AI models are helping discover software vulnerabilities even faster than previously expected.
Lee Klarich, the chief product and technology officer at Palo Alto Networks, in a blog post Wednesday shared PAN’s insights into how frontier AI models are impacting cybersecurity.
Palo Alto Networks is among a handful testing Anthropic’s Claude Mythos Model since April 7 as a launch partner under Project Glasswing. Beyond Claude Mythos, the company has also been testing Claude Opus 4.7 and OpenAI’s GPT 5.5-Cyber, according to Klarich.
Palo Alto Networks released its first set of Patch Wednesday security advisories and disclosed 26 common vulnerabilities and exposures, compared to its usual volume of about five, Klarich said, noting that none of the newly disclosed vulnerabilities are currently being exploited in the wild.
Klarich cautioned that simply running one of the models would not automatically resolve the vulnerability problem. Organizations need to build “AI scanning harnesses, leverage context, guardrails and threat intelligence” to successfully find and remediate these flaws at scale. Security teams also should develop a “multimodal approach,” he said, in order to identify a superset of vulnerabilities.
The longer-term play would be to incorporate these models further into the software development life cycle. “This is the light at the end of the tunnel,” Klarich said in the blog. “A future where software is secure by design.”
He warned that organizations have a narrow “three- to five-month window” for organizations to get a leg up on adversaries, as AI-driven exploitation will likely become the new normal.
On Monday, researchers at Google Threat Intelligence Group reported that AI had been used to develop a working zero-day exploit. And on Tuesday, Microsoft said it found 16 new vulnerabilities, including four critical remote execution flaws, across the company’s networking and authentication stack.
