Five Eyes intelligence agencies have issued a joint warning that frontier AI cyber threats have arrived, with the agencies saying the transformation timeline is now measured in months rather than years.
The warning comes as first frontier AI models are expected to be widely released within 2 to 3 months. Testing by the UK government's AI Security Institute found the Mythos model could exploit defences and systems 73% of the time.
Silicon Valley cyber security firm Palo Alto Networks, which has a market capitalisation of $220 billion, says AI-versus-AI defence is necessary to counter the threats. The company's Asia Pacific vice president of policy and government affairs, Nicole Quinn, told RNZ "it is a step change in capability and a step change in the way it can identify gaps that can enable the bad guys to get in".
More than 250 Palo Alto Networks engineers have been working on frontier AI since April. The company discovered software vulnerabilities in 2 weeks that would have taken their top penetration team more than a year to find.
Palo Alto Networks says more software vulnerabilities are expected to be published in the next 6 to 12 months than in the entire past decade. The advanced models can locate and combine low-priority vulnerabilities to create attacks, changing traditional patching priorities that focused only on the most critical flaws.
"Are we going to have to patch everything? How do we prioritise?" Quinn said.
Palo Alto Networks has deployed AI to locate and patch vulnerabilities in 9 minutes that a bad actor could find in 1 hour, where this previously took days or weeks. The US cyber defence agency has shortened deadlines for addressing serious vulnerabilities to 3 days.
Quinn said human operators would need to shift from being in the loop to supervising AI defence systems. "That's where we at Palo Alto Networks are saying, you really need machine on machine, because the human in the loop to patch is going to be too slow, is not going to be able to keep up. Whereas we actually need AI fighting AI, which is a significant change in the way that we've traditionally done things."
New Zealand's National Cyber Security Centre received access to Mythos a few weeks ago after Palo Alto Networks provided earlier advice on frontier AI threats. The NCSC and Five Eyes counterparts are communicating both the new threat and that frontier AI can enable new defences.