Lee Klarich, chief product and technology officer at Palo Alto Networks, warned on May 22, 2026, that state and local government agencies face an imminent increase in AI-driven cyber threats. According to Klarich, who participates in early-access programs for models from Anthropic and OpenAI, emerging frontier AI systems exhibit extraordinary capabilities in identifying software vulnerabilities and generating automated exploits. Palo Alto Networks is currently testing Anthropic’s Mythos model via the Project Glasswing program and OpenAI’s latest technology through the Trusted Access for Cyber initiative. Testing reveals that Mythos possesses coding capabilities 50 percent more effective than prior iterations. In a two-week assessment, the model identified vulnerabilities that would typically require several years of manual penetration testing to uncover.

Klarich anticipates these advanced capabilities will reach widespread availability within three to five months as they permeate open source and international model ecosystems. This shift is expected to disrupt IT security by accelerating the entire lifecycle of a cyber attack. Organizations will likely face a significantly higher volume of security patches as software vendors race to address flaws identified by AI tools. This influx of patches creates a heightened risk of unpatched systems, which serve as primary entry points for attackers. Furthermore, these models are expected to increase supply chain risks by automating the scanning of millions of open source software packages to locate exploitable security gaps.

The timeline for cyber security response is projected to shrink drastically, with attackers capable of executing full-scale campaigns in minutes rather than hours or days. To mitigate these risks, Klarich urged agencies to prioritize the automation of patching processes and incident response. Palo Alto Networks is exploring virtual patching (automatically protecting systems without manual intervention) as a potential solution for overwhelmed IT teams. Agencies were also advised to accelerate the deployment of security technologies such as attack surface management, enhanced identity controls, and zero-trust strategies to replace remaining manual processes with AI-driven automation.

Lee Klarich, chief product and technology officer at Palo Alto Networks, warned on May 22, 2026, that state and local government agencies face an imminent increase in AI-driven cyber threats. According to Klarich, who participates in early-access programs for models from Anthropic and OpenAI, emerging frontier AI systems exhibit extraordinary capabilities in identifying software vulnerabilities and generating automated exploits. Palo Alto Networks is currently testing Anthropic’s Mythos model via the Project Glasswing program and OpenAI’s latest technology through the Trusted Access for Cyber initiative. Testing reveals that Mythos possesses coding capabilities 50 percent more effective than prior iterations. In a two-week assessment, the model identified vulnerabilities that would typically require several years of manual penetration testing to uncover.

Klarich anticipates these advanced capabilities will reach widespread availability within three to five months as they permeate open source and international model ecosystems. This shift is expected to disrupt IT security by accelerating the entire lifecycle of a cyber attack. Organizations will likely face a significantly higher volume of security patches as software vendors race to address flaws identified by AI tools. This influx of patches creates a heightened risk of unpatched systems, which serve as primary entry points for attackers. Furthermore, these models are expected to increase supply chain risks by automating the scanning of millions of open source software packages to locate exploitable security gaps.

The timeline for cyber security response is projected to shrink drastically, with attackers capable of executing full-scale campaigns in minutes rather than hours or days. To mitigate these risks, Klarich urged agencies to prioritize the automation of patching processes and incident response. Palo Alto Networks is exploring virtual patching (automatically protecting systems without manual intervention) as a potential solution for overwhelmed IT teams. Agencies were also advised to accelerate the deployment of security technologies such as attack surface management, enhanced identity controls, and zero-trust strategies to replace remaining manual processes with AI-driven automation.