Microsoft on pace to break annual vulnerability record as AI-driven patch wave takes hold

Microsoft on Tuesday issued patches for more than 130 security vulnerabilities, putting it on pace to break its own annual record, with the company's security leadership acknowledging that AI tools are driving a surge in vulnerability discovery across the industry.

Five months into 2026, Microsoft has already patched more than 500 vulnerabilities — although the exact monthly count varies depending on whether analysts include Edge, Chromium and fixes shipped earlier in the month.

April's release addressed 173 vulnerabilities according to Microsoft's Security Update Guide, while May's release followed with more than 137. Tom Gallagher, vice president of engineering at Microsoft’s Security Response Center, said in a blog post the company expects releases to continue trending larger.

“Microsoft engineers and the wider security community alike are increasingly using AI to examine software more carefully and more often than was practical even a few years ago,” he wrote.

“AI is changing the scale and speed of vulnerability discovery, which can raise operational demands and requires consistent, disciplined risk management at pace. Issues can be found and mitigated faster.”

Alongside Tuesday's release, Microsoft publicly revealed a new AI system it has been using internally to hunt for security flaws in its own software. The system, codenamed MDASH, found 16 of the vulnerabilities patched this month, including four rated critical, without any human researcher identifying them first.

To validate MDASH before deploying it on unknown code, Microsoft ran it backwards through five years of security flaws that human researchers had already found and confirmed in two of Windows' most scrutinised internal components.

This kind of test, known as a retrospective recall — where a system is measured on how many previously known flaws it can independently rediscover — is a standard way of validating a security tool before trusting it on code where the answers are not already known. MDASH found 96% of the known flaws in one component and every single one in the other.

“We are at a moment in the industry where AI-powered vulnerability discovery stops being speculative and starts being an engineering problem,” the company stated. “The findings in this Patch Tuesday and the retrospective recall on five years of CLFS MSRC cases are evidence that AI vulnerability findings can scale.”

Patch wave grows

It comes as Britain’s National Cyber Security Centre warned last month that organizations should prepare for a surge of urgent software updates driven by AI-assisted vulnerability discovery.

Apple was also given early access to Project Glasswing, an AI capability developed by Anthropic used to identify security vulnerabilities in code. It addressed 52 vulnerabilities in its most recent update on Monday.

Oracle, also a Glasswing participant, announced at the end of April that it was switching from a quarterly to a monthly patch cycle for critical security issues. Google shipped 127 Chrome security fixes on the same day as Tuesday's Microsoft release, up from 30 the previous month.

Among the vulnerabilities Microsoft flagged as highest priority are a flaw tracked as CVE-2026-41089 in Windows Netlogon, the server process that handles authentication across corporate networks, and a separate flaw tracked as CVE-2026-41096 in the Windows DNS Client.

Both are critical issues rated 9.8 out of 10 for severity. The Netlogon vulnerability can be triggered by a specially crafted network request to a Windows server acting as a domain controller, and may allow the attacker to run code without needing to sign in or have prior access, Microsoft said.

On the DNS flaw, Microsoft noted that “in certain configurations, this could allow the attacker to run code remotely on the affected system without authentication,” without specifying the susceptible configurations.

A third critical vulnerability, rated 9.9 and tracked as CVE-2026-42898, affects on-premises installations of Microsoft Dynamics 365. Improper control of code generation allows an authorized attacker to execute code over a network. 

Earlier this year HackerOne paused its open source bug bounty program, citing a “worsening imbalance between vulnerability discoveries and the ability for open source maintainers to remediate them.”

On Monday, Google's Threat Intelligence Group separately reported what it described as the first known case of a threat actor using an AI-developed zero-day exploit in a planned mass exploitation campaign. Google said it believed it disrupted the campaign before the attack launched. 

The surge in patch releases, alongside the two Linux kernel vulnerabilities — Copy Fail and Dirty Frag — disclosed in the past two weeks, illustrate what Gallagher said was the increasing “pace and breadth of vulnerability discovery” across the software industry.

“That is unlikely to slow in the near term,” Gallagher added. “Organisations whose patching, exposure management, and identity practices have evolved with that pace will absorb this change more easily. Others may find that practices designed for a slower-moving landscape need a closer look.”