Microsoft’s Biggest Patch Tuesday Fueled by AI Bug Hunting

Microsoft just released its largest ever Patch Tuesday, fixing 622 security flaws in July 2026. This number more than tripled the June tally, which itself had set a record. The previous month’s bugs totaled 570, a figure reported by security watchers. On top of these, 428 more Chromium bugs in Microsoft Edge also got patched.
Out of the 622 flaws, 58 were marked critical. Three of these were zero-day vulnerabilities, meaning attackers already knew how to exploit them before the fixes. Two of those zero-days are actively used in attacks. One lets attackers escalate privileges through Active Directory Federation Services. Another targets on-premises SharePoint, also allowing privilege escalation. Neither carries a high severity score, yet both are exploited.
The third zero-day is a BitLocker bypass. It requires physical access to a device, but it can let attackers sidestep encryption protections. Microsoft’s Windows chief, Pavan Davuluri, warned that AI is pushing the number of security updates higher. “As AI helps defenders discover more issues, customers will see a higher volume of security updates included in each security release,” he said.
How AI Is Changing Patch Tuesday
Microsoft credits AI with speeding up how it finds bugs. Their scanner, MDASH, automatically discovered 16 flaws in May. AI models like Anthropic’s Mythos have also helped many companies fix vulnerabilities. OpenAI showcased its own AI hacker that hunts for bugs in its models.
Microsoft expects AI to uncover even more security issues going forward. They are updating their Secure Development Lifecycle to handle new AI-powered attack methods. The company is investing in new tools, including Windows-specific AI systems that generate and check fixes automatically. Developers still verify AI findings and decide which issues to patch first based on risk.
The HiveLegacy Exploit and Defense Tips
A new exploit called HiveLegacy recently surfaced. It allows low-privilege Windows users to change administrator accounts. It targets a flaw in the Windows User Profile Service. Attackers can alter the registry hive of an admin account, which controls various system settings.
This exploit requires attackers to know the username and password of another user. If they can run code when the admin logs in, they gain admin-level access. Will Dormann, a security analyst, said, “The ability of a non-admin user to be able to modify the classes registry hive of an admin user is a pretty powerful primitive.”
Microsoft acknowledged the vulnerability and is investigating. Meanwhile, defenders can protect systems by running detection scripts and restricting local non-user account creation. Monitoring the User Profile Service and tracking hive loads can also help spot attacks.
This month’s Patch Tuesday shows how AI is reshaping cybersecurity. It helps find bugs faster but also shifts how companies defend their software. Microsoft’s investments in AI-driven tools signal a new era in security updates. Users should stay current with patches to keep their systems safe.
Based on
- Microsoft’s record Patch Tuesday, and it says AI found the bugs — thenextweb.com
- Microsoft patches record number of security vulnerabilities, citing its use of AI | TechCrunch — techcrunch.com
- Microsoft patches record 570 Windows security bugs with two exploited zero days – update now | ZDNET — zdnet.com
- Microsoft’s patch Tuesdays are about to get bigger | The Verge — theverge.com
- Windows 0-day drops the same day Microsoft releases record number of patches – Ars Technica — arstechnica.com




