Town Hall Insights

Frontier AI — The New Attack Landscape

Vancouver, BC CIO & CISO Community

Michelle Evans

Director, Information Systems

FortisBC

Discussion leader

Momchil Karov

Director, Information Security

Vancouver Community College

Discussion leader

Bob Clark

Senior Vice President, Business Technology

Anthem Properties Group

Discussion leader

Victor Tavares

Sr. Director Solutions Consulting

Palo Alto Networks

Moderator

June 2026

Frontier AI models now identify and weaponize vulnerabilities in near-real-time, collapsing traditional defense timelines. As these capabilities shift from theory to autonomous exploitation, the industry must pivot toward proactive remediation. How can IT and security leaders implement AI-driven “find and fix” strategies and bolster their defense?

CISOs and CIOs in our Vancouver, BC Community gathered recently for a Town Hall discussion that explored the essential security frameworks required to defend against machine-speed adversaries. Victor Tavares, Sr. Director of Solutions Consulting at Palo Alto Networks, moderated the discussion, and community members Michelle Evans, Director, Information Systems at FortisBC, Momchil Karov, Director, Information Security at Vancouver Community College, and Bob Clark, Senior Vice President, Business Technology at Anthem Properties Group, led the peer group discussions.

The Town Hall discussion highlighted three critical areas for IT and security leaders: the overwhelming pace of vulnerability discovery and patching, the increased threat of inside-out supply chain attacks, and the rise of AI-assisted and autonomous attacks. CIOs and CISOs explored actions they can take immediately and iteratively to address these evolving risks, including scrutinizing open-source and third-party code, adopting a prevention-first security architecture, and upgrading security operations to real-time, automated responses. 

Here are highlights of the discussion:

  • IT and security leaders are adapting to a threat timeline that is greatly compressed by AI.

CIOs and CISOs shared that they are accelerating their response timelines to address AI-driven threats, aiming to move from days to near-immediate action. Continuous vulnerability scanning and automated penetration testing are becoming standard practices, especially following major patch releases. One CIO noted that “the patching conversation is absolutely top of mind.” Another executive shared that there are risks to doing it quickly, but “if you don’t, then you are increasing your exposure.”

Executives are also focused on reducing the attack surface with one CISO sharing that they are evaluating “whether we need legacy technology and tools or whether they are just another exposure point.” Some leaders discussed the unique risks posed by operational technology (OT) environments, which require more granular controls and a deeper understanding of network traffic and device requirements. 

Many companies are also strengthening their collaboration with vendors and partners, acknowledging that attacks can unfold in hours, while response coordination often takes days. As one CIO said, “Making the [response] timeline shorter is the only option.” Some leaders are adopting behavior-based monitoring over traditional signature-based approaches, as many breaches originate from compromised individuals or contractors. The supply chain is increasingly targeted, with smaller partners and customers experiencing more frequent attacks. 

In addition, executives believe that this compressed timeline for attacks and responses requires a mindset shift “to assume breaches are inevitable,” as one explained. Their focus is on robust post-breach strategies to minimize collateral damage. 
 

  • CIOs and CISOs are implementing advanced cybersecurity frameworks to counter the emerging scale of AI-driven threats.

IT and security executives are responding to the accelerated pace of AI-driven attacks by embedding AI considerations directly into their cybersecurity frameworks and focusing on reducing the time “between identifying an incident and triage and corrective action,” as one leader noted. For some executives, there is a shift toward enabling automatic responses, such as quarantining devices immediately, to contain threats.

Organizations are also placing more emphasis on cyber resiliency and business continuity, conducting more robust disaster recovery testing, and preparing business units for the potential of longer operational gaps. “Our business hasn’t expected a long gap… we are starting that conversation with the business of saying – this may take some time,” one executive shared. 

Collaboration across IT, cybersecurity, and business functions is increasing, with more attention paid to learning from incidents and addressing vulnerabilities holistically. Companies are also “going back to the basics,” as one executive noted, with another adding, “It’s about good cyber hygiene.” Executives are adopting cloud solutions for faster patching, leveraging AI for phishing defense and security awareness, and demanding greater due diligence from vendors, with one executive emphasizing the importance of “leveraging the frontier AI models to find the lower level vulnerabilities.”
 

  • Executives are strategizing on how to communicate AI risks and vulnerabilities to the Board.

CIOs and CISOs are prioritizing clear, contextual communication with CEOs and Boards to ensure a shared understanding of the new risks posed by AI adoption. They emphasize the importance of “educating up,” simplifying messages, and making sure that “when we’re going to the well, we’re articulating the risk with context that the audience can understand,” as one CISO said. 

Boards are being asked to vet and approve AI acceptable use policies, and there is a strong focus on “securing by design” as organizations implement AI. Leaders are also stressing the need for balance – adopting AI quickly can increase risk, and it’s critical that Boards understand not just the opportunities, but also what needs to be done to implement AI securely.

Investment in risk mitigation and defense is lagging behind the pace of AI adoption, making it even more important for IT and security leaders to clearly address Board concerns and demonstrate how spending aligns with risk reduction. As one executive explained, “Risk is almost the driver of all these conversations.” It’s essential to articulate those risks in a way that resonates at the highest levels with messages that are focused and accessible, ensuring buy-in for the resources and strategies needed to protect the organization as AI-driven threats evolve.
 

The overarching narrative among the CIOs and CISOs in the discussion is that the threat timeline has dramatically shortened due to AI, rendering traditional, human-centered security programs and response tools insufficient. Incident response plans and playbooks must evolve to keep pace with this new reality. Embracing rapid change and preparing for the inevitable disruptions is essential, even though the transition is expected to be challenging and unpredictable.

To collaborate with your CIO and CISO peers on defending against adversaries and other security issues, apply to join a CIO or CISO community. If you are already a community member, sign in to the app to find upcoming opportunities to connect with your peers.
 

Hosted by Palo Alto Networks


Suggested content