Menu

Menu

Menu

Menu

Menu

Menu

Menu

Menu

Menu

Loading Results

Find it first: Frontier AI defense before the window closes
Main decorative image
  • May 20, 2026

Frontier AI just changed what's possible in vulnerability discovery. The same capability is months away from being commonplace, including in the hands of attackers. PwC and Palo Alto Networks are working on bringing it to defenders first.

Key takeaways:

  • The organizations that act now can see their exposures, know immediately how to harden against them, and match the tempo of frontier models.
  • PwC and Palo Alto Networks Unit 42 Frontier AI Defense service plan to deliver a three-step approach to help move organizations from discovery to continuous defense.
  • CISOs don’t need to start over; they should act now with what they have.

A new threshold in vulnerability discovery

The latest frontier AI models have crossed a line. They're often exceptionally good at finding software flaws, chaining lower-severity issues into critical exploit paths, and surfacing logic vulnerabilities that traditional tools can miss. They can reason across the overall application stacks, including SaaS and public-facing platforms, at a depth that previously may not have been possible. Each model generation finds more, faster, and the gap between what frontier AI can surface, and what conventional defenses can absorb keeps widening.

These capabilities won't stay with frontier labs. Open source is closing the gap fast. Models built outside any guardrail won't be far behind. Within months, the same caliber of capability available to defenders today will be available to adversaries at scale, and the generation after that will likely be more capable.

The attack surface is expanding from the inside

While frontier models reshape what attackers can find, organizations are reshaping what's there to be found. AI-assisted development is democratizing asset creation, extending coding, configuration, and integration work far beyond traditionally trained engineers. More people are shipping more code, more APIs, and more cloud and SaaS configurations than ever before, often without a security review in the loop.

The result is a generation of new exposures that Palo Alto Networks and PwC are exploring in the field:

  • Over-permissioned identities quietly accumulating access far beyond what any role requires
  • Insecure APIs stood up quickly and rarely revisited
  • Insufficiently managed SaaS sprawl, with shadow integrations and unclear data flows
  • Model misuse, where production AI systems are used in ways their designers didn't anticipate
  • Prompt injection and other AI-native attack patterns that bypass traditional controls entirely.

The defender's window

Defenders currently have an advantage that may not last. Advanced frontier models are available to security teams today. The organizations that act now can know where their exposures are, fix what matters, and harden what they can't fix in time. The organizations that wait will likely discover their vulnerabilities after attackers do.

How we can help you move first

Are your defenses ready for AI-enabled attacks? That's the question Palo Alto Networks Unit 42 Frontier AI Defense, soon to be offered with PwC, plans to answer. It’s a three-step approach that plans to use frontier AI on your side of the fence, then turn the findings into remediation and defense-in-depth activation.

Led by Unit 42, this is being viewed as a fast-track sprint using a purpose-built AI harness, paired with a frontier model, offensive security expertise, and Unit 42 threat intelligence.

You bring the inputs: attack surface, internal targets, custom apps, source code, runtime logs, and cyber telemetry. Unit 42 will return the exposures more likely to be chained into a real attack. This will include a prioritized view of what to fix first, assess proof of concept and attack chains, and runtime telemetry evidence to back it up.

You can get a clear picture of what frontier AI looks like in your environment, before someone else gets there first.

The frontier AI exposure analysis surfaces what matters more. From there, PwC is aiming to widen discovery across the five domains where frontier-class attacks tend to land: attack surface management, identity, software supply chain, network security, and security operations. PwC can then help turn their sprint’s findings into an actionable program.

The result can be a roadmap calibrated to what frontier-AI defense requires:

  • Where to remediate and where to activate containment around exposures you can't patch in time.
  • What should change operationally when attack cycle times collapse into minutes.
  • A prioritized plan and a program direction that holds up as the threat keeps moving.

The roadmap will turn into operating capability across your stack. PwC will engineer, integrate, and enable governance for frontier-AI defense inside your environment, connected to your controls and operating under your authority.

This plan includes an agentic-forward approach to vulnerability operations, where discovery, remediation, and assessment happen continuously rather than in patch cycles. AI-enabled triage, containment, and response will bring detection and response times into single-digit minutes. Defense-in-depth will be orchestrated across the technology stack. With governance and controls for AI agents, autonomy will operate inside clear policy and a clean audit trail.

The outcomes: A continuous AI-native exposure management capability, built to defend against frontier AI threats, deployed agentic cyber defense capabilities, and an operating model and risk reporting framework built for what comes next.

Why this exists now

A frontier AI-ready security program requires two things working together: an offensive AI capability that knows how to ask the necessary questions, and a path to turn what it finds into operational change. PwC and Palo Alto Networks is aiming to bring both to the defender's side of the line now.

What this means for security leaders

You don't need to scrap what you've built. You should run frontier AI through the program you've already invested in, before someone else runs it through your environment from the outside.

For CISOs and their boards, that can mean:

  • A path to find your more exploitable exposures now, with the same caliber of capability adversaries plan to have soon.
  • Faster, more confident activation of defense-in-depth across the controls you already own contains the exposures you can't patch in time.
  • A continuous-improvement posture absorbs the next generation of AI capabilities through your existing infrastructure rather than waiting on the next procurement cycle.
  • Response-readiness for the vulnerabilities you don't find first: those disclosed by security researchers, reported through bug bounty programs, leaked by gray-hat actors, or actively exploited by adversaries.
  • Your teams respond in minutes rather than days, regardless of who got there first, with advanced AI applied under clear governance and human oversight, demonstrating adherence to evolving standards of care.

The window is still open

AI is one of the biggest security challenges since enterprises moved to the cloud. Within months, frontier capabilities can be in the hands of attackers at scale. The organizations that move first are often the ones that know they're exposed, have activated containment, and operate at frontier-model tempo. The organizations that wait will likely have to respond under maximum pressure with no notice.

{{filterContent.facetedTitle}}

Contact us

Morgan Adamski

Morgan Adamski

Principal, Deputy Platform Leader, Cyber, Data, and Tech Risk, PwC US

Email
Harshul Joshi

Harshul Joshi

Principal, Cyber, Data, and Tech Risk, PwC US

Email
Todd Carey

Todd Carey

Principal, Cyber, Data, and Tech Risk, PwC US

Email
Norbert Vas

Norbert Vas

Director, Cyber, Data, and Tech Risk, PwC US

Email
Follow us

Required fields are marked with an asterisk(*)

I agree PwC can email me about its insights, newsletters, events, services, products, and offerings.*

Your personal information will be handled in accordance with our Privacy Statement. You can update your communication preferences at any time by clicking the unsubscribe link in a PwC email or by submitting a request as outlined in our Privacy Statement.

Hide

© 2017 - 2026 PwC. All rights reserved. PwC refers to the PwC network and/or one or more of its member firms, each of which is a separate legal entity. Please see www.pwc.com/structure for further details.