In response to emerging threats from advanced frontier AI models, specifically Anthropic Claude Mythos, OpenAI GPT-5.4-Cyber and GPT-OSS-120b, Qwen3 32B, and Kimi K2, Pega has accelerated its long-term security strategy. That strategy is built around a prevention-first posture, grounded in a multi-layer security program and security-by-design practices. To address these threats directly, Pega has activated the following programs:

• Code assessment: Claude Opus 4.7 is being used to actively assess Pega's code for vulnerabilities.
• AI-native penetration testing: Xbow is run against Pega’s latest code release (n-1) and environments, identifying weaknesses.
• Attack surface reduction: Pega is migrating to Chainguard hardened container images, eliminating non-essential components and strengthening supply chain integrity.
• Independent validation: Engaging with TrustedSec to conduct an independent AI-led security assessment.

A core element is Pega’s dedicated 24/7 Cloud Security Operations Center (CSOC), which delivers continuous threat monitoring and incident response across all Pega Cloud services. These operational defenses are reinforced by strong AI governance, including Pega’s ISO/IEC 42001 certification for AI management systems, and by Pega’s commitment to data sovereignty. Pega’s architecture ensures client data is not used to train AI models.