Microsoft Fixes a Record 570 Vulnerabilities in July’s Patch Tuesday — The Company Credits AI for Finding Them All, Which Raises the Question of What the AI Has Been Doing for the Past Thirty Years

🤚 The Open-Palm Avalanche

Microsoft’s July 2026 Patch Tuesday has arrived with 570 security fixes — the largest single patch release in the company’s history, nearly tripling the 200 vulnerabilities patched in June. Your IT department just received a to-do list the length of a doctoral thesis and the deadline is now.

The breakdown reads like a taxonomy of everything that can go wrong with software:

  • 254 Elevation of Privilege vulnerabilities
  • 145 Remote Code Execution vulnerabilities
  • 102 Information Disclosure vulnerabilities
  • 35 Denial of Service vulnerabilities
  • 17 Security Feature Bypass vulnerabilities
  • 16 Spoofing vulnerabilities

Of these, 59 are rated Critical, including 48 remote code execution flaws — meaning an attacker can run whatever they want on your system from across the internet, which is the cybersecurity equivalent of leaving your front door open with a sign that says “help yourself.”

👐 The Two-Handed Zero-Day Report

Three zero-days made the cut this month, because apparently 567 regular vulnerabilities weren’t dramatic enough.

CVE-2026-56155 targets Active Directory Federation Services with an elevation of privilege attack that is actively being exploited in the wild. Microsoft’s own DART team discovered it, which means the company’s incident responders found the vulnerability by watching someone use it on a real network.

CVE-2026-56164 hits Microsoft SharePoint Server with a missing authentication flaw that allows an unauthorized attacker to elevate privileges over a network. Mandiant and Google Cloud researchers reported this one, and it too is being actively exploited. Microsoft’s recommended mitigation is to enable AMSI and set Request Body Scan to Full — a sentence that means nothing to 99% of SharePoint administrators and everything to the attackers who already know.

CVE-2026-50661 is a Windows BitLocker security feature bypass that was publicly disclosed by an anonymous researcher. An attacker who successfully exploits it can bypass BitLocker Device Encryption entirely, which means your full-disk encryption was more of a full-disk suggestion.

🌿 The Gentle Awakening

The truly remarkable detail buried in this record-breaking patch dump is Microsoft’s explanation for why there are so many: the company deployed an AI-powered vulnerability discovery system to scan its Windows codebase. The AI found bugs faster than humans ever could.

This is simultaneously a triumph and a confession. On one hand, Microsoft is proactively finding and fixing vulnerabilities before attackers exploit them. On the other hand, the AI found 570 of them in a single month, which implies the codebase has been sitting on a geological deposit of security flaws that human reviewers simply never reached.

The question nobody at Redmond wants to answer: if the AI found 570 this month, how many are left?

And the follow-up: if AI is this good at finding vulnerabilities in Microsoft’s code, what happens when everyone else’s AI starts looking too?

👑 The Gold-Leaf Reckoning

This number does not include the 468 Microsoft Edge and Chromium flaws fixed separately by Google, or vulnerabilities in Azure OpenAI, Exchange Online, M365 Copilot, and several other products that were patched earlier in July. If you count everything Microsoft quietly fixed this month, the real number is closer to a thousand.

The AI revolution has arrived in enterprise security, and its first contribution is informing you that the software you’ve been running for decades was held together with optimism and insufficient code review. Your Active Directory can be compromised. Your SharePoint is missing authentication. Your BitLocker is bypassable. And those are just the three that someone was already using against you.

Patch. Now. Before the AI finds the next 570.

“We built an AI to find all the bugs in our code. It found 570 in one month and asked if we would like it to keep going. We said no. It kept going anyway.” — The Slap of Wisdom Patch Management Bureau, currently on vulnerability number 571 and counting