SN 1079: Daybreak and Codename MDASH - Microsoft's Edge Password Blunder - podcast episode cover

SN 1079: Daybreak and Codename MDASH - Microsoft's Edge Password Blunder

Security Now (Audio)
May 20, 20262 hr 52 minEp. 1079
--:--
--:--
Listen in podcast apps:
Apple Podcasts
Spotify
Download
YouTube
Overcast
Pocket Casts
Episodes.fm
Download Metacast podcast app
Listen to this episode in Metacast mobile app
Don't just listen to podcasts. Learn from them with transcripts, summaries, and chapters for every episode. Skim, search, and bookmark insights. Learn more

Episode description

OpenAI, Microsoft, and Google are racing to unleash next-gen AI that hunts for software vulnerabilities and hacks at scale. This episode explores how these advancements could shake up everything we thought we knew about cybersecurity.

  • Microsoft rethinks Edge's "intended behavior" after it gets press.
  • Chaotic Eclipse hacker strikes again with a Bitlocker bypass.
  • Google's threat analysis group documents malicious AI use.
  • Canada hasn't learned the lessons of the EU and the UK.
  • AI chatbots may be far more addictive than social media.
  • Project: Hail Mary now available to stream.
  • An apparently-serious zero-point quantum vacuum energy source.
  • A bit of listener feedback.
  • OpenAI's & Microsoft's vulnerability discovery systems

Show Notes - https://www.grc.com/sn/SN-1079-Notes.pdf

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to Security Now at https://twit.tv/shows/security-now.

You can submit a question to Security Now at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Join Club TWiT for Ad-Free Podcasts!
Support what you love and get ad-free audio and video feeds, a members-only Discord, and exclusive content. Join today: https://twit.tv/clubtwit

Sponsors:

Transcript

AI Finds the Bugs Humans Miss: Microsoft’s Codename EM Dash Sets a New Benchmark in Software Security Primary Navigation Podcasts Club Blog Subscribe Sponsors More… Tech AI Finds the Bugs Humans Miss: Microsoft’s Codename EM Dash Sets a New Benchmark in Software Security

May 20th 2026

AI-generated, human-reviewed.

On this week’s episode of Security Now, the spotlight was on Microsoft’s Codename EM Dash—a cutting-edge AI-powered system that just uncovered some of the most critical vulnerabilities in Windows history. This marks a significant leap in how software is protected, revealing that artificial intelligence isn’t just a buzzword but an essential tool propelling cyber defense into a new age.

How Microsoft’s Codename EM Dash Outsmarts Security Threats

EM Dash is Microsoft’s newly revealed internal tool for security auditing. Unlike previous methods that depended mainly on human researchers or single AI models, EM Dash uses a multi-agent approach—meaning it orchestrates more than 100 specialized AI components, each designed to review, debate, validate, and even attempt to exploit potential bugs in code. This ensemble method dramatically increases not just the speed but also the accuracy and depth of vulnerability detection.

On Security Now, Gibson explained that EM Dash was able to find 16 brand-new vulnerabilities within Windows’ networking and authentication code, including four that could have led to remote code execution—the kind of bug that attackers can exploit over the internet without any user action. These discoveries were not only theoretical; Microsoft issued fixes for these high-stakes issues during the most recent Patch Tuesday.

Why EM Dash Is a Security Game-Changer

Traditional software security relies on human experts and automated tools flagging patterns known from past vulnerabilities. What sets EM Dash apart is its agentic system: different AI agents specialize, collaborate, and even argue with each other to challenge findings, weed out false positives, and prove real-world exploitability. This reduces noise (unnecessary alerts) and highlights only the most actionable threats.

Microsoft built EM Dash on the foundation of expertise from winners of the DARPA AI Cyber Challenge, combining top-tier academic knowledge with real-world, production-scale software systems. The system isn’t restricted to Microsoft in principle—the design allows it to work with any advanced language model, meaning this approach could be adopted across the industry.

What This Means for the Future of Software Security

According to Security Now, EM Dash’s success shows that AI-driven security has moved from research to reality. This advance could dramatically shrink the window of vulnerability for new bugs, potentially making major Patch Tuesday releases a thing of the past. With AI discovering and validating vulnerabilities before attackers do, software could become safer by design rather than continually patched after flaws are found.

However, as noted, this capability must evolve alongside cybercriminal tactics. Attackers are already leveraging AI to speed up exploitation and obfuscate malware. The key is for defenders to move faster and smarter—something EM Dash promises to enable.

What You Need to KnowMicrosoft’s Codename EM Dash is an AI system that coordinates over 100 agents to find and validate critical software bugs.It recently discovered 16 major vulnerabilities in Windows networking and authentication code, including high-impact remote code execution flaws.Unlike typical automated security, EM Dash uses AI agents that challenge and debate findings to minimize false positives and verify real risks.This marks a turning point for cyber defense, as AI now matches or exceeds expert-level vulnerability research at speed and scale.Microsoft integrated these findings into the most recent Patch Tuesday updates, highlighting rapid transition from discovery to remediation.The approach is scalable and could influence how software security is managed industry-wide, not just at Microsoft.As attackers turn to AI, such advanced defenses become essential for individuals and businesses relying on Windows and cloud services.The Bottom Line

Microsoft’s unveiling of Codename EM Dash demonstrates that agentic AI is not just theoretical—it’s actively detecting and helping fix the most dangerous vulnerabilities before attackers can exploit them. This technology is ushering in a future where software can be systematically reviewed and secured at unprecedented speed, promising better protection for everyone.

For users, keeping software updated is still essential—but with tools like EM Dash coming online, the tide in cybersecurity is turning.

Subscribe to Security Now for more in-depth security analysis and updates: https://twit.tv/shows/security-now/episodes/1079

Share: Copied! Security Now #1079
May 19 2026 - Daybreak and Codename MDASH
Microsoft’s Edge Password Blunder All Tech posts Contact Advertise CC License Privacy Policy Ad Choices TOS Store Twitter Facebook Instgram YouTube Yes, like every site on the Internet, this site uses cookies. So now you know. Learn more Hide Home Schedule Subscribe Club TWiT About Club TWiT FAQ Access Account Members-Only Podcasts Update Payment Method Connect to Discord TWiT Blog Recent Posts Advertise Sponsors Store People About What is TWiT.tv Developer Program and API Tip jar Partners Social Contact Us
Transcript source: Provided by creator in RSS feed: download file
For the best experience, listen in Metacast app for iOS or Android