NewsBin 0 discussing
--:--:--
Daily Reset
NewsBin
--:--:--
Until Daily Reset
Mainstream The Register 19 hours ago

Microsoft warns customers AI will mean busier Patch Tuesdays

More patches mean more reasons to buy Redmond’s auto-patching tools Simon Sharwood Simon Sharwood APAC Editor Published fri // UTC Microsoft has warned customers to expect more security patches for the foreseeable future, thanks to AI. “As AI helps defenders discover more issues, customers will see a higher volume of security updates included in each security release,” the company’s executive veep for Windows + Devices, Pavan Davuluri, wrote in a Thursday post that describes how Microsoft is changing its internal processes to spot software vulnerabilities using AI. His post later points out that Microsoft offers many fine tools to automate patching, and his view that customers who use them will be able to keep pace with increased volumes of patches. Davuluri’s post argues that investment in automated patching tools is justifiable and sensible because Microsoft’s use of AI to deliver more patches improves overall security. “, we can identify patterns faster, prioritize risk and scale vulnerability discovery across the Windows codebase,” he wrote. Sometimes that might mean Microsoft products contain fewer vulnerabilities. “We continue to evolve our internal systems and practices so that vulnerability discovery is not treated as a separate activity, but as part of how we build, review and improve Windows before new features or updates are released,” he wrote. The post explains that Microsoft uses a tool called the multi-model agentic scanning harness (MDASH), which apparently “utilizes multiple models including leading third-party AI vulnerability discovery models.” “To run MDASH at Windows scale, Windows set up dedicated cloud infrastructure for scanning and proving,” Davuluri wrote. “A scanner pipeline scans critical binaries and validates candidates using multi-model debate across multiple model families. Confirmed candidates then flow to a separate, Windows-specific prove pipeline that helps eliminate remaining false positives, so only the highest-confidence findings reach the engineering team.” The executive veep said that process “handle a larger volume of potential vulnerabilities and shortens the review window for new ones, shrinking the attack window for zero-day exploits.” Microsoft is not alone in using AI to deliver more patches: Oracle recently announced AI bug-finders mean it will add a monthly critical patch dump to its current quarterly security update service. It’s hard to argue against vendors finding and fixing more flaws, and perhaps over time AI will mean their products contain fewer vulnerabilities that need a fix. However, The Register is yet to hear of AI being used to create more or longer change windows that admins can use to implement all these extra patches.

Original story by The Register View original source

0 comments
0 people discussing

Anonymous Discussion

Real voices. Real opinions. No censorship. Resets in 2 hours.

No account needed Anonymous • Resets in 2h

Loading comments...

About NewsBin

Freedom of speech first. Anonymous discussion on today's news. All content resets every 24 hours.

No accounts. No tracking. No censorship. Just honest conversation.