future cyber attacks will be au
What are some of the key takeaways from the Palo Alto perspective from working with Anthropic as part of Project Glasswing?
I think what we found is that the model’s ability to write code improved by about 50 percent with Mythos. There is no standard for finding vulnerabilities anymore, so I’m going to equate it this way: If you can write better code, hopefully you can find more vulnerabilities. From my point of view this is a guess. What interested me most was that what we were able to find in the first two to three weeks of using Mythos was what would have taken the researchers perhaps a full year of manual penetration testing.
Second, while it was able to find multiple vulnerabilities – low, medium, high, and critical – the model’s ability to chain multiple vulnerabilities into an attack path was quite interesting in terms of how it was able to do it. I think as we’ve started using these models more, and certainly building the right harnesses around them with our expertise, we’ve noticed that we’ve been able to find issues much faster. And then, of course, we were one of the first companies to release software patches generated with the help of Mythos.
What does this mean for customers?
This means customers will face a flood of risks as they have a lot of things to patch up. And I don’t think it will be that easy and straightforward because not every industry can move that fast, especially regulated industries. Let us take the example of manufacturing and healthcare. In some cases, they can’t even patch their endpoints easily. it is almost impossible. Secondly, it gives organizations an opportunity to address things that may have been left on the back burner. These include achieving a zero-trust state and implementing least-privilege access controls. They were always important, but for a variety of reasons – focus, time and funding – were not the top priority. Because, ultimately, the only way forward is to take control in real time.
How do you envision future attacks?
I think future attacks will not just be AI-assisted attacks. They are going to be operated autonomously by AI. And based on what we are seeing now, it is clear. So while patching and security hygiene remains important, ultimately you need to get to the point where you have real-time control, proper currency management, architecture, segmentation – all these things are done correctly. This is because you have to be not only reactive but also proactive in securing the organization.
For me, it’s a three-stage journey. First, address the vulnerability flood, which means patching endpoints, applications, and infrastructure. Second, upgrade your security controls, which are zero-trust state, secure browser, and endpoint controls. And third, move toward AI-powered security operations so you can do these things in real time.
How are AI and AI agents increasing security threats in enterprises?
When these agents are deployed at enterprise-grade scale, your risk will not only increase, but change. And the reason for this is that you will have uncontrolled agents. The frictionless deployment of agents through low-code platforms, no-code platforms, SaaS platforms, and enterprise platforms has begun to increase the number of agents. And as they connect to unauthenticated MCP servers, connect through new protocols like MCP and A2A, and invoke skills and execute tools at scale, these risks will change. And new attack vectors will emerge as agents interact with agents in ways that do not exist today.
To manage this huge scale of AI and all your governance risks, a centralized control plane and a centralized security plane are required. So all these AI interactions need to be funneled through an AI gateway, where we can create FinOps controls for an agent registry, runtime security, identity protection, institutional AI governance, full end-to-end agent observability, and token management. All of this led us to acquire Portkey because you need this new control layer.
What are some of the key threat factors affecting enterprises today?
I think of applications that include early-injection attacks, denial-of-service (DoS) attacks against models, device abuse, and excessive permissions. For example, we had a customer whose marketing team created agents that could go into Salesforce and read records to generate marketing leads. A very simple, great use case in some ways. Unfortunately, there was a problem. The agent had excessive permissions – it could delete Salesforce records. So these are all what we call posture issues. Of course, there will be identity risks. When an agent asks for permission to do something, the question is: Do I have permission to access that data, all data, or only the specific data needed for that task? And this is the type of control we are building in the AI ​​Gateway. The whole idea is that we want to secure the entire AI footprint without slowing down innovation. Customers today are not looking for a solution for the next six months. And if I don’t have governance, FinOps controls, observability, and runtime controls, it’s much harder for me to deploy it at scale than if I had 100,000 agents in the enterprise.
