
Microsoft released a record 570 security patches on Tuesday, including at least two zero-days being actively exploited by hackers, attributing the surge to AI-assisted vulnerability discovery. The company signaled this trend will continue as AI tools help defenders uncover bugs that may have been dormant in Windows and other products for years or longer.
Summaries like this, in your inbox every morning.
Sign up free →What happened
Microsoft released 570 security patches on Tuesday as part of its monthly Patch Tuesday cycle. At least two were zero-days—vulnerabilities actively exploited by hackers before Microsoft was aware of them: one affecting Windows Server privilege escalation, another targeting SharePoint that the U.S. government's CISA agency warned was being actively exploited.
Why it matters
Microsoft attributed the record patch count to AI-aided vulnerability discovery. Windows leader Pavan Davuluri stated that as AI helps defenders surface previously hidden bugs, "customers will see a higher volume of security updates included in each security release." This signals a structural shift: dormant code flaws hidden for years or decades may now be exposed faster.
What to watch
The company telegraphed this surge a week earlier in a blog post predicting higher-volume monthly patches ahead. Security researchers using advanced AI models focused on cybersecurity are increasingly uncovering long-buried vulnerabilities—parts of Windows code date back decades, creating a growing pool of newly exposed risks.
On Tuesday, July 15, Microsoft issued 570 security patches across Windows, Office, and other product lines, marking the largest single patch release the company has disclosed. The company attributed this record volume to its use of AI in identifying code vulnerabilities that its teams might otherwise have missed. Windows leader Pavan Davuluri explained the forward-looking implication in a statement: "As AI helps defenders discover more issues, customers will see a higher volume of security updates included in each security release."
Among the 570 patches, at least two were classified as zero-days—security flaws that had already been exploited by attackers before Microsoft was notified. One zero-day affected Windows Server and allowed attackers with limited user privileges to escalate to system administrator level. The second targeted Microsoft SharePoint, a file-sharing server widely used in enterprise and government environments. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued a warning that hackers were actively exploiting the SharePoint bug to compromise organizations. Krebs on Security first reported the news.
One week prior to the release, Microsoft had signaled this surge in a blog post, setting expectations that monthly security updates would grow significantly higher than historical norms. The company cited its increasingly sophisticated use of AI models to hunt for vulnerabilities in software. As these AI tools become more advanced and purpose-built for cybersecurity, security researchers across the industry are uncovering bugs that may have lain dormant in production code for years or decades. Parts of Microsoft's Windows codebase date back decades, meaning the surfacing of these long-hidden flaws through AI analysis appears to be just the beginning of a larger trend toward higher patch volumes across the technology sector.
The 570-patch release marks a turning point in how vulnerabilities surface in enterprise software. Microsoft's explicit connection between AI-driven code analysis and the record patch volume reflects a broader shift in cybersecurity: as AI models become more sophisticated and targeted at bug discovery, they are exposing flaws that existed dormant in production code for years. The company's Windows code base, parts of which date back decades, appears to contain a substantial backlog of such vulnerabilities now detectable by machine analysis.
The two zero-days included in this cycle underscore the practical danger. One granted privilege escalation on Windows Server; the other affected SharePoint and prompted warning from CISA that active exploitation was underway. This combination—record patch volume driven by AI discovery, coupled with concurrent zero-day exploitation—suggests organizations should expect both higher update frequency and continued urgency in applying them. Microsoft's advance announcement of the trend appears designed to set expectations that escalating patch counts reflect improved detection, not declining code quality.
No discussion yet for this article
Get curated AI news from 200+ sources delivered daily to your inbox. Free to use.
Get Started FreeFree · takes 30 seconds · unsubscribe anytime
1 minute a day. The AI essentials.
200+ sources · Email / LINE / Slack