Palo Alto Networks warned that software vulnerability attacks abusing artificial intelligence could become a new standard cyber threat within the next few months. As AI models rapidly advance, it is getting closer to an era when attackers can automatically search for and exploit even undisclosed vulnerabilities.

On May 13, CNBC reported that Palo Alto Networks Chief Technology Officer Lee Klarich (리 클라리치) said organisations have "only about 3 to 5 months" to build defence systems ahead of attackers.

In a blog post released that day, Klarich said, "We need to move quickly before AI-based exploits become the new standard." He added, "The coming flood of vulnerabilities demands an urgent response."

The warning shows that advances in generative AI are directly pressuring the cybersecurity industry. Concerns are growing that the emergence of high-performance systems such as Anthropic's AI model Mythos could increase the likelihood that previously unknown software vulnerabilities will be found and abused.

The severity of the issue is also being recognised at the U.S. government level. CNBC reported that the White House recently convened a meeting with bank executives and officials from major technology companies.

Attack attempts have already been detected. Google said it blocked a "large-scale exploit attempt" using AI this week. The industry believes cases are increasing in which hackers use commercial AI tools to find and attack software vulnerabilities. That means attackers are already using AI in real operations while defenders discuss AI-based security systems.

Palo Alto Networks presented defence technology innovation across the industry as a response. Klarich stressed that blocking only specific latest models is not enough and that a system is needed to track and block the new attack techniques themselves.

He mentioned virtual patching and AI-based attack detection technologies, and said Palo Alto Networks plans to release a related bundle of features "very soon."

The industry is also moving to respond pre-emptively. Last month, Anthropic limited distribution of the Mythos model to some companies to test and fix vulnerabilities before hackers could abuse it. Participating companies included Palo Alto Networks, CrowdStrike, Amazon, Apple and JPMorgan Chase.

OpenAI also joined the response race last week by announcing the "Daybreak" cybersecurity initiative along with the "GPT-5.5-Cyber" model.

Klarich said the industry's mood itself has changed in recent weeks. He said, "Just a few weeks ago, many people reacted by asking whether we were exaggerating model capabilities," and added, "After additional testing, we became confident that was not the case." He added, "These models are more likely to find vulnerabilities better than we initially thought."

The market believes a key variable will be how quickly companies and the security industry reflect this in defensive technology, rather than competition over AI model performance. As attackers use AI to speed up searches for undisclosed vulnerabilities, how quickly virtual patching and AI-based threat detection are applied in the field is expected to be a main point to watch in the cybersecurity market.