Microsoft's notable Patch Tuesday: AI detected the issues.
Microsoft has released its largest security update to date. The July Patch Tuesday addressed a historic number of vulnerabilities, and the company attributes the increase partly to the role of AI in identifying these issues.
The magnitude of the update is notable. According to Microsoft, it addressed 622 vulnerabilities, a figure that significantly exceeds June's record of 206. Krebs on Security, the first to report on the update, estimates the number at 570. Additionally, there are another 428 Chromium vulnerabilities in Edge that are not included in this count.
Among the vulnerabilities, three are zero-days, meaning they were made public or leveraged before solutions were available; two of those are currently being actively exploited. The first, CVE-2026-56155, allows attackers to elevate their privileges via Active Directory Federation Services, which is responsible for authenticating logins within a network. The second, CVE-2026-56164, provides similar capabilities through on-premises SharePoint. Despite not being rated as high severity, both are already under active attack.
The critical takeaway is that the Cybersecurity and Infrastructure Security Agency (CISA) has added both to its known exploited vulnerabilities list and urged federal agencies to apply patches within days. The third zero-day, a BitLocker bypass, requires physical access, making its urgency somewhat lower.
Microsoft has openly acknowledged AI's influence as a contributing factor to this increase. In a blog post the previous week, Windows chief Pavan Davuluri advised customers to anticipate “a higher volume of security updates” as AI accelerates the bug-finding process.
AI tools are identifying many issues. Microsoft's own tool, MDASH, detected 16 vulnerabilities in May independently. The Mythos model from Anthropic has been recognized for significantly increasing fixes across various sectors. Monthly vulnerability counts have climbed from 79 in March to 206 in June and now to 622.
This trend aligns with a broader pattern. OpenAI recently demonstrated an internal AI hacker designed to seek out flaws in its models.
However, there’s a downside. Once a patch is released, attackers can examine the new code, identify the vulnerability that was addressed, and create an exploit in a matter of hours. The previous practice of delaying patches by a week is diminishing.
This also complicates how teams prioritize vulnerabilities. When a release includes 600 flaws and numerous critical ones, the labeling becomes less effective. This month’s two exploited vulnerabilities illustrate this point; both are categorized as mid-tier, yet they are actively being taken advantage of.
Teams are already operating under pressure. Metrics designed to evaluate AI's hacking abilities are becoming saturated, and researchers frequently manage to manipulate coding assistants into unsafe practices.
The update process has encountered challenges. Microsoft halted the rollout for some Dell devices with Intel processors after receiving reports of abrupt shutdowns, overheating, and battery drainage. A resolution is expected soon.
For everyone else, the guidance remains consistent but even more urgent: prioritize vulnerabilities based on what is being exploited rather than just the total count, and implement patches more swiftly than in the past.
Other articles
Microsoft's notable Patch Tuesday: AI detected the issues.
Microsoft's July Patch Tuesday addressed an unprecedented 622 vulnerabilities, attributing the increase to AI-assisted detection. There were two zero-day exploits that were already being actively used.
