Microsoft goes all in on new AI-powered Windows security strategy – what it means for you


Microsoft logo

Costfoto/NurPhoto via Getty Images

Follow ZDNET: Add us as a preferred source on Google.


ZDNET’s key takeaways

  • Microsoft is accelerating its use of AI to detect vulnerabilities in Windows.
  • The new test routines have already deployed critical fixes to customers.
  • Enterprise admins should be prepared to see more fixes in each update.

In the ongoing battle between the criminals who attack corporate networks and the engineers who defend them, one side has an unfair advantage. The bad guys can launch a thousand unsuccessful attacks without consequences, but if they succeed once, they can reap riches and create havoc. The good guys have to repel every attack.

Adding AI to the mix makes the problem even worse, with attackers able to find new vulnerabilities and attack them at dramatically increased speed. The biggest target of all is Microsoft Windows, which runs on more than 1.5 billion PCs and servers worldwide.

Also: 5 ways to fortify your network against the new speed of AI attacks

To fight back, Microsoft is going all-in on an automated, AI-based process to find those vulnerabilities earlier, deliver them to engineers for review, and deliver updates faster.

The details are in a new blog post from Pavan Davuluri, EVP of Microsoft’s Windows + Devices division titled Evolving Windows vulnerability management to meet the speed of AI-powered discovery.

The fastest way to reduce customer exposure is to find issues before attackers can use them. Windows is expanding its ability across the platform to find issues earlier, accelerate the engineering work to fix them, strengthen validation, and deliver timely, high-quality updates that keep customers protected.

By applying AI across security analysis, we can identify patterns faster, prioritize risk, and scale vulnerability discovery across the Windows codebase. This helps reduce the time between discovery and customer protection.

Davuluri said Microsoft Security has built dedicated cloud-based scanning and validation pipelines for MDASH, its “multi-model agentic scanning harness,” to identify Windows vulnerabilities at scale, reduce false positives, and get high-confidence issues to engineers faster, shrinking the opportunity for malicious actors to launch zero-day attacks.

Microsoft introduced MDASH in May, crediting the new tools with discovering 16 vulnerabilities, four of them rated Critical. All of them were patched in that month’s security update. The new test framework (the “harness”) was developed by the Microsoft Autonomous Code Security (ACS) team; the company said it “orchestrates more than 100 specialized AI agents across an ensemble of frontier and distilled models to discover, debate, and prove exploitable bugs end-to-end.”

Also: Microsoft’s new Windows 11 recovery tool is the ultimate Undo button – how to enable it

Those AI-powered tools are going to get involved much earlier in the development process, according to Microsoft:

We continue to evolve our internal systems and practices so that vulnerability discovery is not treated as a separate activity, but as part of how we build, review and improve Windows before new features or updates are released. As a part of this we are updating our Secure Development Lifecycle (SDL) best practices to ensure our secure-by-design approach explicitly accounts for potential AI-enabled attack techniques and exploit paths. 

That means using AI to help identify potential issues earlier in the development process, while relying on human expertise to evaluate findings, make risk-based decisions and ensure fixes meet the quality bar customers expect.

That promise to continue relying on human expertise is an important one. Whenever AI is involved at scale, there’s a temptation to trust its results and skip over the necessary verification steps. And it’s being introduced at a time when Microsoft is targeting some of its most experienced employees — about 7% of the company’s US-based workforce — with a “voluntary retirement program.” 

As longtime Microsoft watchers Todd Bishop and Kurt Schlosser noted last month, “For those staying behind, there’s another worry: the loss of institutional knowledge and experience as so many longtime employees head for the door at once.” Those security engineers who remain will have to cope with the increased workload without having some of their most experienced colleagues around to help. 

What does this new AI-powered pipeline mean for the humans responsible for maintaining Windows PCs? For starters, it means more issues fixed in each update. “Customers will see a higher volume of security updates included in each security release,” Microsoft acknowledged. 

That will, unfortunately, increase the burden on enterprise customers to test updates before deploying them and monitor those updates afterward. If they see an issue during initial testing, Microsoft said, those admins can use a technology called Known Issue Rollback (KIR) to revert the change that caused the problem, rather than having to uninstall an entire update to get things running again.

Also: You can soon restore Windows 11 from scratch even if it can’t boot up – here’s how

That accelerated pace might incentivize some corporate customers to speed up their deployment of modern patching tools like Windows Autopatch in Microsoft Intune, which includes the ability to deliver hotpatch updates that don’t require a reboot. Similar tools are available for applying security updates to Windows Servers, also without requiring a reboot.

“As the pace of vulnerability discovery increases,” Davuluri said, “customers shouldn’t have to choose between speed and stability.” That’s a worthy goal, to be sure, but maintaining that balance means Microsoft’s engineers and customers are going to have to move faster than ever to match the pace of those new AI tools.





Source link

Leave a Reply

Subscribe to Our Newsletter

Get our latest articles delivered straight to your inbox. No spam, we promise.

Recent Reviews


There’s a special kind of panic that hits at 11 p.m. on a Tuesday when you Google “can someone sue me personally for my freelance business” and the answer is, technically, yes. I know this because I lived it. For fourteen months, I ran a growing consulting side hustle- invoices, contracts, the whole act- under exactly zero legal structure. I didn’t choose to be a sole proprietor. I just never chose to be anything else, which, it turns out, is the same thing.

The wake-up call came from a client’s offhand comment about “your LLC,” followed by my very convincing silence. That night I fell into a research hole so deep I emerged the next morning having read seventeen tabs on liability shields, self-employment tax, and something called “piercing the corporate veil” that sounded like a phrase from a divorce lawyer’s memoir. So: is a sole proprietorship secretly a ticking time bomb? Is an LLC the adult, responsible choice, or just expensive paperwork with better branding? Let’s actually work through it.

What Is a Sole Proprietorship, Really?

Here’s the part nobody tells you clearly: if you’re earning money from your own business activity and haven’t filed anything with your state, you’re already a sole proprietor. There’s no form to submit, no fee to pay, no ceremony. You and the business are, legally, the same person. That’s the whole structure.

The upside is real. It’s the fastest, cheapest way to start working for yourself — no filing fee, no separate tax return, no annual report to remember. You just start invoicing. The downside is baked into that same simplicity: there’s no legal wall between your business and your personal life. If the business owes money or gets sued, the business is you, so your savings account, your car, and potentially your house are all fair game.

What Does an LLC Actually Protect You From?

A Limited Liability Company creates a separate legal entity- one that can own things, owe things, and get sued, largely independent of you personally. That separation is the entire point of forming one.

It’s worth being honest about the limits, too. An LLC won’t protect you if you personally guarantee a business loan, if you commingle business and personal funds, or if you’re personally negligent — say, you’re a contractor and you cause an injury through your own carelessness. Courts can “pierce the corporate veil” and go after your personal assets anyway if you treat the LLC as a legal fiction rather than a real, separately run entity. The protection is genuine, but it’s not a force field; it’s a structure you have to maintain.

Which One Actually Costs More to Start?

This is where a lot of the fear around LLCs turns out to be overblown, and a lot of the assumed simplicity of sole proprietorships turns out to be incomplete.

Sole Proprietorship LLC
Setup paperwork None required (unless operating under a different name) Articles of Organization filed with your state
State filing fee $0 $35–$500 depending on state (national average is roughly $130)
Ongoing state fees Typically none Many states require an annual report; fees range from $0 to $800+ (California’s franchise tax is the notable outlier)
Separate business bank account Optional Strongly recommended to preserve liability protection
EIN required Only if hiring employees Recommended even for single-member LLCs, to avoid using your SSN

A sole proprietorship is still the cheaper entry point in dollar terms. But “cheaper to start” and “cheaper overall” aren’t the same question — it depends what a lawsuit, a bad debt, or a messy tax season would actually cost you.

How Do Taxes Actually Differ?

This is the part I got wrong for months, assuming an LLC meant a whole new tax regime. It doesn’t, automatically. By default, both a sole proprietorship and a single-member LLC are taxed identically: profits and losses pass through to your personal tax return, and you pay self-employment tax (15.3%, covering Social Security and Medicare) on your net earnings.

The actual tax advantage of an LLC isn’t automatic — it’s optional. A single-member LLC can elect to be taxed as an S-corporation once profits reach a meaningful level, which can reduce self-employment tax by letting you pay yourself a “reasonable salary” and take remaining profit as a distribution not subject to that 15.3%.

That election involves added complexity — payroll processing, additional filings — so it’s rarely worth it for a business bringing in a few thousand dollars a year. It becomes worth asking about once net profit is consistently well into five figures.

Does an LLC Actually Make You Look More Credible?

Here’s a question I didn’t expect to matter as much as it did: does “LLC” after your business name change how people treat you? Anecdotally, yes. Some clients, vendors, and lenders treat an LLC as a signal of seriousness — rightly or not — the way a business bank account or a proper invoice template does. It’s not a guarantee of better contracts, but it removes a small, avoidable hesitation from a prospective client’s mind.

It also matters for banking and financing. Business lenders and some payment processors are more comfortable extending credit to a registered entity with its own EIN and bank account than to an individual operating under their own name.

Do You Still Have to Report “Beneficial Ownership” in 2026?

If you researched this a year or two ago, you may still be carrying around outdated fear about the Corporate Transparency Act’s beneficial ownership information (BOI) reporting rule — the one that threatened steep penalties for LLC owners who didn’t file. Here’s the current state of play: in March 2025, FinCEN issued an interim final rule that removed the BOI reporting requirement for domestic U.S. companies and U.S. persons entirely. As of today, that requirement applies only to foreign entities registered to do business in the U.S. — not to a typical American-owned single-member LLC.

That said, the underlying law hasn’t been repealed, courts have upheld its constitutionality, and FinCEN’s final rule is still pending in 2026, meaning the rule could tighten again with limited notice. A small number of states have also introduced their own versions; New York’s LLC Transparency Act took effect January 1, 2026, but after a late amendment, it applies only to foreign LLCs doing business in New York, not typical in-state LLCs. The short version for most small business owners forming a domestic LLC in their home state: this isn’t currently a filing you need to worry about, but it’s worth a five-minute check-in with a professional if your situation involves foreign ownership or multiple states.

So, Which One Should You Actually Choose?

There isn’t a universally correct answer, but there is a useful set of questions. How much personal risk does your work actually carry — a freelance copywriter has a different exposure profile than someone renovating properties or handling clients’ money. How much profit are you actually generating, since that determines whether the tax flexibility of an LLC is relevant yet. And how much administrative overhead are you willing to take on, since an LLC does require you to actually treat it like a separate entity — separate bank account, its own paperwork, its own discipline.

If you’re testing an idea with minimal financial exposure and low risk of being sued, operating as a sole proprietor while you validate the business is a completely reasonable starting point- you can always convert to an LLC later, and most people do exactly that. If you’re already generating consistent revenue, working with clients under contracts, or doing anything with meaningful liability exposure, the cost of forming an LLC is generally small next to what it protects.

I eventually filed mine on a Wednesday afternoon, paid my state’s filing fee, and felt almost anticlimactic about how undramatic the process actually was compared to the spiral that preceded it. If you’re standing where I was, at least you can skip the 11 p.m. panic-Googling, you already know what the seventeen tabs would have told you.



Source link