Microsoft has shattered its own record for monthly security patches, releasing fixes for 570 vulnerabilities across Windows, Office, and other products. The company attributes the surge directly to its use of artificial intelligence, which it says is uncovering bugs that may have lurked in code for decades. Main Developments Tuesday's Patch Tuesday update marks the largest single batch of security fixes Microsoft has ever issued. Among the 570 flaws are two zero-day vulnerabilities that attackers had already exploited before Microsoft learned of them. One zero-day affects Windows Server, allowing an attacker with limited access to escalate privileges to full system administrator control. The other targets SharePoint file-sharing servers, and the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has confirmed active exploitation by hackers seeking to compromise organizations. Read also: Stripe and Advent in $53.4B Bid to Acquire PayPal Background Just last week, Microsoft warned in a blog post that its monthly patch volumes would increase significantly going forward. The company cited AI tools that help its engineers identify security vulnerabilities that manual testing might miss. Windows boss Pavan Davuluri explained the dynamic: as AI helps defenders discover more issues, customers will see a higher volume of security updates in each release. Some of Microsoft's code—particularly in Windows—dates back decades, making it a rich hunting ground for both human researchers and automated tools. Why It Matters The record patch count signals a fundamental shift in how software vulnerabilities are discovered. As AI models grow more sophisticated and focus on cybersecurity, they are unearthing bugs that may have been dormant for years. For organizations, this means a heavier patching burden—but also fewer undetected holes for attackers to exploit. For Microsoft, the trend underscores a strategic pivot: using AI not just to build features, but to harden legacy code that powers critical infrastructure worldwide. The two zero-days already in the wild highlight the urgency of keeping systems current. What's Next Microsoft has not indicated when it will patch the next batch of vulnerabilities, but the company has signaled that larger-than-usual Patch Tuesday releases are now the norm. Security teams should expect to allocate more resources to update management in the coming months. The two zero-days are already being addressed in Tuesday's release, but organizations running affected Windows Server or SharePoint versions should prioritize installation immediately. CISA's active warning suggests further exploitation is likely.