Palo Alto Networks, one of the largest cybersecurity companies on the planet, just turned the most advanced AI models in existence against its own products. The result: 75 vulnerabilities discovered in a matter of weeks, more than seven times what the company typically finds in a month through traditional security testing.

The company used Anthropic's Mythos and OpenAI's GPT-5.5-Cyber to scan its codebase, according to Axios and CNBC reports published Tuesday. The findings confirm what cybersecurity leaders have been warning about for months: frontier AI models are fundamentally changing the vulnerability landscape, and the companies that deploy them defensively will survive. The ones that don't will be taken apart.

A Narrow Window Before the Attackers Catch Up

Palo Alto Networks CTO Lee Klarich told CNBC there is now a "narrow window" for defenders to find and fix vulnerabilities before attackers use the same AI tools offensively. He warned that AI-driven cyberattacks will become the "new norm" within months, not years. The models that are currently finding bugs for defenders will inevitably be used to exploit those same categories of bugs by adversaries.

Microsoft disclosed similar results this week. Its internal MDASH AI system discovered 16 of the vulnerabilities addressed in the company's May Patch Tuesday release. That is a significant portion of a major monthly security update being found not by human researchers or external bug bounty hunters, but by an AI model scanning Microsoft's own code.

The Banking Sector Is Already Scrambling

The Palo Alto and Microsoft disclosures follow a Reuters exclusive on Monday reporting that major U.S. banks with access to Anthropic's Mythos through Project Glasswing are uncovering thousands of vulnerabilities in their own systems. JPMorgan Chase, Goldman Sachs, Citigroup, Bank of America, and Morgan Stanley are among the institutions with direct Mythos access, and they are now sharing findings with smaller banks that cannot afford the model's cost, which runs five times higher than Anthropic's Opus 4.7.

Anthropic is offering $100 million in credits to Glasswing partners and other Mythos customers, while directing smaller firms toward Claude Security for broader vulnerability scanning. The urgency is real: banks have days, not weeks, to patch the flaws being surfaced.

The Arms Race Enters a New Phase

What is emerging is a two-tier cybersecurity landscape. Companies with access to frontier AI models can find and fix vulnerabilities at machine speed. Everyone else is relying on patch cycles and manual review that were designed for a pre-AI threat environment. Palo Alto is integrating OpenAI's Daybreak platform into its Frontier AI Defense product. CrowdStrike is wiring it into Charlotte AI AgentWorks. Cisco's Anthony Grieco is backing both Daybreak and Anthropic's Glasswing.

The message from the largest cybersecurity companies on Earth is unanimous: AI has permanently changed the game. The question is no longer whether AI-driven attacks are coming. It is whether organizations can deploy AI defense fast enough to stay ahead of the curve.

Originally reported by CNBC and Axios. Additional reporting from SecurityWeek and Reuters.