Microsoft MDASH Outperforms Mythos Preview on CyberGym Benchmark

Microsoft on Tuesday announced MDASH, also known as Microsoft Security multi-modal agentic scanning harness. The system is the first multi-modal service included in the CyberGym benchmark developed by UC Berkeley’s Center for Responsible, Decentralized Intelligence.

It scored 88.4 percent on the benchmark, compared with 83.1 percent for Mythos Preview. CyberGym evaluates AI agents on real-world vulnerability analysis. The benchmark includes 1,507 real-world vulnerabilities across 188 open-source projects. Microsoft said the result indicates MDASH is more effective at identifying vulnerabilities than Mythos Preview.

MDASH is not a single model but an agentic system that runs more than 100 specialized agents. Some agents hunt for vulnerabilities while others debate whether identified flaws are real or exploitable. The company said this approach reduces false positives.

In its first run against the Windows operating system, MDASH surfaced 16 previously unknown vulnerabilities. Four of those were critical remote-takeover flaws addressed in this month’s Patch Tuesday. The announcement came the same week that OpenAI announced its Daybreak security initiative.

MDASH was built by Microsoft’s Autonomous Code Security team. The team includes several members of Team Atlanta, which won the $29.5 million DARPA AI Cyber Challenge by building an autonomous cyber-reasoning system. The system found and patched bugs in open-source projects.

Taesoo Kim, VP of Security Research at Microsoft, leads the Autonomous Code Security team. Kim said the adoption of MDASH is rapid, with everyone internally at Microsoft leveraging it for security tests. The Windows team has integrated the tool into its entire build process and pipeline.

“This enables developers to get feedback and perform security testing by using MDASH as part of the CI/CD pipeline,” Kim said. The company started a private preview of MDASH last week and already has a handful of customers. Available models include GPT 5.5, 5.6, 5.5-Cyber, Sonnet and Opus.

Customers must sign up to apply for access during the private preview phase. Kim said the ability of agents to debate vulnerabilities filters out false positives identified during scanning and offers a higher chance of identifying certain vulnerabilities than Mythos.

Dolan-Gavitt, AI researcher at autonomous offensive security platform XBOW, commented on the result. “The performance of MDASH on CyberGym is good confirmation of something we’ve also found at XBOW: the capability of the model is important, but the harness, the scaffolding you put around the model to point it in the right direction, ensure it has the tools and context it needs to do a good job, and check its work, can be at least as important,” Dolan-Gavitt said via email.

Daniel Spicer, CSO at AI-powered IT security platform Ivanti, also responded. “Based on Microsoft’s description, MDASH is more about the tooling used to run multiple models to identify vulnerabilities. This doesn’t say anything about Mythos specifically, for all we know, Microsoft is using Mythos as part of MDASH,” Spicer said via email.

Andrew Rubin, CEO and founder of breach containment provider Illumio, described the broader environment. “Without commenting on specific models/capabilities, I believe we are seeing the start of a true arms race, both between attackers and defenders, and between the providers themselves.

The size of the steps and the speed of the changes will only continue to increase exponentially,” Rubin said via email.