Microsoft, the US-based technology company, has launched MDASH, a multi-model AI system designed to discover and help remediate software vulnerabilities, built around more than 100 specialized AI agents working across a mix of frontier and distilled models. The system was developed by Microsoft's Autonomous Code Security team and was originally built to protect Microsoft's own code base. It is now available to external organizations through a private usage program, with several South African customers currently being onboarded.
Microsoft said frontier AI models hold an advantage over traditional defenders in five areas: patching, open-source software, custom code built by an organization, publicly exposed systems, and baseline security hygiene. The company said AI models are approaching the skill level of experienced human security researchers in identifying vulnerabilities, a shift that lowers the barrier to mounting sophisticated attacks at scale and outpaces what manual security processes can handle on their own.
Kerissa Varma, Microsoft's Chief Security Advisor for Africa, described the shift facing organizations:
"Organisations can no longer rely on legacy approaches to security alone. In a world where vulnerabilities can be discovered and exploited at scale, manual processes simply cannot keep up. The need for modern, cloud-based infrastructure and AI-driven defence has become urgent. Organisations must act now to modernise their infrastructure, adopt AI-enabled tools, and move towards more secure cloud environments where security protections can be applied broadly and at speed."
A report from Boston Consulting Group, a global management consulting firm, titled "AI Is Raising the Stakes in Cybersecurity," found that nearly 60 percent of African companies experienced AI-enabled cyberattacks in the past year, while only half of those organizations are prioritizing AI to strengthen their own defenses. The report found that just 29 percent of African companies have implemented AI-driven cybersecurity tools, and only 3 percent reported a significant increase in cybersecurity budgets in response to AI-driven threats.
Microsoft's Digital Defence Report found that AI is increasingly used by threat actors to scale attacks, personalize phishing campaigns and evade detection, contributing to AI-generated phishing emails being 4.5 times more likely to be clicked than traditional phishing attempts. In South Africa, the company said these trends are amplified by the country's growing digital footprint and the role its financial services, energy and telecommunications sectors play in the regional economy, with organizations managing distributed workforces and complex IT environments facing greater exposure to risk.
As part of its ongoing investment in securing its own platforms, Microsoft is expanding its use of AI-driven security research to identify vulnerabilities earlier and at greater scale, with AI-assisted findings now being incorporated into the company's regular Patch Tuesday releases. Varma said the volume of AI-identified vulnerabilities has been increasing month over month:
"We expect this trend to continue. While this strengthens protection overall, it also means organisations need to be able to apply updates quickly." Organizations running on modern cloud platforms benefit from more automated patching and built-in protections, Microsoft said, while organizations managing on-premises environments should assess how quickly they can deploy critical updates.
Unlike approaches built around a single AI model, MDASH coordinates its agents across multiple frontier and distilled models to discover, validate, prioritize and remediate vulnerabilities, selecting the model best suited to each specific security task rather than relying on one vendor. Varma said cost will factor into adoption:
"Cost will be an important consideration as businesses look to scale AI securely and sustainably. The good news is that some of the most cost-effective models are exceptionally effective at specific security tasks – it's about using the right tool for the right job."
MDASH is already used internally by Microsoft's security engineering teams and has entered a limited private preview. The system recently topped the CyberGym AI security benchmark, outperforming single-model systems in that evaluation.
The BCG report also found that 82 percent of African organizations report difficulty hiring AI-cybersecurity talent, pointing to a skills gap that compounds the broader security challenge. In South Africa, Microsoft has expanded a cybersecurity skills campaign through Ikamva Digital, delivering industry-aligned training across all 50 TVET colleges in the country to prepare young people for roles such as security analyst and IT administrator.
Microsoft has also widened access to its Secure Now initiative, which provides security recommendations for organizations regardless of whether they use Microsoft's own security products. The initiative sits within the company's broader Secure Future Initiative, a framework Microsoft says places security considerations into the way it designs and operates its platforms. Varma summed up how she frames the conversation for organizations evaluating their options:
"The conversation should not be about access to a single model. It's about building a comprehensive, resilient security strategy with the right capabilities in place today."
