Palo Alto Networks warns: AI-driven cyberattacks will become the new norm within 3 to 5 months
What it really says
On May 13, 2026, Palo Alto Networks, one of the world's largest cybersecurity companies, published an update to its 'Defender's Guide' on the impact of frontier AI on cybersecurity. Over the past month, the company scanned more than 130 of its own products for vulnerabilities using advanced AI models - including Anthropic's Mythos model (tested since April 7), Claude Opus 4.7, and OpenAI's GPT-5.5-Cyber. The results are striking: 75 legitimate vulnerabilities were discovered, resulting in 26 CVE entries (Common Vulnerabilities and Exposures). According to Palo Alto, this represents seven times the usual monthly discovery rate. The AI models generated working exploits in over 70 percent of cases. Particularly concerning: individual vulnerabilities that would have been classified as low-severity on their own were chained by the AI into high-critical attack sequences. However, the false-positive rate was approximately 30 percent, and results still required significant human expertise for evaluation. Palo Alto's tech chief Lee Klarich warned that organizations have a narrow three-to-five-month window to outpace adversaries before AI-driven exploits become the new norm. In parallel, Microsoft reported also finding vulnerabilities in its own code through AI scanning. All discovered flaws were patched before they could be exploited.
Our assessment
This report directly follows yesterday's story about the first AI-generated zero-day exploit (Google GTIG, May 11, 2026) and reinforces the picture: AI is fundamentally changing the cybersecurity landscape. The fact that a leading security company finds as many vulnerabilities in its own products in one month using AI as it normally would in seven months shows both the potential and the danger. The good news: Palo Alto and Microsoft are using the same technology proactively for defense. All 75 vulnerabilities were patched, none was exploited in the wild. This shows the defender's advantage still exists - but it is shrinking. Klarich's 3-to-5-month warning should be viewed with nuance: Palo Alto Networks sells cybersecurity products and has a commercial interest in communicating threats clearly. This doesn't make the warning wrong, but the source should be considered in context. For end users, the message is pragmatic: install software updates promptly, minimize attack surfaces, and expect attackers to get faster.
Relevance for Germany
The warning is particularly relevant for Germany in the context of the NIS2 directive, in force since October 2024, which requires significantly more companies than before to implement cybersecurity measures. The BSI identified AI-powered attacks as a growing threat in its 2025 situation report - the Palo Alto data now quantifies for the first time how dramatically AI accelerates vulnerability discovery. German companies using Palo Alto products benefit directly from the patched vulnerabilities. For the German Mittelstand, which often has fewer IT security resources, the warning means: the window for building AI-powered defense capabilities is narrowing. The recommendation to minimize internet-facing attack surfaces and deploy automated detection is especially relevant for smaller companies with limited security teams.
Fact check
Core figures (75 vulnerabilities, 26 CVEs, over 70 percent working exploits, 30 percent false-positive rate) come from Palo Alto's own blog post and are consistently reported by Axios, CNBC, and SecurityWeek. Axios cites '85 bugs' in the headline versus 75 - the discrepancy likely stems from Axios counting all findings while Palo Alto counts only the 75 confirmed as 'legitimate' vulnerabilities. The 'sevenfold' acceleration is based on Palo Alto's own baseline of fewer than 5 CVEs per month. The 3-to-5-month warning is Klarich's assessment, not an independently verified forecast. Important limitation: Palo Alto Networks is a cybersecurity product vendor and benefits commercially from heightened threat awareness. Nevertheless, the technical data is concrete, quantified, and supported by parallel findings from Microsoft.
Source
- • Palo Alto Networks Blog 13.05.2026: Defender's Guide to the Frontier AI Impact on Cybersecurity: May 2026 Update (paloaltonetworks.com/blog/2026/05/defenders-guide-frontier-ai-impact-cybersecurity-may-2026-update/)
- • Axios 13.05.2026: Palo Alto Networks says Mythos, GPT-5.5 found 85 bugs in weeks (axios.com/2026/05/13/palo-alto-networks-mythos-gpt-cybersecurity)
- • CNBC 13.05.2026: AI-driven cyberattacks will start to be the 'new norm' in months, Palo Alto warns (cnbc.com/2026/05/13/palo-alto-ai-cyberattacks-mythos-gpt.html)
- • SecurityWeek 13.05.2026: Microsoft, Palo Alto Networks Find Many Vulnerabilities by Using AI on Their Own Code (securityweek.com/microsoft-palo-alto-networks-find-many-vulnerabilities-by-using-ai-on-their-own-code/)