Normal view

Received today — 10 July 2026 Palo Alto Networks Blog

New Executive Order Accelerates Post-Quantum Readiness Amid the Cryptographic Reset

24 June 2026 at 01:30

The White House Executive Order on securing the nation against advanced cryptographic attacks accelerates the mandatory timeline for post-quantum readiness.

For years, post-quantum cryptography has been discussed as an important, yet abstract future technical migration. Because of the uncertain timeline for quantum computing, it has been difficult for most organizations to prioritize quantum readiness against more immediate security demands.

That is changing.

Signed on June 22, 2026, the Executive Order mandates the transition of federal information systems to post-quantum cryptography and establishes a national policy to migrate them to NIST-approved standards. It also extends the urgency beyond government by directing support for critical infrastructure owners and operators, advancing requirements for federal contractors, and calling for cryptographic bill of materials guidance.

The order directly addresses harvest now, decrypt later risk and sets transition milestones for federal high-value assets and high-impact systems: 2030 for key establishment and 2031 for digital signatures.

While the order directly applies to U.S. Federal civilian agencies, it should be seen as a signal of broader policy and procurement momentum. Organizations that do business with the government, support critical infrastructure, or operate in regulated industries such as energy, financial services, and healthcare should expect post-quantum readiness expectations to accelerate.

Quantum risk has shifted from a long-term research concern to a national cybersecurity priority tied to sensitive data, critical infrastructure, federal systems, procurement, and the broader digital economy. For security teams, the challenge now is turning that urgency into an operational plan.

Operationalizing the quantum mandate

As quantum computing advances, widely used public-key cryptography will become vulnerable to future attacks. Even before a cryptographically relevant quantum computer exists, adversaries can capture encrypted data now with the goal of decrypting it later.

This “harvest now, decrypt later” risk is especially concerning for organizations that protect sensitive information with a long shelf life. The response cannot wait until the threat fully materializes.

The broader ripple effect matters because compliance alone will not equal readiness. As requirements flow into federal acquisition rules and contractor obligations, the vendor ecosystem will be pushed to support quantum-safe capabilities in the products and services that enterprises, critical infrastructure organizations, and regulated industries rely on.

Adding support for post-quantum algorithms is not the same as safely migrating to them. Support means a system can use new algorithms. Readiness means the organization knows where cryptography exists, which systems are exposed, which dependencies matter most, and how to execute changes without creating disruption or new risk.

That matters because post-quantum migration can affect more than cryptographic libraries. Larger cryptographic objects, new protocol behaviors, hybrid modes, hardware acceleration requirements, interoperability constraints, and legacy system limitations can create real performance, availability, and compatibility challenges if changes are made blindly.

This is why cryptographic visibility must lead to actionable migration planning.

Security teams cannot migrate what they cannot see. But visibility by itself is not enough. They also need to classify exposure, prioritize high-value systems and long-lived data, understand operational dependencies, and plan changes in a way that avoids disruption, downgrade risk, or incomplete migration.

Cryptographic bill of materials guidance will be an important step toward mapping cryptographic assets. But a CBOM should be the starting point, not the finish line. An inventory can show where cryptography exists, but readiness requires understanding business impact, migration complexity, interoperability risk, ownership, and the order in which changes should happen.

Post-quantum readiness is not just an algorithm swap. It is an operating model for managing cryptographic change at scale.

Five actions for post-quantum readiness

The path forward starts with five practical actions.

  • First, see cryptographic exposure. Organizations must gain visibility into cryptographic usage across all environments to mitigate the risks associated with undocumented encryption.
  • Second, prioritize what matters most. Cryptographic exposure varies in urgency. Organizations should prioritize protecting authentication, high-value assets, and long-lived sensitive data based on risk and business impact.
  • Third, modernize trust infrastructure. Existing systems rely on fixed cryptographic assumptions. Post-quantum readiness demands flexible infrastructure and trust services that support evolving standards.
  • Fourth, automate cryptographic change. Manual tracking with spreadsheets provides an incomplete, point-in-time snapshot that quickly becomes outdated and is insufficient for the coming changes. Automation allows organizations to manage cryptographic updates and trust operations in a consistent, controlled manner.
  • Fifth, govern readiness over time. Post-quantum migration requires continuous governance to track progress, align ownership, and adapt to evolving threats and standards.

These actions help security leaders move from awareness to readiness.

What this means for cybersecurity now

The Cryptographic Reset is already underway, driven by post-quantum risk, shorter certificate lifecycles, machine identity growth, fragmented cryptographic ownership, CA distrust events, and expanding digital infrastructure.

The organizations that move first will not simply be the ones that adopt new algorithms the fastest. They will be the ones that build the visibility, operating model, and governance needed to manage cryptographic change continuously.

Take the next step

Read the guide: The Post-Quantum Readiness Race Is On: Five Actions Security Leaders Can Take to Accelerate Crypto Agility.

More resources

The post New Executive Order Accelerates Post-Quantum Readiness Amid the Cryptographic Reset appeared first on Palo Alto Networks Blog.

Received — 8 June 2026 Palo Alto Networks Blog

How AI and Evasion Demand a Radical Shift in Network Threat Prevention

The Future of Threat Defense Resides at the IP Layer

For years, network security operated on a relatively predictable premise: inspect traffic, identify malicious content, and block it. Because deep content inspection created a seemingly robust defense in depth, relatively static legacy approaches—like reliance on threat intelligence feeds—were allowed to simply persist in the background.

The weaponization of agentic AI and highly evasive techniques has fundamentally shattered that model. Attackers are no longer just iterating on old threats. They are launching attacks at staggering velocity, completely outpacing threat feeds, and employing evasion tactics that actively starve legacy prevention solutions of the content they rely on to inspect.

Our new research report from Unit 42, Attackers Are Evading Threat Prevention at the Internet Edge, reveals how adversaries are actively exploiting the contextual vacuum at the IP layer to bypass standard security controls. For security leaders, understanding this shift is no longer optional. As the nature of the threat fundamentally changes, our strategic approach to network security must definitively change with it.

The AI-Accelerated, Evasive Attack Lifecycle

To understand why legacy defenses are failing, we must look at how adversaries are accelerating and obfuscating every stage of the attack lifecycle. As these threats progress, the commonly used network indicators we have long relied upon are vanishing, collapsing traditional defenses and leaving defenders with little to act on.

Powered by frontier AI, adversaries now automate reconnaissance and exploitation at huge scale and speed, while using anonymizers to mask their intent. Once an intrusion is launched, orchestration shifts to highly evasive command and control (C2). Attackers hide communications using advanced encryption and AI-built malware-less techniques. They’re also bypassing traditional web and DNS inspection entirely by routing traffic directly to IP addresses—a tactic Unit 42 found in 23% of modern malware

Ultimately, the takeaway is clear: network threat prevention can no longer rely solely on detecting malicious payloads. As AI-driven attacks continue to minimize their footprint, security strategies must augment content inspection with real-time IP layer monitoring to left-shift threat detection and counter these rapid, machine-speed threats at the network foundation.

Existing Approaches Aren’t Working

Where content-based detection falls short, many security vendors and organizations still rely on IP threat intelligence feeds to pick up the slack in an attempt to filter out malicious connections on the network layer. However, after years of operating under this model, the results are in—the traditional feed is showing its age.

Attackers have long relied on proxies, anonymizers, residential routers and public cloud providers as a tactic to evade detection. However, agentic AI morphs this process, enabling rapid infrastructure rotation and stealth at an unprecedented scale. As this autonomous evasion accelerates, experienced network defenders continue to run into the well-known limitations of classic IP blocklists:

  • Too slow to keep pace: Unit 42 found an average 20-day lag time before new threats hit popular feeds. Because agentic AI enables adversaries to autonomously rotate proxy IPs in hours, these lists are obsolete at the moment of delivery.
  • Fundamentally incomplete: IP feeds are unable to see a massive portion of the modern attack surface. Unit 42 research indicates that 52% of malicious IPs used for direct-to-IP connections are completely absent from these lists.
  • Unactionable on shared infrastructure: Even known threats are often impossible to block. The Unit 42 team reports that 37% of direct-to-IP traffic uses reputable CDNs and cloud providers. IP feeds cannot distinguish malicious connections from legitimate ones, making blocking too risky for business continuity.
  • A management nightmare: Among the security teams that Unit 42 polled, 30% indicate resource-intensive vetting and false-positive triage as their top pain point. To avoid breaking legitimate traffic, feeds are frequently relegated to an alert-only mode, defeating the entire purpose of prevention.

If modern and agentic AI-enabled attacks can outrun traditional network payload-based detections, we need a new weapon in the network defender’s arsenal. We can no longer depend on yesterday’s IP feeds to secure such an extremely agile threat environment.

The Blueprint for Modernizing the Internet Edge

To outpace the impact of agentic AI and advanced evasion on network threat prevention, security leaders must redefine their defense strategy and shift-left to track the attacker infrastructure itself—monitoring the exact IP layer locations where adversaries build and control their campaigns. Deep content inspection remains essential, but securing the modern edge requires establishing the context and intent of a connection before a session is established.

To achieve this goal, organizations must move beyond the limitations of static defense and adopt a modern security blueprint:

  • Proactive protection against attacker infrastructure: While high-quality threat feeds remain essential for SOC investigations and incident response, relying on them for frontline, real-time prevention creates major blind spots. Instead, security teams must use real-world, global telemetry to proactively identify and block connections to attacker-controlled hosts before requesting a URL or file.
  • Zero trust principles applied to the network layer: An IP address without a negative reputation does not equal a safe connection. Continuous verification requires extending zero trust down to the network foundation. It validates the real-time behavior and intent of every single session to ensure attackers cannot hide in the contextual vacuum of the IP layer.  
  • Reducing the attack surface with rich contextual attributes: Traditional IP blocking is like a blunt instrument that creates unacceptable false positives and alert fatigue. To modernize the edge, security teams need deep, attribute-based visibility across the entire Internet address space to reduce noise and replace legacy IP feeds entirely.  

By moving away from point-in-time assumptions and embracing real-time, inline protection, security leaders can reclaim the advantage at the network foundation.

To see how these evasion tactics operate in the wild, read the latest Unit 42 report, Attackers Are Evading Threat Prevention at the Internet Edge. You’ll find this report valuable in understanding the systemic gaps in legacy risk models and learning why continuous verification must be our new mandate.

The post How AI and Evasion Demand a Radical Shift in Network Threat Prevention appeared first on Palo Alto Networks Blog.

Received — 11 May 2026 Palo Alto Networks Blog

Securing and Governing AI Agents At Scale Through A Unified AI Gateway

29 May 2026 at 10:00

Palo Alto Networks Completes Acquisition of Portkey

We are pleased to announce that Palo Alto Networks has officially completed the acquisition of Portkey. 

We are moving from vision to reality by integrating Portkey’s pioneering AI Gateway directly into the fabric of the Palo Alto Networks product portfolio. Prisma AIRS AI Gateway will provide a unified vantage point to secure and govern AI agents at scale, offering a mission-critical control plane to identify, authenticate and authorize every agentic interaction in real time.  

We are delivering the industry’s most comprehensive security and unified control framework for the agentic enterprise, enabling our customers to scale autonomous AI workloads with complete confidence.

The era of the AI Enterprise has arrived. Today, 81% of enterprises are piloting the use of AI agents or have fully implemented AI agent solutions. We aren't just talking about smart chatbots. We are talking about autonomous agents that execute.

By leveraging APIs and MCP servers, these agents navigate complex workflows, access sensitive data and make real-time, business-critical decisions. The question is no longer if companies will adopt AI agents, but how to securely operationalize them without putting the brakes on innovation. 

The Challenge: Expanding Attack Surfaces

AI agents are creating a new and largely invisible attack surface. The risk is not just their independence, but the lack of visibility and accountability. Without a centralized enforcement layer for operational and security controls, every team that deploys an agent may unintentionally expose the enterprise to unauthorized data access and heightened security risks.

To solve this, Palo Alto Networks is redefining security for the agentic era. We recently introduced Prisma AIRS™ 3.0, the industry’s first platform to secure the entire agentic AI lifecycle. Portkey's acquisition accelerates that momentum.

The Prisma AIRS AI Gateway: From Chaos to Control 

Portkey's AI Gateway will be integrated into Prisma AIRS to deliver the unified control plane that enterprises need to operationalise and secure AI apps and agents at scale.

Moving from “chaos to control” requires a centralized approach to governance. Currently, many AI initiatives are hindered by fragmented security and a lack of oversight. The AI Gateway solves this by providing a unified vantage point where organizations can enforce consistent policies across all models and agents, ensuring every interaction is identified, authenticated and authorized in real time within a single governing framework.

The Prisma AIRS AI Gateway will establish a mission-critical control plane for the agentic enterprise, enabling teams to move autonomous workloads from development into at-scale production with confidence. With operational features like a unified API to LLMs, an agent registry, semantic routing and caching, the AI Gateway equips enterprises with complete control in one platform. By serving as a centralized enforcement point at the center of Prisma AIRS for all agent traffic, the AI Gateway will provide critical security functions, including Agent Artifact scanning, automated Red Teaming and Runtime Security needed to monitor behavior, route requests and mitigate risks in real time. Crucially, the AI Gateway will reinforce Agent Identity Security via Idira (formerly CyberArk), applying strict protocols to ensure every autonomous action is authenticated and governed by least-privilege controls.

Our vision is for the Prisma AIRS AI Gateway to serve as the industry blueprint for enterprises in the agentic era. By making security a foundational component of the operational lifecycle, we are empowering enterprises to build and govern an AI ecosystem that is secure by design.

 

Secure All Agents with the Prisma AIRS AI Gateway

 

Why Portkey? The Pioneer in AI Gateways

  • Battle-Tested: Portkey’s AI Gateway is already supporting the demands of the modern enterprise, at scale, with several Fortune 500 customers, processing trillions of tokens per month with the low latency that is required for agent-to-agent communication. This ensures that agentic security does not come at the cost of developer speed or application performance. 
  • Architectural Simplicity: Portkey offers plug-and-play capabilities with just three lines of code required to implement the AI Gateway. The AI Gateway, powered by unified APIs, also provides secure access to over 3,000 LLMs, MCP servers and agents, giving enterprises a flying start to building and executing with AI agents.
  • Better Together: Palo Alto Networks and Portkey’s joint vision is to make Prisma AIRS the most ubiquitous platform for AI security. With exceptional AI security by Palo Alto Networks combined with Portkey’s AI Gateway, we will offer a comprehensive AI Security platform.

Prisma AIRS comprehensive AI App and agent security platform.

What’s Next?

The era of AI Enterprises is here. We’re making sure it is secure by design. The complexity of managing agents and securing them has long created friction in enterprises. With the integration of Portkey into Prisma AIRS, we will remove the trade-off between agent autonomy and authority. We are ensuring that as businesses accelerate into the era of autonomous agents, the security architecture isn’t just keeping up, it is setting the pace. 

Learn more about Prisma AIRS - the world’s most comprehensive AI security platform.

Forward-Looking Statements

This blog contains forward-looking statements that involve risks, uncertainties, and assumptions, including, but not limited to, statements regarding the anticipated benefits and impact of the acquisition of Portkey on Palo Alto Networks, Portkey and their customers. There are a significant number of factors that could cause actual results to differ materially from statements made in this blog, including, but not limited to: risks related to disruption of management time from ongoing business operations due to the acquisition and the integration of Portkey and other recent acquisitions; our ability to effectively operate Portkey's operations and business, integrate Portkey’s business and products into our products, and realize the anticipated synergies in the transaction in a timely manner or at all; changes in the fair value of our contingent consideration liability associated with acquisitions; developments and changes in general market, political, economic and business conditions; failure of our platformization product offerings; risks associated with managing our growth; risks associated with new product, subscription and support offerings; shifts in priorities or delays in the development or release of new product or subscription or other offerings or the failure to timely develop and achieve market acceptance of new products and subscriptions, as well as existing products, subscriptions and support offerings; failure of our product offerings or business strategies in general; defects, errors, or vulnerabilities in our products, subscriptions or support offerings; our customers’ purchasing decisions and the length of sales cycles; our ability to attract and retain new customers; developments and changes in general market, political, economic, and business conditions; our competition; our ability to acquire and integrate other companies, products, or technologies in a successful manner; our debt repayment obligations; and our share repurchase program, which may not be fully consummated or enhance shareholder value, and any share repurchases which could affect the price of our common stock.

Additional risks and uncertainties that could affect our financial results are included under the captions "Risk Factors" and "Management's Discussion and Analysis of Financial Condition and Results of Operations" in our Quarterly Report on Form 10-Q filed with the SEC on February 18, 2026, which is available on our website at investors.paloaltonetworks.com and on the SEC's website at www.sec.gov. Additional information will also be set forth in other filings that we make with the SEC from time to time. All forward-looking statements in this blog are based on information available to us as of the date hereof, and we do not assume any obligation to update the forward-looking statements provided to reflect events that occur or circumstances that exist after the date on which they were made.

The post Securing and Governing AI Agents At Scale Through A Unified AI Gateway appeared first on Palo Alto Networks Blog.

❌