570 Patches in One Day. AI Found Them.

Threat assessment: elevated. Patch now, read after.

Microsoft shipped fixes for 570 security flaws on Tuesday, the biggest Patch Tuesday in the company’s history, and it says AI is why the number is that high. According to TechCrunch AI, at least two of those bugs are zero-days, meaning attackers were exploiting them before Microsoft knew they existed. Krebs on Security first reported the scale of the release.

This is the first time a vendor of Microsoft’s size has pointed at AI and said, effectively: this is what happens when the machines start reading the code.

Situation report

  1. Volume. 570 patches across Windows, Office, and other product lines. A normal Patch Tuesday runs a fraction of that.
  2. Two live fires. One Windows Server bug lets an attacker climb from a limited user account to full system administrator. Game over on that box.
  3. SharePoint under attack. CISA, the U.S. government’s cybersecurity agency, warned that hackers are actively using a SharePoint flaw to break into organizations. Not theoretical. Happening now.
  4. Advance warning. Microsoft published a blog post a week out telling customers to expect a much bigger batch than usual. They knew this was coming.

Why the number exploded

Microsoft’s own explanation is blunt. “As AI helps defenders discover more issues, customers will see a higher volume of security updates included in each security release,” said Windows boss Pavan Davuluri, as detailed in TechCrunch AI.

Here’s the mechanic. Finding vulnerabilities in old code used to be slow, expensive human work. A researcher reads thousands of lines, builds a mental model, spots something off. That process doesn’t scale. Now AI models tuned for security analysis can sweep enormous codebases and flag suspect patterns in hours instead of months.

Parts of Windows date back decades. Those bugs have been sitting there the whole time. Nobody had the manpower to look. The AI does.

What stands out here

The patch count isn’t a sign Microsoft’s code got worse. It’s a sign the flashlight got brighter. That distinction matters, because the same flashlight is available to the other side.

Microsoft is finding these bugs with AI. So can attackers. The question that decides the next few years is who gets to the dormant flaw first, and how fast the patch reaches the machines that need it. Right now defenders have the advantage of source-code access. Attackers have the advantage of not needing to test anything before shipping.

Immediate implications

  • Patch cycles are about to get heavier. If your team treats Patch Tuesday as a two-hour task, rebuild the process. Triage matters more than coverage now.
  • Prioritization becomes the real skill. 570 patches means nobody applies all of them thoughtfully. Zero-days and privilege escalation first. Everything else in sequence.
  • Expect other vendors to follow. Google, Apple, and the Linux ecosystem are running the same AI tooling. Their numbers will climb too.
  • Legacy code is now a liability with a countdown. Anything old and unaudited is a target. AI is auditing it whether you asked or not.

What comes next

Watch two things. First, whether Microsoft’s patch volume stays elevated or spikes and settles as AI clears the decades-old backlog. Second, whether the first confirmed AI-discovered exploit shows up in the wild before the corresponding patch does. That second one is the moment the balance tips.

For now: apply the SharePoint and Windows Server fixes today. The rest can wait a day. Those two cannot.

Full details on the release are available at the original source.

Scroll to Top