From early cloud to new AI, Microsoft’s Hayete Gallot has handled hype

For Hayete Gallot, becoming EVP of security at Microsoft meant hitting the ground running—and taking to the air.

Gallot visited CEOs and customers around the world, she said, to understand their AI deployment questions: How do I govern an agent? Will I need another security analyst? What are the first steps to securely deploying AI?

The trip confirmed for Gallot that an AI security approach can’t be tied to one model.

“Security is a workflow. Models will come and go, but the workflows [are] what you need to build right,” Gallot told us.

It’s a challenging time to sign on to be a security leader, given how AI is evolving attack and defense tactics on a seemingly daily basis.

Gallot broke down her security strategy, and how a new offering from the company, known as MDASH, aims to help customers through their thorniest cybersecurity questions.

Cloud of uncertainty. In a career spanning over 16 years at Microsoft (and a brief stint with Google in 2024), Gallot sees parallels in how customers feel about AI and how they approached the cloud in its early days.

Gallot recalled her time in Microsoft’s sales org where she supported customers moving to cloud offerings like Office 365, which became generally available in June 2011. Customers felt uneasy about handing off control of their on-prem IT services to a data center in the cloud.

“We had to do a lot of work to make customers comfortable with it, but the key there was to tell them, ‘This is going to help you,’” Gallot told us.

Next top model. Gallot’s first release as a cybersecurity leader came in May of this year, with the rollout of MDASH, the Microsoft Security multi-model agentic scanning harness.” (A harness, generally, refers to the coordinating software infrastructure orchestrating AI components like tools, files, and multiple model outputs.) The harness, available in a limited customer preview, uses “more than 100 specialized agents” to perform:

• Recon of a code repo
• “Debating” of a finding’s exploitability
• Deduplication of similar findings
• Validating of the bug-triggering inputs

According to a May post, Microsoft’s engineers found 16 common vulnerabilities and exposures (CVEs) in its May Patch Tuesday set—and thanks to AI discovery, those CVEs may only increase in future updates.

MDASH arrives as AI companies offer promises of automated vulnerability finding-and-fixing, including Anthropic’s Claude Mythos Preview, OpenAI’s Daybreak, and AWS Continuum.

UC Berkeley’s CyberGym leaderboard, which evaluates how agents generate proof-of-concept vulnerabilities from descriptions and codebases, currently ranks MDASH second among tested agents. (Claude Opus 4.6 currently has the top spot.)

The scanning harness runs “a configurable panel of models,” including state-of-the-art models as the heavy reasoner, the announcement read. (Models must reason against complicated, private codebases with their own kernel-calling conventions, components, and even idioms, too.) While Gallot and the post did not mention specific model options, Taesoo Kim, VP of security research at Microsoft, told Forbes in May that usable models included GPT 5.5, 5.6, 5.5-Cyber, Sonnet, and Opus, and customers can pick and choose which models they want to enable. (In a statement shared with IT Brew, Kim said customers can leverage “Microsoft’s recommended model configurations based on their needs and preferences.”)

Microsoft CEO Satya Nadella recently told the Wall Street Journal that the new model for new AI deployment will be more democratized, with companies avoiding dependency on a small group of frontier models.

Gallot sees the optionality as an essential for the IT practitioner dealing with a fluctuating leaderboard of large language models (LLMs): “We make sure it works with any model on the shelf, so that they can go and protect themselves and find those vulnerabilities and fix them.”

A multimodal, configurable approach, Gallot said, also aims to help customers deal with the high costs of sophisticated models.

“If AI just generates noise or consumes tokens without outcomes, it’s not sustainable,” Gallot wrote to IT Brew in a follow-up email. “Customers can use the models they have access to and get to meaningful fixes without runaway costs.”

The “debate” agents rely on smaller “distilled” models, according to Kim’s public post, while state-of-the-art models support the reasoning processes. (The pipeline’s targeting, validation, deduplication, and prove stages are “model agnostic by construction,” Kim wrote.)

William Dupre, VP analyst at Gartner, sees the model-swapping aspect of the technology important to customers, given the potential change in LLM capabilities and their access.

“What you’re not directly hearing is the cost of this,” Dupre said, “and with AI solutions, there’s a heavy cost to pay for the inference of discovering these things.”

Security strategy. MDASH is a direct expression of Gallot’s security approach: security should be a workflow that goes beyond a single model.

“It’s not about running a model across your code and generating thousands of findings—it’s about building a multi-model, multi-agent workflow that helps you go from findings, to proof, to fixes, and deployment quickly,” Gallot wrote to us in her follow-up email.

Gallot wants to create tools that harness the uncertainty around an emerging technology and create helpful business results, whether it’s setting up Office in the cloud or finding and fixing a bug quickly. The AI challenge feels like a throwback to the cloud days.

“We’re kind of in that same moment of, ‘Let’s give them clarity,’” Gallot told us.