Thu 09 Jul 2026 / 16:59 ET
Kernel
AI 3 min read

Microsoft says AI will make Windows security releases larger

Microsoft says it is using AI to find and prepare more Windows 11 security fixes, which could mean busier Patch Tuesdays for IT teams.

Theo Lindgren

By Theo Lindgren / Columnist

Microsoft says AI will make Windows security releases larger
img: The Verge

Microsoft is warning Windows users and administrators to expect more security fixes in each release as the company adds AI deeper into its Windows security process. In a Thursday blog post, Microsoft said AI is helping its teams find potential problems earlier, and that customers should see a higher count of security updates bundled into each security release.

For anyone responsible for keeping Windows 11 machines patched, the practical effect is straightforward: update days may carry more fixes at once. Microsoft is presenting that as a speed gain, not a change in the underlying requirement that humans still decide what ships. The company said developers will continue to check AI-generated or AI-assisted findings and make risk-based calls on updates. Good. Letting the autocomplete gremlin silently patch Windows would be an ambitious way to ruin a Tuesday.

Microsoft is changing its security workflow

Microsoft said it is revising its Secure Development Lifecycle so that it explicitly covers AI-enabled attack methods and exploit paths. That means the company is trying to account for how attackers may use models to speed up vulnerability discovery, exploit development, or related steps in an intrusion chain.

The company also said it is putting AI into more parts of the security update pipeline. According to Microsoft, that includes new Windows-specific tools and what it called agentic harnesses to help generate and validate security fixes. The stated goal is to move faster without lowering update quality, though that remains Microsoft’s claim for now. Patch quality is proven after deployment, not in a blog post.

The mechanism Microsoft describes is less mystical than the marketing vocabulary suggests. AI tools can scan code, flag suspicious patterns, propose changes, and run validation tasks around a candidate fix. Engineers still have to determine whether the report is real, whether the fix addresses the bug, and whether the patch creates some new breakage for users who did not ask to become QA.

AI is pressuring both sides of security

Microsoft’s move comes as attackers and researchers are using AI to find software weaknesses faster. The Verge reported that hackers, including lower-skill attackers, have increasingly used AI in recent months to exploit vulnerabilities more quickly.

Security researchers are also using AI to accelerate bug discovery, which can increase the flow of serious vulnerability reports. One recent example cited by The Verge was the “Copy Fail” exploit disclosed in May, which affected nearly every Linux distribution. Anthropic also claimed earlier this year that its Claude Mythos model had already found high-severity vulnerabilities in every major operating system.

Microsoft’s answer is to put similar tooling inside its own defensive process. The company says the result will be more security issues fixed per release, with developers still reviewing the work. For Windows shops, that likely means the same old patch discipline, with a thicker stack of fixes to test, approve, and deploy.

This story draws on original reporting from The Verge.

More AI/

view all ↗