Microsoft is using AI to protect Windows against attackers. The development represents an arms race because AI is also being used increasingly to find vulnerabilities modern tech, as highlighted by The Hacker News.
Hackers can use AI to find and take advantage of vulnerabilities that could then be weaponized. It’s not just discovery that’s been sped up, reverse engineering security flaws is now a quicker process because of AI. That means attackers can find flaws and quickly take advantage of them before traditional methods of protection could take effect.
To combat those malicious actors and evolving tactics, Microsoft is deploying MDASH (Multi-Model Agentic Scanning Harness) at scale across Windows.
Pavan Davuluri, EVP of Windows and Devices at Microsoft, shared a blog post about the new methods the company is using to protect Windows.
“The fastest way to reduce customer exposure is to find issues before attackers can use them,” said Davuluri. “Windows is expanding its ability across the platform to find issues earlier, accelerate the engineering work to fix them, strengthen validation, and deliver timely, high-quality updates that keep customers protected.”
Using AI to identify potential flaws, prioritize fixes, and scale discovery across the codebase of Windows lets Microsoft quickly roll out protection to customers.
To scale MDASH to Windows, a dedicated cloud infrastructure was set up for scanning for potential flaws. A separate prove pipeline then is used to eliminate false positives. The Windows engineering team can then act on the most likely candidates that need addressing.
Microsoft will expand its use of AI for scanning and proving to other parts of the company.
Using AI to improve work
When Microsoft announced 4,800 layoffs across the company, its leaders emphasized that the eliminated roles are not being replaced by AI. People across a wide range of sectors are concerned about automation taking human jobs.
The approach Microsoft is using to scan for issues and streamline the selection process of candidates to address represents AI helping people rather than replacing workers.
When speaking of improving internal systems and practices, Davuluri said, “That means using AI to help identify potential issues earlier in the development process, while relying on human expertise to evaluate findings, make risk-based decisions and ensure fixes meet the quality bar customers expect.”
The end result is that more security updates will be included in each security release, which should protect PCs from the growing number of attacks.
Join us on Reddit at r/WindowsCentral to share your insights and discuss our latest news, reviews, and more.