Key Takeaways
- Multiple findings show that AI is moving faster than security can keep up, and it's creating paths along the way.
- The best way to sort through the myriad of alerts most dashboards are getting is to know which ones are actual threats.
- A cybersecurity expert weighs in and shares how to best spot the issues that actually require attention.
Palo Alto Networks usually doesn’t find much in its monthly security sweeps — fewer than five CVEs on average, in fact. But when it put frontier models from Anthropic and OpenAI to work, they found 26 CVEs and 75 total vulnerabilities across more than 130 of Palo Alto’s products.
But — because there’s always a “but” — the company also found that these models are capable of finding vulnerabilities and turning them into massive exploit paths in almost real time.
Palo Alto Found Far More Bugs With AI Scanning
Frontier models helped surface 75 issues across 130+ products.
"While incredibly powerful, AI models aren’t simply magic. To achieve high-fidelity results, you need to build AI scanning harnesses, leverage context, guardrails and threat intelligence," Palto Alto wrote, subsequently warning that all AI needs a level of management from actual people.
These findings make sense when you look at the wider industry lens. Almost everywhere, security teams are getting better at finding vulnerabilities than fixing them.
As security agents, they're built to scan huge systems — massive codebases, surface vulnerabilities, and connect flaws across systems faster than most human teams could manage on their own in the same amount of time.
This is the exact thing that providers need to be careful of when introducing agentic AI into their setups. We've seen many times how just one missed issue can spread fast in managed systems, whether it's shared hosting, WordPress hosting, control panels, APIs, or multitenant platforms.
Security's Moving Fast, But Not Fast Enough
This is a problem that most security providers are attempting to solve, from exposure management vendors like Tenable and Qualys to cloud security platforms like Wiz.
Another is HackerOne, whose CPO, Nidhi Aggarwal, told us that its platform observed vulnerabilities grew 76% YoY, reaching a record high in March.
So while what PAN and HackerOne found may be completely unrelated, they both kind of suggest the same thing: Vulnerability discovery is getting much faster and much harder to keep up with, or even catch up with in many cases. HackerOne also found that while the time to remediate dropped by 80%, unresolved issues grew 21x.
“The main issue is that traditional triage workflows don’t scale to that volume,” Aggarwal said.
No kidding: Research outside of HackerOne's consistently shows that attackers use botnets and automation to move at machine speed. Defenders have AI tools of their own now, but what's the point if the remediation process can't even keep up? And forget about it in shared environments — whether that's the platform, panel, or an API, can affect every single other tenant.
“If thousands of findings come in overnight, and roughly a quarter of them are potentially exploitable, you can’t process them one by one without creating a backlog. That’s how teams end up falling behind," Aggarwal said.
Say you do wake up to thousands of issues overnight. Do you have the bandwidth to run through them one by one? Probably not, which is exactly the job that models like Mythos and Cyber are trying to fill.
Still, AI doesn't always know which issues are more urgent than others.
So Aggarwal's advice is very simple. Accept that you can't do everything, every time. And that's not always a bad thing, considering that HackerOne found that only 25% of reports were actually dangerous.
"Instead of treating every finding equally, teams need a way to quickly determine which issues are actually exploitable in their environment," she said.
As in, not every reported vulnerability is equally dangerous or worth the same amount of time, so you want to prioritize.
“For hosting providers, that means the focus has to be on which vulnerabilities can actually be used in their environment, especially when shared infrastructure is involved. A long list of findings does not tell a team what to fix first. Validated exploitability does.”
What To Do When Not Every Alert Is the Same
First, look for patterns.
"When the same types of vulnerabilities show up at scale, fixing them individually won't keep up," Aggarwal warned. "Those are indicators that something needs to change in how systems are designed or configured."
When you find that, fix the process so it's cleaner. And lastly, Aggarwal says, most of all, just simplify your processes. Companies need to remove unnecessary steps and make it easier for teams to act on the vulnerabilities that actually matter. Call it tool sprawl or too many cooks in the kitchen — the point is the same.
“Simplifying workflows and reducing delays between teams can have a meaningful impact without requiring additional headcount,” Aggarwal said. “The goal is to concentrate effort where it reduces real risk, instead of just activity.”
