Microsoft unveiled major AI security upgrades before Build 2026, including MDASH advances and new Defender integrations for enterprises.
Microsoft’s Build 2026 keynote is just a little while away, but the company has decided to announce some technology advancements ahead of time. These updates relate to new security tools rolling out to IT admins, and as is expected with this year’s Build conference, AI is the key focus this time around.
For starters, Microsoft’s multi-model agentic scanning harness, called MDASH, now integrates with Microsoft Defender and is available for eligible organizations in expanded preview. As some of you may recall, Microsoft first unveiled MDASH a couple of weeks ago, as a competitor to OpenAI’s Daybreak, and Anthropic’s Claude Security, Project Glasswing, and Mythos. The idea behind MDASH and the tools mentioned above is to orchestrate dozens of specialized AI agents to discover vulnerabilities in codebases.
However, Microsoft says that MDASH sets itself apart from the competition through configurable models designed for different use-cases, such as “heavy reasoners” and low-cost models that can be used for high-volume operations. The Redmond tech giant also touted how MDASH is improving at a rapid rate. At its initial reveal three weeks ago, it scored 88.45% on the public CyberGym benchmark, but it has now scored a whopping 96.55%, which is also an industry benchmark. Microsoft is actively working with partners and customers so that MDASH can prioritize proactive identification of risk rather than relying on reactive detection.
On a separate note, Microsoft has also announced the general availability of an integration between Microsoft Defender and GitHub Code Security. The company explains it as follows:
[This integration] brings runtime context into development and security workflows so that teams can prioritize and address risks early minimizing the impact to human resources. Vulnerabilities discovered in code are automatically enriched with real production signals, such as internet exposure and data sensitivity to inform prioritization. Developers can then remediate issues using AI-assisted fixes that are generated, assigned, and validated through GitHub Copilot autofix and the GitHub Copilot cloud agent. To support responsible, coordinated disclosure of findings that represent both real and potential vulnerabilities, role-based access controls ensure that only authorized individuals can view and act on them. Together, the production signal enrichment, AI-assisted remediation, and secure handling of findings within a single workflow help security and developer teams focus on real risk and act quickly.
.jpg)
Furthermore, as more commercial customers begin deploying agents in their various workflows and environments, Microsoft is also offering more tools to secure them. These are being provisioned through the Agent 365 SDK, which is generally available. In the same vein, Microsoft unveiled the following technologies too:
-
Preview available:
- Microsoft Execution Container (MXC) SDK for OS-level control over agent execution
- Through Defender AI model scanning, developers can inspect model artifacts
-
Generally available:
- Windows 365 for Agents, generally available, allows the execution of agents in an isolated, policy-governed Cloud PC
- Purview data risk signals embedded in the Foundry Control Plane make it easier for developers to proactively enforce protection for sensitive data
- Inline data loss prevention (DLP) for agent prompts in Purview for Agent 365
-
Preview coming soon:
- Agent 365 Agent Registry surfaces unmanaged local agents discovered by Defender, Entra, and Intune
- Defender, Entra, and Intune also work together to manage agent risk without compromising productivity
- Analysts can leverage hunting queries in Defender to investigate agentic activity
- New risk detection and AI governance capabilities in Purview
- Purview Audit logs all agentic activity
Despite all these advancements, Microsoft has emphasized that what matters more than AI technology breakthroughs is that organizations trust the infrastructure that they are deploying. This is why Microsoft’s focus in the Build 2026 announcements made above is around how customers can govern and secure their AI infrastructure as they deploy it at scale.
