Get your free personalized podcast brief
We scan new podcasts and send you the top 5 insights daily.
Palo Alto Networks' CEO explains that AI tools are discovering software vulnerabilities at an unprecedented rate. This will cause a short-term deluge of patches, but it's effectively cleaning up years of bad code and will ultimately strengthen the entire ecosystem.
Related Insights
AI will find vulnerabilities at an unprecedented rate. The real crisis will be the organizational inability to patch them, especially in critical infrastructure with long update cycles and unsupported software where original developers are long gone. The problem shifts from finding flaws to fixing them at scale.
The same AI technology amplifying cyber threats can also generate highly secure, formally verified code. This presents a historic opportunity for a society-wide effort to replace vulnerable legacy software in critical infrastructure, leading to a durable reduction in cyber risk. The main challenge is creating the motivation for this massive undertaking.
While AI can be used to create exploits, its greater impact is on security. AI tools empower a vastly larger pool of contributors to scrutinize open codebases, identify flaws, and submit patches, strengthening the ecosystem faster than is possible in a closed environment.
As AI models become adept at finding software vulnerabilities, there's a limited time for companies to use these tools defensively. This brief "catch-up" period exists before these powerful capabilities become widely available to malicious actors, creating an urgent, time-boxed need for proactive patching of legacy systems.
Advanced AI cyber tools like Anthropic's Mythos don't create new vulnerabilities; they excel at discovering existing, dormant bugs in human-written code. Their proliferation will catalyze a one-time, industry-wide upgrade cycle, ultimately hardening global infrastructure and leading to a more secure equilibrium between AI-powered offense and defense.
The emergence of AI that can easily expose software vulnerabilities may end the era of rapid, security-last development ('vibe coding'). Companies will be forced to shift resources, potentially spending over 50% of their token budgets on hardening systems before shipping products.
The plummeting cost of finding exploits via AI models means enterprises cannot simply patch vulnerabilities reactively. The necessary strategic shift is to build foundational security controls for each asset class, including a new, dedicated security layer specifically for the AI stack.
AI models are better at finding bad code than writing good code. This capability will rapidly uncover vulnerabilities in open-source, custom, and vendor software that would have otherwise taken 10 years to find. This creates an urgent, large-scale need for patching across all industries.
The traditional cybersecurity model of humans finding and patching vulnerabilities cannot keep pace with AI that discovers thousands of exploits in hours. This fundamental mismatch in speed and scale will require a complete overhaul of how software security is managed.
AI models like Mythos aren't just finding vulnerabilities; they are creating working exploits almost instantly. This forces security and engineering teams to abandon manual patching in favor of automated, machine-speed defense pipelines.
