version is called Mdash, which by the way, I like the name. Um but and it's not it's not really at the same level yet. Um I I don't remember the exact number of vulnerabilities that it found this month but it's in the double digits like 20ish something like that. Um I expect that to be if not exponentially bigger next month and then beyond but maybe you know it's going to be a lot more I mean as this thing ramps up if you think about what Firefox has done with Mythos um I this is going to be you know this is going to be big you know because this is going across Azure uh Windows obviously on the client Windows server um probably the office apps everything I mean throughout Microsoft um if you think about all the stuff >> I just think we're going to get huge numbers of patches everywhere like >> and that's I mean it's nothing special to Microsoft the these new tools are turning up vulnerabilities like mad >> and if they can turn them up themselves the bad guys can too like the pressure is on >> oh yeah so the the the reason I mention this is only because you know like for example um OpenAI last week announced their version of mythos right whatever I don't remember the name of that but um yeah everyone's doing it you know this is the thing with AI like if you see a feature over here just wait two seconds you're gonna get it on the AI thing over Um but this is stuff this is not available to individuals right this is something they make available to um companies governments etc >> and in Microsoft's case um they could have probably I mean absolutely could have used anthropic mythos but you know they're they make AI so they want to have their own so it's it's not I I mentioned this only because it's not really surprising that Microsoft would make their own um agentic vulnerability finder or whatever Um, so we'll see how this goes. I think this year is going to be very very interesting for found security vulnerabilities. I think >> yeah, and it speaks to I I was almost making neurommancer references like we're just not that far from having >> these models running inside of your network constantly monitoring and >> right >> resisting attacks. If I didn't I I think is yeah Firefox well firefox will come up later in the show but that if I didn't say this last week like one of the observations I kind of had about this is that >> you know at some point you you find the bugs that are in existing codebase but then you start using it more proactively because you're submitting new code into the project.

[00:02:46]>> Yeah. And it'll it'll be part of the CI/CD pipeline, right?

[00:02:49]>> Yeah. And this evaluate on the fly.

[00:02:51]>> Yeah. So in Microsoft's case, they've been promoting this notion of, you know, secure by default for possibly 25 years or whatever whatever it's been.

[00:02:59]>> Um, this makes that more of a reality if that makes sense. Um, so we'll see how it goes.

[00:03:06]>> It's also seems like Microsoft is positioning itself as self-contained on the AA realm. Like they obviously got into OpenAI first and so forth, but >> keep showing they have their own product. So >> So I haven't Right. I haven't getting ready for a go it alone day.

[00:03:23]>> Yeah, there I I suppose there's a possibility this is in fact based on what the open AI thing is and I don't know. I just haven't had a chance to look at it yet. So after the show's over, I'll probably write it up and figure that out. But um but yeah, if this is in fact a homegrown model, >> great. I mean that's, you know, good for them.

[00:03:40]>> Yeah.

[00:03:42]>> Yeah. Interesting times.

[00:03:44]>> Yep. Yep. Yep. Yep. Um yeah. I mean I can't get like a Android cotlin project to even compile let alone figure out if it's secure you know but but you know these guys they're on they're on a different level. So >> yeah but you're al you hit the point which is that a lot of people have a tough time even evaluating what security means like what does it mean to actually have this code well locked down. Yeah, and I think for app developers regardless of the platform, you know, if you're Android, uh, iOS, you know, web- based, whatever it is, uh, you know, Windows obviously, um, there's the whole notion of like, you know, starter templates and like starter projects and, you know, it's a code review thing you can do through AI, etc. I think that the security angle is going to be part of it from the get-go like that, you know, that this >> and it makes a lot of sense to have an agent that's running and gathering the latest CVEes and evaluating the code it's seen. Like I could have >> the same way we have dependabot inside of uh GitHub. We could be at the point with our own code bases where this agent is actually adding issues saying this CVE likely impacts this application and needs to be run through the evaluator.

[00:04:48]>> Yeah. In the old days we would say uh oh did it compile? Okay, ship it. Um yeah and now it's going to be more like did it pass you know whatever the version of M dash is the security profile >> then you ship it. Right. So it's I mean that's look I'm sorry but that's >> 100% progress. Like that's that's good.

[00:05:05]>> This is a great This is maybe the best AI kind of thing I've seen so far. Like it's it's going to benefit everyone, even the people that hate AI because there's, you know, the stuff they use is going to be better because of it. It's it's nice.

[00:05:15]>> My um my AI hype note ends ends with the story of uh Alpha Fold and giving away the 200 million protein foldings. It's like we fundamentally changed medicine with this technology now. You're never going to take that back.

[00:05:29]>> Here it is. Yeah.

[00:05:30]>> Yeah.

[00:05:31]Hey, I hope you enjoyed this little highlight from a much better show and longer too called Windows Weekly. The whole link to the show is right below me. And of course, we stream live right here every Wednesday. You can watch us do our thing or download it here or in your favorite podcast player. Uh, best thing to do, what do they say? Uh, like and subscribe. Thanks for watching.

[00:05:58]Hey, hey, hey, hey.