Microsoft patches record number of security vulnerabilities, citing AI
Microsoft released a record 570 security patches this week, with two zero-day flaws among them, attributing the increase to its use of artificial intelligence in vulnerability discovery.

Microsoft issued a record-breaking 570 security patches on Tuesday, July 15, 2026, as part of its monthly Patch Tuesday cycle. At least two of the vulnerabilities are zero-days, meaning they were actively exploited before Microsoft became aware of them.
One zero-day affects Windows Server, allowing attackers to escalate privileges from a limited user to a system administrator. Another affects the SharePoint file-sharing server; the U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned that hackers were actively exploiting it to compromise organizations.
The massive patch batch comes a week after Microsoft stated in a blog post that it expected its monthly security patches to be significantly higher in number. The company cited its use of artificial intelligence (AI) to help employees discover previously unknown security flaws.
“As AI helps defenders discover more issues, customers will see a higher volume of security updates included in each security release,” said Pavan Davuluri, head of Windows.
Security researchers are increasingly using AI models to uncover vulnerabilities that may have lain dormant in software code for years, if not longer. Some parts of Microsoft's Windows code date back decades.


