Microsoft patches record 570 flaws as AI accelerates vulnerability discovery

Artificial intelligence helped Microsoft discover and patch 570 security vulnerabilities in July, nearly tripling last month's record-breaking patch count.

CSBadmin
2 Min Read

Microsoft released the largest Patch Tuesday in company history on July 18, fixing 570 security vulnerabilities across Windows, Office, Azure, and other products. The total nearly triples June’s previous record of 198 patches, a surge Microsoft attributes to AI-powered vulnerability discovery.

Nearly 60 of the bugs earned a critical severity rating, allowing remote code execution with minimal user interaction. The update also addresses three zero-day vulnerabilities, two of which are under active exploitation. CVE-2026-56155 and CVE-2026-56164 are elevation-of-privilege flaws in Active Directory Federation Services and Microsoft SharePoint, respectively. A third zero-day, CVE-2026-50661, bypasses Windows BitLocker encryption for attackers with physical access to a device.

Microsoft executive vice president Pavan Davuluri warned in a July 9 blog post that Windows users should expect higher patch volumes going forward as AI tools uncover more vulnerabilities faster across more code. The trend is not isolated to Microsoft — Adobe announced it is moving to twice-monthly security bulletins, while Google’s June 2026 patches exceeded 900 fixes.

Security researcher Satnam Narang of Tenable cautioned that Microsoft’s exploitability index may no longer be reliable in an era of AI-powered exploit development, noting that Anthropic’s models produced working exploits for 13 of 14 vulnerabilities the company had rated “Exploitation Less Likely.”

CSBadmin

The latest in cybersecurity news and updates.

Share This Article
Follow:
The latest in cybersecurity news and updates.