Microsoft patches a record 570 bugs and blames AI for finding them
Microsoft shipped fixes for 570 security vulnerabilities in its July Patch Tuesday, the most it has ever released in a single month, and it is pointing at AI as the reason. Windows chief Pavan Davuluri put it plainly, as TechCrunch reports: "As AI helps defenders discover more issues, customers will see a higher volume of security updates included in each security release." The company had flagged the jump a week earlier, saying AI models tuned for security work are turning up dormant flaws buried in decades-old code.
The volume is not just noise. At least two of the fixes were zero-days already being exploited, including a SharePoint bug that the U.S. cybersecurity agency CISA warned organizations about, and a Windows Server flaw that let a limited user escalate all the way to system administrator. The pattern here is that AI-assisted analysis is good at scanning large, aging codebases for the kind of latent bug a human auditor would need years to reach.
There is a double edge that Microsoft's framing skips over. The same capability that lets defenders find old bugs at scale is available to attackers, so a record patch month is both reassuring and a signal that a lot of long-lived vulnerabilities are now within reach of automated discovery. For anyone running these products, the practical effect is more patches, more often, and less time between a bug becoming findable and becoming exploited.
Why it matters
If you run Windows, Office, or SharePoint in production, expect heavier and more frequent patch cycles to become normal, and plan capacity for it rather than treating a 570-fix month as a one-off. The same AI tooling cuts both ways, so the window between disclosure and exploitation is likely to keep shrinking.