Businesses are running out of time. That’s the urgent message from Palo Alto Networks Chief Technology Officer Lee Klarich, who warns that organizations have a narrow three-to-five-month window to fortify their cybersecurity defenses before AI-driven cyberattacks become standard practice among hackers.
“We now estimate a narrow three-to-five-month window for organizations to outpace the adversary before AI-driven exploits start to become the new norm,” Klarich wrote in a recent blog post, signaling a critical inflection point for enterprise security teams worldwide.
The Growing Threat Landscape
Sophisticated AI models are dramatically lowering the barrier for cybercriminals, enabling them to identify and exploit previously unknown software vulnerabilities at unprecedented speed and scale. Google recently disclosed it had intervened to stop an attempt to weaponize AI for mass exploitation — a stark indicator of how quickly the threat environment is evolving. Hackers are already deploying available tools to probe and exploit software flaws before security teams can respond.
Industry Leaders Race to Close the Gap
The urgency has prompted major players to act fast. Last month, Anthropic restricted the rollout of its Mythos model to a select group of companies — including Palo Alto Networks, CrowdStrike, Amazon, Apple, and JPMorgan — specifically to identify and patch vulnerabilities before malicious actors could take advantage. OpenAI similarly entered the space, announcing its GPT-5.5-Cyber model focused on cybersecurity applications.
The window is closing fast. Security experts broadly agree that organizations that delay upgrading their AI-powered defenses risk being outpaced by adversaries who are already ahead of the curve. The time to act is now.