Strengthening secure software at global scale: How MSRC is evolving with AI

Cybersecurity has always been a race between defenders and attackers, constrained by human time, attention, and scale. What is changing now is the level of capability available to apply security fundamentals with far greater reach and speed.

At Microsoft, AI is already deeply embedded in how we secure our own environment, how security operates within our core platforms and services, and how customers protect their organizations using our security solutions. New generations of AI are extending that foundation and expanding what cyber defense can achieve by allowing defenders to operate with greater reach, speed, and consistency than was previously possible.

This moment matters because it reflects a broader shift in how cyber defense is evolving across the industry. Microsoft's focus is to evaluate emerging capabilities rigorously, apply them deliberately, help ensure responsible use, and use them to augment our security and development toolsets so customers can use them safely to improve security outcomes.

We appreciate Anthropic providing private research preview early access to their latest model, Claude Mythos Preview, which allows us to better understand emerging capabilities, identify and mitigate risk, and strengthen protections for our customers and the broader ecosystem. We also look forward to participating in Project Glasswing, an initiative focused on applying these advances responsibly and reducing cyber risk across the industry.

One place these advances are especially relevant is vulnerability discovery and response. This work sits at the heart of the Microsoft Security Response Center (MSRC), where we focus on identifying vulnerabilities, coordinating fixes, and reducing risk before issues can be exploited at scale.

What follows is a closer look at the role the MSRC plays in this work, how we are applying these capabilities to vulnerability discovery and response, and our plans to help customers use these models safely.