Microsoft's Security Chief Gallot Bets Unit on AI, Cuts Roles
TL;DR
- Hayete Gallot, who took over Microsoft's security business in February, has replaced at least eight senior executives and cut several hundred roles in the 10,000-strong unit.
- Her flagship tool MDASH, a multi-model bug-finder modeled on how customers use Anthropic's Mythos, helped drive a record 622 Windows patches in July.
- Gallot is prioritizing AI-powered products like the OpenAI-based Security Copilot, code-vulnerability scanning, and Defender, while de-emphasizing older tools like Sentinel.
Microsoft's security business is being torn up and rebuilt around AI, and the person doing it is not being subtle. The Information reported that Hayete Gallot, who took over the unit in February, has replaced at least eight senior executives from the prior leadership and cut several hundred roles from what was a 10,000-strong security group. Engineering teams are being consolidated. Older products like Sentinel are being de-emphasized. AI-first products like the OpenAI-based Security Copilot, code-vulnerability scanning, and Defender are getting the runway.
The flagship of that pivot is MDASH, Microsoft's multi-model agentic scanning harness, which coordinates more than 100 specialized AI agents across an ensemble of frontier and distilled models to discover, debate, and prove exploitable bugs end-to-end. The reporting frames MDASH as modeled on how customers use Anthropic's Mythos, with Microsoft chasing the same enterprise security spend that has been flowing to Anthropic and OpenAI. MDASH found 16 of the flaws fixed in May's Patch Tuesday by itself, and it helped drive a record 622 Windows patches this month.
Why this matters if you are not a Windows shop: the arms race for AI vulnerability finding has quietly become a real product category, not a demo. Anthropic has Claude Mythos Preview, OpenAI has Daybreak, AWS has Continuum, and Microsoft now has MDASH pitched as the more multi-model, configurable option for cost-sensitive buyers. For CISOs, the question is no longer whether to run an AI bug hunter over your codebase, but whose to run.
The honest caveats. The reporting does not disclose MDASH pricing, packaging, or the exact model mix it orchestrates beyond the Anthropic and OpenAI framing. It also does not say what is happening to customer-facing response capacity while Gallot is cutting hundreds of roles during the busiest patching month Microsoft has ever posted. Replacing eight senior execs and hollowing out a security unit while disclosure volume is spiking is not a risk-free move.
If the bet works, Microsoft keeps the vulnerability-management line item on its own paper instead of watching that budget migrate to the frontier labs. If it does not, the pitch that a Redmond multi-agent stack can match Mythos or Daybreak on the genuinely hard bugs is the thing to watch.
Originally reported by The Information
Read the original article →Original headline: Microsoft Readies AI Cybersecurity Product That Auto-Discovers and Patches Software Bugs Using Anthropic and OpenAI Models