The enterprise security landscape has reached an inflection point. As organizations accelerate adoption of cloud, automation and artificial intelligence, identity has become the primary attack surface of the modern enterprise. Not because defenses have weakened, but because identities have multiplied and now operate continuously at machine speed, often with elevated access.

When attackers succeed today, it almost always starts with identity. Identity is now the number one attack vector. Eighty-seven percent of organizations experienced at least two successful, identity-centric breaches in the past 12 months. These breaches can lead to outages, regulatory exposure, financial loss and reputational damage.

This reality is why today marks such a pivotal moment. CyberArk is officially joining Palo Alto Networks. This step reflects a shared conviction that identity security is no longer a supporting function. To stay ahead of modern attackers, organizations need best-in-class identity security that is deeply integrated into their broader security strategy.

The Reality of the Modern Identity Attack Surface

For years, identity security focused on a relatively small population of human users, administrators and periodic access reviews. That model no longer matches reality.

Today’s enterprises depend on vast numbers of machine identities, including workloads, services, APIs and increasingly, autonomous AI agents. Machine identities now outnumber human identities by more than 80 to 1, while 75 percent of organizations acknowledge that their human identities are governed by outdated, overly permissive privileged models.

Attackers have adapted. Rather than breaking in through vulnerabilities, they increasingly log in using stolen credentials or by exploiting excessive, poorly governed access. Identity-based attacks have become the dominant breach vector because identity sprawl and standing privilege create opportunities that are difficult to detect with traditional tools.

Yet many identity programs remain fragmented. Access management, privileged access and governance often operate in silos, with delayed visibility and manual processes. Risk accumulates silently between reviews, leaving security teams reacting after the fact.

This is the problem CyberArk was built to solve.

Why Identity Security Must Be Continuous

Securing identities in this environment requires a fundamentally different approach. Identity risk changes constantly as new identities are created, permissions shift and systems scale dynamically. Controls must operate continuously, not episodically.

This means three things:

First, organizations need real-time visibility into who or what has access to critical systems across human, machine and AI identities.

Second, privilege must be applied dynamically. Access should be granted only when needed and removed automatically when it is no longer required. Standing privilege should be the exception, not the norm.

Third, governance must evolve from periodic compliance exercises to continuous enforcement that adapts as environments change.

This is the identity security vision that has guided CyberArk for decades and why joining Palo Alto Networks is such a natural next step.

Elevating Identity to a Core Platform

As part of Palo Alto Networks, CyberArk elevates identity security to a core platform pillar.

CyberArk’s Identity Security Platform is proven at enterprise scale and trusted to protect some of the world’s most critical environments. Our approach extends privileged access principles beyond a narrow set of administrators to every identity that matters.

By treating every identity as potentially privileged, organizations can dramatically reduce their attack surface. Excessive access is identified. Unnecessary privilege is removed. Attackers lose the ability to move laterally by using stolen credentials.

Elevating identity security to a platform level also enables tighter alignment with network security, cloud security and security operations. Identity becomes a powerful control plane that informs policy enforcement, detection and response across the enterprise, delivering a more complete and actionable view of risk.

Securing the AI-Driven Enterprise

This shift is especially critical as organizations deploy AI-driven systems and autonomous agents.

These systems often require persistent access to sensitive data and infrastructure, making them attractive targets for attackers and difficult to govern with legacy identity models. Most enterprises today lack effective identity security controls for machine and AI-driven systems, leaving these identities overprivileged and undergoverned.

Applying privileged access principles universally enables organizations to secure AI-driven environments without slowing innovation. Identity security becomes the trust layer that allows enterprises to scale AI responsibly, ensuring access is controlled, monitored and adjusted dynamically as systems evolve.

What This Means for Customers

For customers, elevating identity security to a core platform delivers tangible outcomes.

Organizations gain clearer insight into identity access and risk across human, machine and agentic identities. They gain stronger protection against credential-based attacks by limiting excessive privilege and reducing the paths that attackers rely on to move undetected. They also gain operational simplicity by replacing fragmented tools and manual governance with consistent, scalable controls.

Most importantly, customers gain confidence. Confidence to adopt cloud, automation and AI, knowing that identity risk is governed continuously. Confidence that security can keep pace with change rather than reacting after the fact.

Moving Forward

CyberArk’s Identity Security solutions will continue to be available as a standalone platform. Customers can rely on the solutions they trust today while benefiting from an accelerated roadmap focused on resilience, simplicity and improved security outcomes.

At the same time, integration is underway to bring CyberArk’s best-in-class identity security capabilities more deeply into the Palo Alto Networks security ecosystem. Our priority is to listen closely to customers, meet their immediate needs, and build the path forward together.

The AI era is redefining how enterprises operate and how attackers operate alongside them. Securing every identity, human, machine and AI agent is no longer optional. It is foundational.

By bringing CyberArk into Palo Alto Networks, we are taking a decisive step toward redefining identity security for the modern enterprise and helping our customers stay secure as they innovate at speed.

The post Securing Every Identity in the Age of AI appeared first on Palo Alto Networks Blog.

Accelerating Secure AI Adoption

The rapid adoption of AI is transforming the enterprise, unlocking unprecedented productivity and accelerating workflows at a record pace. However, this velocity creates a new productivity paradox: The faster AI moves, the more it can expose the organization to entirely new categories of risk. Without specialized guardrails, unchecked AI can inadvertently bypass company policies, violate legal standards, or ignore ethical norms.

To bridge this gap, Glean, the Work AI platform, and Palo Alto Networks Prisma^® AIRS™ have integrated to provide an essential security layer that empowers organizations to adopt generative AI with confidence, helping ensure that massive productivity gains never come at the cost of trust, security or compliance.

Real-Time Defense Against the Modern AI Threat Surface

Generic filters often fail to catch the sophisticated nuances of AI-driven attacks. The integration of Glean and Prisma AIRS provides a purpose-built defense that acts in real time across three critical areas:

1. Neutralizing Prompt Injection

Prompt injections are malicious instructions designed to trick AI models into ignoring their safety protocols, potentially leading to the exposure of sensitive data or the execution of unauthorized actions.

For instance, an attacker could craft a prompt that causes the AI to leak its own system instructions leading to data loss. Glean and Prisma AIRS instantly detect these sophisticated manipulation attempts, blocking the request and notifying the user before the organization's integrity is compromised.

2. Safeguarding Against Harmful and Toxic Content

AI interactions must remain professional, ethical and safe.

By scanning both user prompts and AI-generated responses against organizational policy, Glean and Prisma AIRS automatically block requests that contain toxic, biased, or otherwise harmful content. This enables AI to remain a positive and productive asset for the entire workforce.

3. Preventing Malicious Code and Unsafe URLs

AI models can sometimes generate unsafe code snippets, get data from a poisoned source, or provide harmful links that lead to phishing sites or malware downloads.

For example, a developer might ask an AI assistant for a code library to process data, and the model could inadvertently suggest a malicious package that compromises the application. The Glean and Palo Alto Networks integration provides a crucial safety net, inspecting all generated content for malicious patterns and preventing employees from interacting with risky URLs, keeping the entire AI-driven development and research lifecycle secure.

Secure AI in Minutes with Out of the Box Integration

The true power of the Glean and Palo Alto Networks partnership lies in its simplicity. We’ve removed the friction of complex security configurations, enabling organizations to realize value immediately through a seamless, out of the box integration.

Onboarding is completed in three simple steps within the Glean admin console:

1. Navigate to AI Security and select Palo Alto Networks AI Runtime Security™.
2. Paste your Prisma AIRS Runtime Security API Key.
3. Click Save.

With these three clicks, the integration is live, providing an invisible but invincible layer of defense across your AI chats and agent interactions.

Partnering for a Secure AI Future

As enterprises scale their AI initiatives, specialized security becomes non-negotiable. Prisma AIRS provides the advanced, granular protection needed to catch threats that standard vendors can often miss, and its integration with Glean delivers that protection exactly where work happens.

Drive productivity, foster innovation, and secure your future with Glean and Palo Alto Networks.

Key Takeaways

• Real-Time Threat Mitigation: Instantly block prompt injections, toxic content, and malicious code, transforming AI from a risk factor into a secure asset.
• Frictionless Deployment: Achieve comprehensive AI security in minutes with a simple, three-click API integration within the Glean console.
• Time to value: Scale AI adoption across the enterprise by ensuring every interaction complies with internal policies and global safety standards.

Ready to Deploy Secure AI? To explore how this integration can protect your organization, sign up for the Glean and Palo Alto Networks upcoming webinar.

The post The Power of Glean and Prisma AIRS Integration appeared first on Palo Alto Networks Blog.

Our Reimagined Partner Program Is Here

The cybersecurity landscape continues to evolve at an extraordinary pace. AI-driven threats are expanding the attack surface, demanding faster, more precise responses and greater resilience. At the same time, customers want fewer vendors, deeper integrations and trusted advisers who can help them achieve positive, measurable outcomes and reduce unnecessary complexity.

Meeting these challenges and expectations requires a potent combination of world-class technology and world-class partnership. That’s why, in 2026, Palo Alto Networks is evolving our partner program and unifying it with our value exchange framework.

We are excited to share that we have rolled out new program features. The changes we’re introducing are designed to strengthen how we work with our ecosystem across every partner motion – from resale and cosell to delivery, support and managed services. The goal of this evolution is simple: Create clearer, more scalable paths for growth and mutual success.

Why We’re Evolving to Meet the Demands of a Changing Market

The same forces transforming the cybersecurity landscape are also changing what it means to be a successful partner. As customers reduce their reliance on disparate point solutions, choose to consolidate platforms and lean harder on AI-driven automation, they’re turning to partners for much more than technology procurement. They want design guidance, integration expertise and ongoing, outcome-focused support.

Our partners are also clear about what they need from us. They’ve asked Palo Alto Networks for a partner program that is simpler to engage with, more predictable in how it rewards impact, and more closely aligned with how they build and deliver value across resale, services and managed offerings. Our partners also seek less complexity and more room to differentiate through their own investments and innovation.

The evolution of our partner program is our response not only to feedback from our partners but also to extensive market research. It will bring greater structure where our partners seek consistency, greater flexibility in how and where they innovate, as well as greater transparency in how the value they deliver is recognized. These strategic changes will help ensure our mutual customers benefit the most when they work with our vast and diverse ecosystem in today’s platform-first, outcome-driven marketplace.

A Unified Growth Model = Partner Program + Value Exchange

Palo Alto Networks NextWave Partner Program and value exchange framework were designed to work together, not as separate tracks, but as one powerful engine for driving growth. This unified framework makes it easier for partners to engage with us and get the most from the partner program. It rewards impact, expertise and customer success rather than focusing narrowly on transactions.

This evolved model is built on the foundation of three guiding principles:

• Predictability – Consistent expectations and program structures that support long-term planning.
• Repeatability – Enablement and tools that help partners scale practices with confidence.
• Profitability – Incentives, rebates and routes to growth tied directly to customer value.

The new framework can help partners build sustainable businesses while accelerating the adoption of platformized AI-powered security. Let’s take a look at the many benefits our partner ecosystem may experience through this reimagined program.

What Our Partners Can Expect

Our redesigned partner program enables greater alignment between the investments you make and the outcomes you achieve. Across Palo Alto Networks NextWave Partner Program, we’re strengthening how partners can scale, differentiate and grow their business with improvements in three key areas.

1. Access That Accelerates Scale

We’re expanding access to the tools and resources that can help partners reach customers faster and deliver solutions with confidence:

• Broader on-demand learning and persona-based enablement.
• Labs and demos that make it easier to showcase platform value.
• Improved quoting tools and API-driven automation that can ease operational friction.
• Enhanced support resources that improve quality delivery and the customer experience.

These and other capabilities can help reduce complexity and accelerate your ability to propose, design and deploy high-quality, platform-based solutions for customers.

2. Commitment That Reflects Intentional Investment

As the cybersecurity market evolves, so does the definition of partnership. Our newly evolved program introduces clearer expectations and meaningful rewards for partners who invest in specialization and growth. We’re raising the bar on the program’s standards:

• Higher bookings and growth targets.
• Increased specialization depth across key areas.
• New targeted rebates aligned to value creation.
• A strengthened global distribution strategy to support scale.

These enhancements will recognize partners who lean into the platform approach and drive meaningful impact for customers.

3. Profitability That Helps Fuel Long-Term Growth

A top priority for our updated program is helping partners build predictable, repeatable and profitable business practices in 2026 and beyond. Here are some of the measures we’re introducing:

• Default service quoting (Authorized Support Center and Authorized Professional Services) to help strengthen delivery economics.
• Incentive model that drives higher partner profitability on AI-enabled security solutions.
• Programmatic discounts and improved quoting tools to speed sales cycles.
• A new Partner Development Fund (PDF) to help partners build capabilities and pipeline.

Our aim is to create a more consistent, performance-driven model that supports partner strategy today and creates room for expansion tomorrow.

What These Changes Mean for Customers

A more connected and enabled partner ecosystem doesn’t just benefit our partners. It elevates the entire customer experience.

Customers can expect smoother, simplified engagement with trusted cybersecurity advisers who speak the same language and share the same goals. And with greater consistency across sales, delivery and ongoing support, organizations won’t be saddled by complexity that slows transformation and makes it harder to adopt, build and deploy AI boldly yet safely.

Customers can also move forward with greater confidence in expanding their use of our Palo Alto Networks integrated, AI-driven cybersecurity platform, knowing their partners are equipped with the training, tools and know-how to help guide them every step of the way.

Driving Shared Success Through the Value Exchange

The value exchange in cybersecurity reinforces a principle that has long guided the approach of Palo Alto Networks to partnering: Growth follows value creation. It’s the foundation for how we work with our ecosystem, strengthening connections among partners, customers and our platform.

This is the power of a global ecosystem moving with purpose. When platform innovation, partner expertise and customer needs are aligned, everything moves faster and desired outcomes are more readily achieved. Deployments accelerate, architectures are simplified, and enterprises gain the resilient security postures needed to withstand the pressures of an AI-driven threat landscape.

What’s Next

We encourage you to review a set of short videos in The Learning Center for Partners, which provide more details about the planned changes to Palo Alto Networks NextWave Partner Program.

We believe the year ahead offers one of the most significant opportunities for innovation and growth our ecosystem has ever seen. By reimagining our partner program and value exchange framework, Palo Alto Networks is doubling down on the promise of our shared success, mutual growth and long-term value.

To our partners, thank you, as always, for your commitment, collaboration and belief in what we’re creating together. What’s ahead is more than an evolution of a long-standing and successful partner program. It’s a new era of partnering with precision to build the future of cybersecurity.

---

Key Takeaways

• A reimagined partner program accelerates sustainable growth. Beginning in early February, a single, scalable framework will guide every partner motion and reward meaningful impact.
• Partners have more ways to scale and differentiate. Expanded enablement, automation and incentives can help build stronger, more profitable practices.
• Customers will benefit from more consistent experiences. A more aligned ecosystem enables simpler engagement, smoother delivery and increased confidence in the platform.

Forward-Looking Statements

This blog contains forward-looking statements that involve risks, uncertainties and assumptions, including, without limitation, statements regarding the benefits, impact, or performance or potential benefits, impact or performance of our products and technologies or future products and technologies. These forward-looking statements are not guarantees of future performance, and there are a significant number of factors that could cause actual results to differ materially from statements made in this blog. We identify certain important risks and uncertainties that could affect our results and performance in our most recent Annual Report on Form 10-K, our most recent Quarterly Report on Form 10-Q, and our other filings with the U.S. Securities and Exchange Commission from time-to-time, each of which are available on our website at investors.paloaltonetworks.com and on the SEC's website at www.sec.gov. All forward-looking statements in this blog are based on information available to us as of the date hereof, and we do not assume any obligation to update the forward-looking statements provided to reflect events that occur or circumstances that exist after the date on which they were made.

The post New Year, New Program, New Opportunities appeared first on Palo Alto Networks Blog.

Palo Alto Networks is proud to enter a strategic partnership with the RAF Association.

For over 90 years, the Royal Air Forces Association (RAFA) has championed a simple yet profound belief: No member of the RAF community should ever be left without the help they need. Serving personnel, veterans and their families, the RAF Association provides crucial welfare support, responding to increasingly complex needs in an era of operational changes and challenges, including persistent global deployment.

Delivering on their mission today requires not only compassion and expertise but also resilient digital foundations. To strengthen and future-proof its operations, RAFA has entered into a strategic partnership with Palo Alto Networks. Together, we are modernising the Association's cyber security posture through a secure-by-design, zero trust architecture to enhance organisational resilience, secure sensitive beneficiary data, and improve operational agility. This helps ensure they can focus on their mission of support, not security management.

As Nick Bunting OBE, Secretary General at the RAF Association, puts it:

Cybersecurity is essential to safeguarding the trust people place in our organisation. This transformation will give us greater protection for our data and systems, ensuring that our services remain dependable and that our organisation is secure, resilient and ready for the future. Strong digital security is not just a technical requirement, it is a fundamental part of how we uphold our duty of care to every individual who relies on us.

Securing the Mission

The RAF Association operates in a distributed environment comprising headquarters’ functions, remote caseworkers, and more than 20 RAFAKidz nursery sites, supported by a growing portfolio of cloud-based services. In this context, cybersecurity is not simply an IT concern. It is a safeguarding imperative.

Disruption to systems or a compromise of sensitive beneficiary data could directly impact RAFA’s ability to deliver services and maintain the trust of the communities it supports. By consolidating fragmented legacy tools into a unified platform, this partnership ensures the Association’s digital evolution aligns security controls with GDPR obligations and safeguarding requirements.

Digital Resilience with a Unified Platform for Visibility and Control

To support RAFA's lean IT operational model, this transformation will move them away from fragmented legacy tools toward a unified platform approach. The deployment of Prisma^® SASE (secure access service edge) and Cortex XDR^® will provide RAFA with consistent visibility and control across users, devices, applications and data, regardless of location. This consolidation replaces complexity with clarity, allowing the organisation to inspect traffic for threats in real-time. Security policies are now enforced continuously, threats are detected and contained faster, and access to critical systems is governed by zero trust principles without compromising the user experience.

As Phil Sherwin, Chief Information Officer, at the RAF Association states:

Our data is one of our most valuable assets and the protection of that data, as we continue to provide life-changing support to members of the RAF community, is our most important priority. This partnership will move us into the next generation of security tools that adopt zero trust principles and is a crucial step on our journey to providing a layered approach to data protection.

One of the most critical aspects of this modernisation is supporting RAFA’s diverse workforce, particularly within the RAFAKidz nursery sites. These environments rely on nondesk-based staff using iPads and mobile devices to get their critical work done.

Using zero touch provisioning and the Prisma Browser™, we are enabling secure, seamless connectivity for unmanaged devices. This ensures that nursery staff can access necessary SaaS applications safely without complex login hurdles or manual configuration, improving their agility and allowing them to focus on caring for children rather than troubleshooting technology.

Creating Operational Advantage by Scaling Operations with AI and Automation

As a charity, RAFA has a responsibility to ensure resources are used efficiently. A critical goal of this partnership is to improve productivity and allow the organisation to scale its services without increasing the IT burden.

By adopting Strata™ Cloud Manager with AIOps (artificial intelligence for IT operations), RAFA is shifting from reactive security operations to proactive, automated management. Machine learning helps identify configuration risks and performance issues before they affect users, while standardized policies enable the secure, consistent onboarding of new sites. This shift is projected to significantly reduce operational overhead, enabling RAFA to scale its support network cost-effectively. This shift is projected to reduce operational overhead by 40–50%.

A Resilient Future

This partnership is about more than deploying technology. It is about ensuring RAFA remains resilient, trusted and capable of supporting the RAF community for decades to come.

As Darren Bisbey, Head of Group Information Security for the RAF Association, puts it:

We live in an era where digital threats are accelerating in both scale and sophistication, creating unprecedented challenges for organisations. Our partnership with Palo Alto is a statement of intent, reflecting our unwavering commitment to building the most secure environments possible for our data.

At Palo Alto Networks, we are honored to support RAFA in this journey, providing the digital armour and operational advantage necessary to protect those who serve and have served.

As Alistair Wildman, Palo Alto Networks CEO for Northern Europe states:

For over 90 years, RAFA has been a lifeline for the RAF community; it is our privilege to ensure that legacy endures in a digital-first world. By embracing a unified, AI-driven platform, RAFA is moving beyond complex, fragmented security to a posture that is Secure by Design. This partnership allows them to navigate today’s threat landscape with confidence, ensuring their resources remain focused where they belong: on the families who need them.

---

Key Takeaways

1. Digital Resilience – Strategic Shift to Zero Trust Architecture: RAFA is modernizing its cybersecurity posture by implementing a comprehensive zero trust architecture. This transition involves moving from fragmented legacy tools to a unified platform approach, deploying Prisma^® SASE and Cortex XDR for 360-degree visibility and complete control over access and traffic.
2. Interoperability – Secure, Seamless Access for Diverse Workforce: The partnership ensures operational agility by simplifying security for nondesk-based staff, particularly at the RAFAKidz nursery sites. Solutions like Zero-Touch Provisioning and the Prisma Access Browser enable secure, seamless connectivity for unmanaged devices, allowing nursery staff to focus on their critical work without complex login or configuration issues.
3. Creating Operational Advantage – Efficiency and Scalability through AI and Automation: RAFA is leveraging technology to scale services efficiently and reduce operational overhead. By using Strata Cloud Manager with AIOps (Artificial Intelligence for IT Operations), the organization can shift to proactive management and automating remediation, which is projected to reduce operational overhead by 40–50%.

The post Empowering the RAF Association with Next-Generation Cyber Resilience appeared first on Palo Alto Networks Blog.

The early weeks of 2026 have already made one thing clear: Government cybersecurity is in a new phase, shaped not by incremental change, but by the rapid integration of AI into core public-sector missions. AI systems are now embedded in critical infrastructure, federal service delivery, research environments, as well as state and local operations. At the same time, nation-state adversaries are leveraging AI to accelerate intrusion, scale deception and manipulate trusted systems in ways not possible even a year ago.

As Senior Vice President of Public Sector at Palo Alto Networks, I see a decisive shift underway. Defending the public sector in 2026 means navigating a world where security depends on verifying identity, securing data and governing AI-driven systems that act without human intervention. Success now hinges on architectures that assume automation, operations that prioritize coordination, and governance frameworks capable of managing AI at mission scale.

Here are the developments that will define the year ahead.

Federal Government

1. AI-Native Security Must Become Integral to Federal Operations

AI in federal environments is no longer an experiment. Agencies are now designing workflows, SOC missions and cloud architectures around AI-driven detection and response. The emphasis is shifting from supplementing human analysts to building systems that maintain visibility, correlate threats, and respond autonomously when human capacity is limited. This builds on what we forecasted last year, when federal cybersecurity teams began using AI to replace manual workflows and drive down detection and response times.

The shift will be practical. Federal teams must plan to deploy AI systems that correlate logs, identify behavioral anomalies, prioritize threats, and suppress noise before analysts ever see an alert. Manual, ticket-based workflows will no longer meet federal timelines for investigation or reporting, particularly as adversaries automate more phases of attack.

2. Identity Emerges as the Central Federal Security Challenge

The biggest shift in 2026 will be the collapse between “identity” and “attack surface.” Deepfake technologies now operate in real time. AI-generated voices and video can impersonate senior leaders at a level undetectable by traditional controls. Machine identities continue to proliferate; they will outnumber human identities this year. And autonomous agents can initiate high-impact actions without human oversight. This reflects a broader crisis of authenticity now reshaping how enterprises defend identity itself.

Identity abuse will no longer be limited to credential theft. This turns identity into a systemic risk. One compromised identity (human, machine or agent) can cascade through automated systems with little friction. Federal programs will need to prioritize continuous identity verification, stronger proofing and governance frameworks that validate the legitimacy of both human and AI-driven activity.

3. AI Systems Must Be Secure-by-Design

Stemming from the clear mandate in the AI Action Plan (and subsequent work by NIST to develop an AI/Cyber Profile on top of the existing Cybersecurity Framework) agencies will steadily integrate AI security into their deployment of AI technologies.

This imperative is critical as AI systems are susceptible to novel threats. Data poisoning of training sets, manipulated inputs and hidden instructions in untrusted datasets compromise the intelligence that agencies rely on for analysis, planning and mission support. To support the security of this AI-first moment, Palo Alto Networks was proud to make its AI security platform, Prisma^® AIRS™, available through the GSA OneGov initiative.

4. Nation-State Operations Expand Through AI Automation

Adversaries will use AI to compress the time between reconnaissance, exploitation and lateral movement. We expect rapidly increasing the use of AI to chain vulnerabilities, tailor social engineering campaigns, and generated malware variants that adapt in real time.

The focus will broaden beyond IT networks. AI will be used to disrupt OT systems and target sensitive research environments. Foreign intelligence services will weaponize AI to blur the line between intrusion and information operations, producing hybrid campaigns that attack both systems and the legitimacy of institutions.

5. Autonomous SOC Capabilities Become Essential

Federal SOCs will evolve from human-centered command centers to hybrid operations where autonomous agents run major components of the detection and response mission. These agents will triage alerts, enforce containment, and initiate predefined responses.

This evolution comes with risk. AI agents with broad authority can be misused or manipulated if not properly governed. Agencies will need safeguards to track agent behavior, enforce least privilege on agents, and prevent misuse through runtime monitoring and “AI firewall” controls designed to stop malicious prompts and unauthorized actions. The same pressures are shaping enterprise security, where controls like AI firewalls and circuit breaker mechanisms are becoming standard practice. Automation will only strengthen federal security if paired with rigorous oversight and continuous validation of agent activity.

6. Shared and Federated SOC Structures Gain Momentum

As threats scale, agencies will increasingly operate through shared or federated security structures. Instead of isolated SOCs, agencies will adopt analytics layers capable of correlating activity across departments and exchanging findings in real time.

This shift will reduce redundancy and provide faster insight into nation-state campaigns that cross federal boundaries. Early adopters will establish shared analytic and response frameworks that allow agencies to coordinate without sacrificing mission-specific control. Civilian agencies will lead early adoption with broader participation across defense and national security stakeholders expected later in the year.

7. The Post-Quantum Deadline Becomes Immediate

In 2026, post-quantum cryptography planning will move to implementation. Accelerated advances in quantum computing and AI-based cryptanalysis will push agencies to transition from pilot efforts to mandated modernization.

Agencies will focus on discovering where vulnerable algorithms are used, replacing outdated libraries, and implementing crypto-agility so systems can evolve without major redesigns. Systems with unpatchable cryptographic components will be flagged for full replacement, forcing agencies to reconcile years of accumulated “crypto debt.”

8. Data Trust and Cloud Workload Protection Become Priority Missions

The rise of AI workloads will force agencies to rethink how they protect data. Infrastructure controls alone cannot detect when training data has been manipulated or when model outputs no longer reflect real-world conditions.

Agencies will unify developer and security workflows and use tools like Data Security Posture Management and AI security posture management (AI-SPM) to track data lineage and enforce protections at runtime. Enterprises are addressing the same issue by bringing development and security teams together under shared data governance models. Ensuring model trustworthiness will become a mission-support requirement, not just a security objective.

9. Platform Consolidation Becomes Necessary

Fragmented tools cannot support the visibility and oversight required for AI governance. Executives will push for platform consolidation to unify network, identity, cloud, endpoint and AI security. Integrated platforms will gain favor because they enable consistent policy enforcement and a single operational picture across increasingly automated environments.

State, Local and Educational Institutions

1. AI Adoption Splits SLED into Distinct Tiers

In 2026, disparities in funding and technical capacity will widen. Some states will deploy AI across security operations, citizen services and identity verification. Others will struggle to maintain legacy systems.

Well-resourced jurisdictions will reduce response times and improve resilience. Underfunded ones will remain exposed to ransomware and disruption. Without targeted modernization efforts, a national divide in SLED cybersecurity maturity will deepen.

2. Regional Models Become the Practical Path Forward

Silos are no longer sustainable. SLED organizations will rely on shared SOCs, regional threat intelligence hubs and coordinated incident response agreements. States will formalize partnerships to share expertise, reduce costs and defend interconnected systems. This evolution represents the maturation of the “team sport” mentality we predicted in 2025. These models reflect operational reality: Compromised data or infrastructure in one jurisdiction often creates immediate risk for its neighbors.

3. Higher Education Redesigns Its Security Baseline

Universities will classify cybersecurity alongside energy, research infrastructure and physical security as essential institutional functions. Secure browser adoption, stronger vendor oversight and centralized identity governance will become the norm.

AI research environments will receive increased scrutiny, and universities participating in federally funded research will face stricter compliance requirements to prevent data poisoning and model manipulation. Institutions with large research portfolios will prioritize securing lab environments where AI models are trained and evaluated.

4. K–12 Systems Enter a New Phase of Security Oversight

States will introduce new security mandates for K–12 environments, covering MFA, network segmentation, secure browsers, identity verification and foundational zero trust principles. AI-enabled ransomware will remain a threat. Smaller districts will adopt managed services or regional support structures as they confront growing operational and compliance demands. Districts that modernize identity controls and browser security will significantly reduce their exposure compared to those reliant on legacy tools. Building on the regulatory momentum we predicted in 2025, K–12 institutions will continue moving from defensive posture to proactive security adoption.

5. Local Governments Face Escalating AI-Driven Ransomware

Municipal governments remain high-value targets due to limited staffing and aging infrastructure. AI gives threat actors the ability to automate reconnaissance, craft targeted phishing messages, and identify vulnerabilities with little effort.

Attacks timed to public safety incidents or weather emergencies will increase, meaning local governments will need stronger identity controls, automated endpoint protection and access to managed detection and response. Operational continuity will depend on reducing time-to-detect and time-to-contain, capabilities that smaller municipalities cannot achieve without external support.

6. Managed Services and Platform Consolidation Become Standard

As technical demands grow, SLED organizations will move toward managed SOC models and consolidated vendor ecosystems. Platforms that integrate data protection, threat detection, identity governance and AI oversight will gain traction. Point tools without interoperability will decline. Budget-constrained environments will favor comprehensive platforms that reduce operational burden and simplify compliance.

7. Identity and Data Trust Become Central SLED Priorities

SLED organizations manage sensitive student records, election data and social services information. These environments are increasingly strained by the rapid growth of machine identities and AI-driven applications.

Synthetic identities and AI-generated credentials will be used to infiltrate systems with limited oversight. Continuous identity verification, data lineage tracking and posture management will become essential to prevent fraud, service disruption and data manipulation. Identity assurance and data integrity will become the foundation of public trust at the state and local level.

The post 2026 Public Sector Cyber Outlook: Identity, AI and the Fight for Trust appeared first on Palo Alto Networks Blog.

Accelerating the Migration to the Post-Quantum Era

The promise of quantum computing brings an unprecedented paradox. While it will unlock revolutionary breakthroughs in science, materials discovery and medicine, it simultaneously poses an existential threat to the mathematical foundations of modern cybersecurity.

For decades, the global economy has relied on public key cryptography to safeguard everything from personal privacy to national security. This cryptography is built on mathematical problems that are computationally infeasible for classical computers to solve but that quantum computers can solve efficiently, rendering today’s cryptographic protocols obsolete.

Using Shor’s algorithm, a sufficiently powerful quantum computer could factor the large prime numbers that underpin public key cryptography, in minutes. These are tasks that would take today’s most advanced supercomputers a millennium to crack. This capability would effectively turn our strongest digital defenses into open doors, creating a period of vulnerability leading up to Q-Day – the day today’s encryption is broken.

The Migration Crisis: Why Traditional Strategies Fail

For CISOs and technical leaders, the transition to post-quantum cryptography (PQC) is not a simple patch-and-deploy exercise. It is a multiyear transformation that requires updating cryptography across every device, application, certificate and infrastructure component in the enterprise.

Most enterprises today are constrained by cryptographic debt – years of accumulated, undocumented and deprecated encryption protocols buried deep within legacy applications, third-party software libraries and unmanaged IoT devices. This creates a vast and largely invisible attack surface that traditional vulnerability scanners were never designed to detect.

The challenge is compounded by the absence of a unified source of truth. Existing tools offer a fragmented "outside-in" view of the environment. They may identify devices on the network, but they lack visibility into cryptographic libraries embedded within live traffic. Without a real-time Cryptographic Bill of Materials (CBOM), security teams are forced to rely on manual, point-in-time audits that become outdated almost immediately. Spreadsheets cannot scale to this problem.

This visibility gap makes it impossible to prioritize remediation, leaving sensitive data exposed to harvest now, decrypt later (HNDL) attacks. In these attacks, adversaries intercept and store encrypted data today with the intent of unlocking it once quantum computing capabilities mature.

Operationally, traditional migration approaches are equally unworthy. Manually updating cryptography across thousands of global endpoints and branch offices often requires disruptive rip and replace strategies that threaten uptime and demand specialized expertise that is in extremely short supply. Organizations need a way to bridge today’s classical infrastructure with a quantum-resilient future without disrupting business operations or exhausting IT resources.

At Palo Alto Networks, we believe global enterprises cannot afford to wait. Our new Quantum-Safe Security solution is designed to remove these operational roadblocks by making cryptographic discovery, risk assessment and transition both continuous and actionable. We empower enterprises to gain real-time visibility into cryptographic risk and begin building agentic resilience at enterprise scale by integrating with existing security and infrastructure systems, including security information and event management (SIEM), load balancers, endpoint detection and response (EDR), as well as Application Vulnerability Management (AVM) tools.

The Four Stages of Cryptographic Inventory & Remediation

Palo Alto Networks Quantum-Safe Security is built around four foundational stages.

1. Continuous Discovery through Ecosystem Ingestion

Visibility is the first line of defense, but in a complex enterprise, true visibility requires more than a periodic scan. It requires continuous, high-fidelity ingestion of cryptographic intelligence across the environment.

Our solution acts as a central nervous system for your cryptographic posture, ingesting telemetry and logs directly from PAN-OS NGFW and Prisma® Access, enriched with data from a broad ecosystem of third-party security solutions, simplifying Day 0 onboarding. By leveraging your existing network infrastructure as sensors, we provide a comprehensive view of the cryptographic behavior of all assets without the operational friction of deploying new software.

To eliminate blind spots, we go beyond our own telemetry to ingest critical information from your existing systems you rely on. This includes syncing with configuration management database (CMDB) and asset management platforms to align cryptographic data with business inventories, integrating with EDR and access control solutions to monitor endpoint behavior, and aggregating data from network clouds and log platforms. The result is a unified intelligence layer that reflects how cryptography is actually used across the enterprise.

By synthesizing these data streams, we deliver a multidimensional view of cryptographic exposure:

• Discovery – Identification of every application, user device, infrastructure component and IoT device.
• Behavior – Analysis of traffic metadata, including protocols, key exchange mechanisms, encryption algorithms, hashes, certificates and tunnels.
• Context – Precise attribution of hardware models, cryptographic libraries (such as deprecated OpenSSL versions), and browser versions in use.

2. Risk Assessment & Prioritization

Not all data is created equal, and a successful migration requires a surgical focus on where the exposure is most acute. Our Quantum Safe Security solution quantifies risk by correlating cryptographic strength with business criticality, providing a clear, prioritized view of current risk and where remediation matters most.

Assets are categorized into strategic zones, starting with immediate exposure risks caused by deprecated protocols that are vulnerable to classical exploitation today. From there, the solution addresses long-term harvest now, decrypt later threats. As threat models evolve, the risk engine is designed to expand to emerging vectors like identity and authentication integrity, anticipating risks such as “Trust Now, Forge Later" attacks that could undermine digital trust at scale.

At the same time, the solution validates and tracks quantum-secure assets that have successfully transitioned to post-quantum or hybrid-PQC algorithms. By correlating this intelligence with business criticality and data shelf-life, security leaders can make informed decisions. For example, a crown jewel asset containing data that must remain confidential for a decade or more, is flagged as a high HNDL risk today and elevated to the top of the migration queue.

3. Comprehensive Remediation

Moving from a vulnerable state to quantum resilience is a structured journey. Our comprehensive remediation framework guides organizations through three critical stages, supported by automated workflows and prioritized recommendations at every step.

• Current State to Quantum Ready: The first stage focuses on infrastructure modernization. Using continuous discovery insights, the solution provides hardware and software recommendations required to support next-generation cryptographic protocols. An asset reaches a Quantum Ready state once it has the underlying hardware and OS capabilities to support post-quantum algorithms, even if those protocols are not yet activated.
• Quantum Ready to Quantum-Safe: Transitioning to a Quantum-safe state requires activation and configuration of post-quantum defenses. Our solution provides data configuration and certificate compliance guidance to enable PQC/Hybrid-PQC algorithms to be correctly implemented across the estate.
• Virtual Patching via Cipher Translation: For all current and especially legacy systems or IoT devices that cannot be upgraded, we provide an accelerated path to quantum-safety. Through Cipher Translation, the infrastructure acts as a proxy, providing agentic remediation that reencrypts vulnerable traffic into quantum-safe standards (such as ML-KEM) in real-time at the network edge. This approach instantly moves legacy assets from a high-risk current state to a Quantum-safe posture without a single line of code change.

4. Governance: Continuous Crypto-Hygiene & Global Compliance

Quantum readiness is not a one-time event; it is a strategic enterprise transformation that requires continuous oversight to prevent the re-emergence of vulnerabilities. Our governance framework provides the guardrails for your migration through two critical layers of management:

Continuous Crypto-Hygiene & Ongoing Management: Maintaining high-fidelity visibility is essential to preventing the accumulation of "crypto-debt." Our solution automates real-time mapping of all cryptographic dependencies, ensuring your CBOM remains dynamic and accurate as your environment evolves. Furthermore, we introduce Active Drift Detection, which automatically detects and can even block the use of weak or noncompliant ciphers in real-time, preventing developers or third-party services from accidentally introducing insecure protocols.

Global Crypto-Compliance Enforcement & Reporting: As regulatory pressure from governments (like the US Commercial National Security Algorithm Suite 2.0) mounts, organizations must demonstrate measurable progress. Our solution will provide Automated Framework Auditing, offering continuous, native mapping of your environment against global standards, including NIST, FIPS 140-3, and DORA.

Architecting a Quantum-Resilient Enterprise

The transition to quantum-safe security is far more than a technical upgrade. It represents a fundamental shift in how organizations protect the longevity and integrity of their digital assets. Achieving quantum resilience is a multiyear effort that requires both advanced technology and strategic partnership.

That's why Palo Alto Networks has established Integrated Quantum Practices, bringing together technology, partners and professional services to help organizations navigate the complexity of this transition with confidence. By combining deep cryptographic visibility with intelligent, agentic remediation, organizations can systematically retire their cryptographic debt and build resilience into their security architecture over time.

This proactive approach does more than mitigate emerging risk. It establishes a foundation of digital trust that is resilient against the threats of tomorrow, enabling your most sensitive intellectual property to remain secure for its entire shelf life, even as cryptographic standards evolve.

Secure Your First-Mover Advantage: The Quantum Readiness Assessment

Don’t let the complexity of the quantum transition stall your organization’s progress. Begin your path to resilience with a Quantum Readiness Assessment, a focused engagement to clarify current exposure and identify the most critical areas for action. To go deeper, watch the Quantum-Safe Summit on demand for expert perspectives on cryptographic risk and quantum readiness.

The Palo Alto Networks Quantum-Safe Security solution is expected to be generally available to customers on January 30, 2026, with additional integration enhancements planned for April 2026.

Forward-Looking Statements

This blog contains forward-looking statements that involve risks, uncertainties and assumptions, including, without limitation, statements regarding the benefits, impact or performance or potential benefits, impact or performance of our products and technologies or future products and technologies. These forward-looking statements are not guarantees of future performance, and there are a significant number of factors that could cause actual results to differ materially from statements made in this [blog. We identify certain important risks and uncertainties that could affect our results and performance in our most recent Annual Report on Form 10-K, our most recent Quarterly Report on Form 10-Q, and our other filings with the U.S. Securities and Exchange Commission from time-to-time, each of which are available on our website at investors.paloaltonetworks.com and on the SEC's website at www.sec.gov. All forward-looking statements in this blog are based on information available to us as of the date hereof, and we do not assume any obligation to update the forward-looking statements provided to reflect events that occur or circumstances that exist after the date on which they were made.

The post Introducing Palo Alto Networks Quantum-Safe Security appeared first on Palo Alto Networks Blog.

How Ripley's Fight for Survival Became My Blueprint for SOC Transformation

I'll admit it. I wasn't planning to rewatch science fiction horror films when I sat down to write about modern cybersecurity challenges. But there I was, staring at yet another draft about SOC modernization when our content team threw out a wild idea: What if we explained threat actors through the lens of a Science Fiction movie like Alien?

Yo, Hicks. I think we got something here!

Against my better judgment, I queued up the original 1979 film. Somewhere between the chest-burster scene and Ripley's desperate attempt to purge the Nostromo's systems, it hit me: This crew had every problem a modern security operations center faces daily.

Stay with me here.

The Unknown Threat Aboard Your Ship

In the original Alien, the crew of the Nostromo responds to what they think is a distress signal. Spoiler alert: It's not. By the time they realize they've brought something deadly aboard, it's already loose in the ship's ventilation system, moving freely through areas they can't monitor.

Sound familiar? That's exactly how modern breaches unfold. Threat actors don't announce themselves with flashing lights and alarm bells. They exploit a vulnerability, establish a foothold, and move laterally through your environment while remaining undetected. According to recent Unit 42^® research, the mean time to exfiltrate has dropped from nine days in 2021 to just two days in 2023. Some incidents now occur in under 30 minutes. The xenomorph's (the alien’s) rapid lifecycle has nothing on modern ransomware operators.

The Nostromo crew's problem wasn't just the alien. It was that their ship's systems couldn't tell them where the threat actually was. Their motion trackers picked up movement, but couldn't distinguish between crew members, the cat or the xenomorph. Legacy SIEM systems have the same problem, generating thousands of alerts without the context to determine which ones represent actual threats.

"I Can't Lie About Your Chances, But You Have My Sympathies"

One of the most chilling moments in Alien comes when Ash, the science officer, reveals he's actually a synthetic programmed by the company to prioritize retrieving the alien specimen over crew survival. "I can't lie to you about your chances, but... you have my sympathies."

This is what alert fatigue feels like in a modern SOC.

Security teams face an overwhelming reality:

• Managing up to 45 different security tools on average.
• Coordinating responses across approximately 19 different consoles.
• Processing thousands of alerts daily, most of which are false positives.
• 66% of organizations use 25 or fewer security products yet still struggle with complexity.

Like the Nostromo crew discovering their systems were working against them, security analysts often find their tools generate more noise than signal. Traditional SIEMs bombard teams with redundant alerts while real threats slip through undetected. Analysts spend their days triaging false positives instead of hunting actual threats. Basically, they’re sorting through motion tracker pings while the xenomorph stalks the corridors.

The Company Knew (And Your Attack Surface Knows Too)

From Aliens (the 1986 sequel), we learn that the Weyland-Yutani Corporation knew about the xenomorph threat all along. They had information about LV-426, but that intelligence never reached the colonists who needed it. The result? An entire colony was lost because critical threat intelligence wasn't properly shared and acted upon.

This is the attack surface management problem in a nutshell.

You can't protect what you can't see. Like the colonial marines arriving at LV-426 with incomplete intelligence, security teams often lack comprehensive visibility across their cloud environments, hybrid infrastructures and sprawling IoT deployments.

Modern attack surface management addresses this:

• Providing continuous assessment of your external attack surface.
• Identifying abandoned, rogue or misconfigured assets before attackers find them.
• Monitoring for vulnerable systems proactively.
• Unifying visibility across network, endpoint, cloud and identity.

Think of it as having the schematics and sensor data Ripley desperately needed – a complete picture of where threats could hide and how they might move through your environment.

The Power Loader Moment: Amplifying Human Response with Automation

In the climactic scene of Aliens, Ripley straps into a power loader exosuit to fight the alien queen. She's still human, still making the decisions, but now she's augmented with technology that amplifies her capabilities and response speed.

This is exactly what AI-driven security operations should do.

Legacy SIEM is like facing the xenomorph queen with your bare hands. Modern AI-driven platforms are the power loader, they don't replace the human operator, but they dramatically amplify what that human can accomplish.

Platforms like Cortex XSIAM^® can process over 1 million events per second while reducing the number of incidents requiring human investigation to single digits per day. The technology handles the heavy lifting:

• Automated data integration and normalization across all security tools
• Machine learning models that detect anomalies in user behavior
• Intelligent alert correlation that groups related events into single incidents
• Automated response workflows that contain threats in minutes, not hours

Organizations using AI-driven SOC platforms report automating up to 98% of Tier 1 operations. Your analysts still make the critical decisions, they're just equipped with vastly better tools to execute those decisions at machine speed.

The Danger of Fragmented Systems

Throughout the Alien franchise, crew members are constantly struggling with fragmented information. The motion tracker shows movement, but not identity. The door controls are on a different system than life support. Communications are spotty. When seconds count, they're wasting precious time switching between systems and trying to piece together incomplete information.

This is the daily reality in most security operations centers.

The same attack generates alerts in multiple interfaces: your SIEM, EDR console, cloud security platform, identity provider. It’s like seeing the xenomorph's tail in one system, hearing its hiss in another, and detecting acid blood in a third, but never getting the full picture until it's too late.

The engineering challenge isn't just buying better sensors. It's creating a unified data foundation where security-relevant information is collected, stored and normalized together. When all your security data lives in a single data lake, AI models can recognize patterns that would never surface in siloed systems. It’s like understanding that the motion tracker ping, the door malfunctioning and the broken steam pipe are all connected to the same threat.

What this unified approach enables:

• Cross-data analytics that correlate threats across different data sources.
• Complete context of an attack from initial entry to lateral movement.
• Automated response that addresses root causes, not just symptoms.
• Seamless collaboration between SOC analysts, threat hunters and incident responders.

"Nuke It From Orbit! It's the Only Way to Be Sure"

In Aliens, the solution to an overwhelming infestation is drastic: orbital bombardment. While we don't recommend that approach for cybersecurity (your compliance team will object), there's a lesson here about the importance of decisive, automated response.

When the colonial marines discover the scope of the xenomorph infestation, their problem isn't just detection, it's that their response capabilities can't match the threat's speed and scale. By the time they've cleared one corridor, the aliens have flanked them through the ceiling.

Modern threats move at similar speeds. Attackers can pivot from initial compromise to data exfiltration faster than human analysts can investigate and coordinate responses across multiple tools. This is where automation becomes essential, not as a replacement for human judgment, but as the mechanism that executes decisions at the speed threats actually move.

The key is having the right response capabilities:

• Fast enough to outpace attacker movement.
• Comprehensive enough to address root causes.
• Automated enough to execute without human bottlenecks.
• Intelligent enough to avoid collateral damage.

You don't need to nuke your network from orbit. You need response automation that contains threats before they spread.

The Survivor (And Why Human Expertise Still Matters)

Ellen Ripley survives the Alien franchise through a combination of factors: technical competence, situational awareness, decisive action and refusal to give up. But here's what's critical. She's effective not because she's superhuman, but because she's highly trained, learns from experience, and adapts her approach as threats evolve.

The same principles apply to security operations.

AI and automation dramatically improve efficiency and response times, but skilled security professionals remain essential. The goal isn't to replace analysts. It's to free them from repetitive tasks so they can focus on what humans do best: creative problem-solving, threat hunting, strategic thinking.

The cybersecurity labor shortage continues to grow, and analysts experience burnout from manual processes that consume time better spent on high-value activities. Modern platforms address this by automating routine work while augmenting human decision-making. Instead of spending hours manually correlating events and switching between consoles, analysts receive high-fidelity incidents with complete context.

Ripley didn't survive because she had the best equipment (though the power loader helped). She survived because she understood the threat, adapted her tactics, and made smart decisions under pressure. Your security team needs the same combination: World-class tools that amplify their capabilities and free them to do the strategic thinking that actually stops sophisticated threats.

What Ripley Would Do With Modern SecOps

Imagine what the Nostromo crew could have done if they had access to modern security operations technology:

• Detected the alien's presence immediately through behavioral analytics instead of relying on motion trackers.
• Tracked its movement through integrated sensor data across the entire ship.
• Automatically sealed compartments and adjusted life support to contain the threat.
• Had complete visibility into every system, eliminating hiding spots and blind spots.

Your organization shouldn't face threats with 1970s technology while attackers use 2025 capabilities. The evolution from traditional log management to AI-driven security operations isn't just about buying new tools. It's about fundamentally transforming how your security team operates, moving from reactive alert management to proactive threat hunting, from fragmented tools to unified platforms, from manual response to intelligent automation.

The xenomorph was a perfect organism: efficient, deadly, focused solely on survival and reproduction. Modern threat actors are similarly evolved, using AI and automation to attack at machine speed. Your defenses need to match that evolution.

In Space, No One Can Hear You Scream, But Your SOC Platform Can

Modern security operations require more than collecting logs and hoping someone notices the anomalies. You need unified visibility, AI-driven analytics and automated response capabilities that can keep pace with threats that move at the speed of code.

Whether you're drowning in alerts, struggling with tool sprawl, or trying to defend against attackers moving faster than human reaction times, there's a better way forward. And unlike the Nostromo crew, you don't have to face it alone with outdated equipment and fragmented systems.

Just comprehensive security, delivered at the speed of AI.

Because in cybersecurity, everyone can hear you scream when your SIEM fails. The question is whether your security operations platform can stop the threat before it gets that far.

Take the Next Step

If you're ready to move from fragmented tools to unified security operations, download our whitepaper, Endpoint First: Charting the Course to AI-Driven Security Operations to break down the practical steps to get there.

---

Key Takeaways

1. Stop Drowning in Alerts (AKA: Your SIEM Shouldn't Feel Like a Motion Tracker): Legacy Security Information and Event Management (SIEM) systems generate thousands of alerts without the necessary context. The modern approach requires moving past redundant alerts to a system that can accurately distinguish between noise and actual threats, a necessity driven by the rapidly decreasing time attackers take to exfiltrate data.
2. Get the Full Ship Schematics (Because You Can't Fight What You Can't See): Many organizations lack comprehensive visibility across their environments (cloud, hybrid, IoT). A unified approach, which includes continuous attack surface management and a single data foundation, is essential to connect disparate alerts and gain a complete picture of an attack across all security tools.
3. Give Your Analysts a Power Loader (Not a Pink Slip): AI-driven security operations (SecOps) platforms do not replace human analysts but dramatically amplify their capabilities and response speed, enabling automated data integration, intelligent alert correlation and rapid response workflows to contain threats at "machine speed" before human bottlenecks are reached.

The post What the Alien Franchise Taught Me About Cybersecurity appeared first on Palo Alto Networks Blog.

Why the GSA OneGov Agreement Is a Game-Changer for Federal Cybersecurity

The mission to modernize government IT is accelerating at lightning speed, largely thanks to the transformative power of artificial intelligence (AI). Federal agencies are strategically leveraging AI to boost efficiency, enhance citizen services, and strengthen national security – a vision fully supported by the administration’s AI Action Plan.

At Palo Alto Networks, we are all-in on helping agencies deploy AI bravely and securely. Because the challenge isn't just about using AI for cyberdefense, but also about defending AI itself. We appreciate the U.S. General Services Administration (GSA) recognizing the critical need for scalable, efficient solutions.

That is precisely why the GSA OneGov Initiative is a massive, game-changing step forward. We are proud to be the first pure-play cybersecurity vendor to secure a OneGov agreement with the GSA. This strategic alliance simplifies and standardizes the process for agencies to access our world-class, AI-powered security platform, ensuring security is foundational to this crucial modernization mission.

The Wake-Up Call: The Silent Threat of AI Agent Corruption

If you needed a clear sign that AI has fundamentally shifted the cybersecurity landscape, our own Unit 42 research provides it. The new reality isn't just about hackers using AI in their attacks; it’s also about how internal AI provides another attack surface for threat actors.

The most insidious new threat we've observed is AI Agent Smuggling, where malicious attackers use AI agents to exploit other agents. Our Unit 42 research highlights two major vectors:

• Indirect Prompt Injection: A security risk in LLMs where a user crafts input containing deceptive instructions to manipulate the model’s behavior, which can lead to unauthorized data access or unintended actions.
• Agent Session Smuggling: Exploit vulnerabilities in agent-to-agent communication, injecting malicious instructions into a conversation, hiding them among otherwise benign client requests and server responses.

This confirms our core belief as stated in a recent secure AI by Design blog: The AI ecosystem (the models, data and infrastructure) is now a complex, expanding attack surface that traditional perimeter defenses were simply not designed to protect.

As I’ve said before, “If you’re deploying AI, you must deploy AI security.”

Secure AI by Design: A Strategic Alliance with GSA

The GSA’s OneGov Initiative aims to streamline procurement and drive down costs by leveraging the purchasing power of the entire federal government. This is more than an agreement; it’s a direct response to the call for a "secure-by-design" approach to federal AI adoption. This agreement simplifies and standardizes the process for agencies to access our world-class, AI-powered security platform, ensuring that security is foundational, not an afterthought. It provides industry leading AI security tools into the hands of our cyber defenders today.

Under the Hood: Technical Capabilities for the AI Ecosystem

To counter the autonomous threats we’re seeing, we provide a platform that protects the entire AI lifecycle, from the developer's keyboard to the data center.

1. Runtime Protection for AI Workloads

Securing the AI supply chain requires visibility across every stage, especially during runtime when models are processing sensitive data.

• Prisma^® AIRS delivers comprehensive security for the entire AI lifecycle, in one unified platform. It allows organizations to deploy traditional apps as well as AI applications, models and agents with confidence by reducing risk from misuse, data loss and sophisticated AI-driven threats. Prisma AIRS provides a clear, connected view of assets in multicloud environments, so teams can eliminate silos, accelerate responses, as well as scale cloud and AI apps securely.
• Our Cloud-Native Application Protection Platform (CNAPP) has achieved the FedRAMP High designation, making it the preferred Code to Cloud solution to secure the entire application lifecycle from development to runtime. Our industry-leading CNAPP eliminates silos to deliver comprehensive visibility and best-in-class protection across multicloud environments.

2. Protecting Users and Data at the Edge

Even the most advanced AI defenses are undermined if users accessing applications and data are left vulnerable outside corporate security boundaries. The explosive growth of generative AI tools and the unseen behavior of AI agents are amplifying data exposure risks.

• Prisma SASE (secure access service edge) secures all users, apps, devices and data, no matter where they are and no matter where applications reside.
  • Prisma Access (FedRAMP High Authorized) and Prisma Browser (FedRAMP-Moderate Authorized) integrate security capabilities, like zero trust network access (ZTNA), secure web gateway (SWG) and cloud access security broker (CASB), to provide a unified policy framework and a consistent user experience.
• This approach helps agencies outpace the speed of AI-driven threats, safeguarding critical data and simplifying operations for a frictionless user experience. It ensures that the human element interacting with the AI is protected by the most stringent security controls available.

Deploy AI Bravely

The GSA OneGov agreement is a pivotal moment that provides federal agencies with the cost-effective, streamlined access they need to deploy AI with confidence. By leveraging our unified, AI-powered platform, government organizations can stop reacting to threats and start building secure-by-design AI environments. We are committed to remaining a key partner in this strategic initiative and helping the government achieve its mission outcomes safely.

For more information and access to promotional offers for new contracts signed on or before January 31, 2028, federal agencies can visit the GSA OneGov website.

The post Securing the AI Frontier appeared first on Palo Alto Networks Blog.

Palo Alto Networks Unit 42 and AWS Announce Expanded Collaboration, Launching No-Cost Retainer for AWS Security Incident Response available in AWS Marketplace

Speed is everything in today’s security landscape. From Unit 42^®’s frontline experience responding to more than 500 incidents last year, we've seen that in nearly one in five incidents, attackers go from initial compromise to data exfiltration in less than an hour. It leaves almost no time to react.

The challenge is compounded by the distributed nature of the modern IT environment; cyberattacks are rarely confined to one location. In fact, 70 percent of incidents now span three or more attack surfaces, from endpoints and networks to multiple cloud environments. This complexity increases vulnerabilities, which is a key reason why 86 percent of major incidents disrupt business operations.

When a breach moves at this speed and crosses complex silos, an enterprise has two immediate, critical needs:

1. Rapid, integrated expertise to contain the threat at its source within the cloud.
2. Holistic, end-to-end investigation to determine the full scope of the attack, tracing the attacker's path wherever it leads, across all systems and environments.

The No-Cost Unit 42 IR Retainer Available on AWS Marketplace

Recognizing customers need a faster, more comprehensive incident response strategy in the cloud, Palo Alto Networks Unit 42 is expanding our partnership with Amazon Web Services (AWS) Security Incident Response service. The collaboration introduces a no-cost Unit 42 Incident Response Retainer, which is now available to qualified customers in AWS Marketplace. Our value-added offer provides qualified customers with rapid access to Unit 42’s world-class investigative expertise and dramatically minimizes the critical time between an alert and full containment.

For qualified customers, here's what the no-cost Unit 42 Incident Response Retainer offers:

• 250 hours of initial Unit 42 Incident Response services at no cost.
• A 2-hour response time agreement for incident response.
• 24/7/365 access to the Unit 42 Incident Response team.

As an AWS Security Incident Response Service Ready partner, this collaboration is designed to deliver seamless, end-to-end incident response and proactive security services. By combining Unit 42’s deep experience in managing complex, legally privileged investigations with the rapid engagement of AWS Security Incident Response, organizations can resolve critical incidents faster and more comprehensively.

Unit 42 also offers preferred pricing to AWS Security Incident Response customers for proactive services through paid retainer offerings, also available in AWS Marketplace.

Hart Rossman, Vice President of Global Services Security, AWS:

When cyberattacks move at cloud speed, customers need immediate access to comprehensive expertise. By integrating Unit 42's end-to-end investigative capabilities with AWS Security Incident Response, we're delivering a unified response that helps customers contain threats faster and minimize business disruption. The no-cost retainer ensures they can activate the full scope of resources they need within minutes, not hours.

Effective response to a cloud breach demands deep technical skill and the ability to manage complexity under pressure. Unit 42 excels at managing high-stakes incidents. By coupling our expertise with AWS Security Incident Response’s capabilities to prepare, respond and recover from security incidents, Unit 42 offers customers a unified defense. Streamlining the entire process, from initial alert to final resolution, allows organizations to get back to business faster and limit operational disruption.

A Unified Front Against Complex Cloud Incidents

The collaboration is designed to solve a critical customer problem: Reduce the time and complexity of responding to incidents that span both AWS resources and the broader enterprise.

The combined offering delivers three key benefits, providing customers with a holistic and agile defense strategy:

• Comprehensive Investigation: Unit 42’s expertise enables an investigation across multiple environments, including endpoints, networks and other enterprise data sources, complementing AWS’s incident response technologies and expertise.
• Rapid, 24/7 Access to Experts: AWS Security Incident Response provides direct, 24/7 access to the AWS Customer Incident Response Team (CIRT), capable of engaging within minutes. Unit 42 is skilled at serving in the incident command role, coordinating efforts among internal stakeholders, other forensic and recovery vendors, as well as legal counsel.
• Response Readiness with No-Cost Retainer: The offering removes the typical administrative and procurement overhead of incident response engagements. The added value ensures qualified customers can activate the full resources of Unit 42 instantly, often at the direction of counsel.

Availability

The Unit 42 Incident Response and proactive service offerings are available in AWS Marketplace today. More information on the partnership will be shared during AWS re:Invent 2025 (December 1-5, 2025).

To learn more, visit the Unit 42 listing available in AWS Marketplace.

The post Unit 42 Incident Response Retainer for AWS Security Incident Response appeared first on Palo Alto Networks Blog.

Strengthening Cyber Resilience Across Northern Europe

Across Northern Europe, organizations are redefining how they work, innovate and compete. From the Netherlands’ smart logistics hubs to Finland’s AI-driven public services and the UK’s digital-first financial sector, this region is setting the global pace for responsible, data-driven transformation.

Yet behind this progress lies a growing challenge: security complexity.

According to the IBM Institute for Business Value (IBV), the average enterprise now manages 83 security tools from 29 vendors, leading to fragmented visibility, slower responses and rising risk exposure. In contrast, 96% of organizations that have unified their security platforms say they now view cybersecurity as a driver of business value, not a barrier to it.

That’s where the IBM and Palo Alto Networks partnership is making an impact. Together they are helping Northern European enterprises simplify, secure and accelerate their digital transformation with unified, AI-powered cybersecurity.

From Fragmented Tools to an Integrated Security Foundation

Northern Europe’s strength lies in its strong culture of trust and transparency, advanced digital infrastructure, as well as progressive regulatory frameworks. But as the EU NIS2 Directive, DORA and the AI Act come into force, achieving both compliance and cyber resilience require board-level oversight.

IBM and Palo Alto Networks are helping organizations lead this change. They combine IBM’s deep consulting and industry expertise with Palo Alto Networks market-leading security platforms and solutions, including Cortex XSIAM^®, Cortex^® Cloud™ and Prisma^® Access. This integrated approach protects innovation, enables compliance efforts, and enhances operational efficiency.

The partnership not only secures organizational estates, but empowers faster decision-making, measurable ROI and sustainable transformation.

Five Capabilities Powering Secure Transformation

Organizations want to strengthen cyber resilience without slowing innovation. IBM and Palo Alto Networks help them do just that, through five connected capabilities that turn complex challenges into measurable outcomes.

1. Unified Security Platform: Simplify and See More

The Challenge: Too many tools, too little visibility.
The Reality: Most enterprises run more than 80 security tools from nearly 30 vendors.

By consolidating with IBM’s unified security approach and the Palo Alto Networks platforms, organizations are cutting total product costs by up to 19.4% and gaining a single, trusted view of their security posture.

The Outcome: Streamlined operations, faster decision-making and improved compliance enablement for frameworks like NIS2, all while reducing the energy footprint of sprawling infrastructure.

2. Cloud Security: Innovate Without the Risk

The Challenge: Cloud transformation introduces new risks and blind spots.
The Reality: 82% of breaches now involve cloud data, and nearly 40% span multiple environments.

IBM and Palo Alto Networks secure the journey from code to cloud to SOC, embedding security early in design and automating protection across environments. IBM’s AI deployment accelerators slash rollout time, while Cortex Cloud™ provides continuous visibility and compliance enablement.

The Outcome: Faster innovation with cloud operations that are secure by design, from day one.

3. Security for AI: Build Trust in Every Algorithm

The Challenge: Rapid AI adoption without consistent oversight.
The Reality: 82% of executives say trustworthy AI is critical to success, yet few have the controls in place.

IBM and Palo Alto Networks help organizations govern and protect their use of AI, securing data pipelines, scanning models and preventing adversarial attacks.

The Outcome: Confident AI adoption aligned to the EU AI Act requirements, where innovation can move forward without compromising data integrity or customer trust.

4. Security Service Edge (SSE): Connect People Securely, Anywhere

The Challenge: Hybrid work models demand reliable secure access everywhere.
The Reality: Human risk, not technology alone, is now the dominant factor in breaches, with 95% of data breaches involving human error, such as insider missteps, credential misuse and careless actions, underscoring how remote and hybrid workers’ behaviors significantly expand exposure.

With Palo Alto Networks Prisma Access and IBM’s consulting expertise, enterprises across Europe are simplifying secure connectivity through a unified zero trust framework.

The Outcome: Simpler, more efficient policy management and stronger protection across hybrid environments, where risk exposure is reduced, visibility is enhanced, and a seamless user experience is delivered.

5. SOC Transformation: Detect Earlier, Respond Faster

The Challenge: SOC teams are overwhelmed, missing as many as two thirds of daily alerts due to alert fatigue and limited resources.
The Reality: Over half of organizations report they can’t hire or retain enough skilled analysts, leaving gaps in coverage and consistency.

By combining IBM’s Autonomous Threat Operations Machine (ATOM) with Palo Alto Networks Cortex XSIAM, organizations can streamline and automate core SOC workflows, reducing response times by more than half and enabling analysts to focus on the most critical incidents.

The Outcome: Faster detection, shorter resolution times and a more proactive, resilient security posture. AI-driven automation not only boosts accuracy but can also shorten breach lifecycles by more than 100 days, helping teams defend smarter.

Built for Northern Europe’s Next Decade of Growth

As Northern Europe is a leader in digital innovation, the stakes for cybersecurity have never been higher. Trust, transparency and compliance are not simply checkboxes, but are competitive advantages.

IBM and Palo Alto Networks are helping organizations across the region turn that reality into action. By uniting AI-powered automation, cloud-native security and deep industry expertise, they’re enabling enterprises to move faster, reduce complexity and strengthen resilience. This is achieved while enabling alignment with the region’s evolving frameworks, such as NIS2, DORA and the EU AI Act.

To stay ahead, security can no longer be a fragmented layer sitting outside transformation; it must be the foundation that powers it. With IBM and Palo Alto Networks, organizations gain a unified security platform built for the next decade of digital progress – one that protects every connection, every line of code and every moment of innovation.

Resilient. Compliant. Unified.

That’s the future of cybersecurity in Northern Europe.

Learn how IBM and Palo Alto Networks can help your organization simplify complexity and strengthen resilience.

The post Unified AI-Powered Security appeared first on Palo Alto Networks Blog.

Modernizing Vulnerability Sharing for a New Class of Threats

In cybersecurity, vulnerability information sharing frameworks have long assumed that conventional threats exploit flaws in software or systems, and they can be resolved with patches or configuration updates. AI and machine learning (ML) models upend that premise as adversarial attacks, like poisoning and evasion, target the unique way AI models process information. Consequently, the risks for AI systems include tactics like model poisoning (from evasion attacks) in datasets and training, which are not conventional software vulnerabilities. These new vulnerabilities fall outside the scope of traditional cybersecurity taxonomies like the Common Vulnerabilities and Exposures (CVE) Program.

There is a need to bridge the gap between the existing cybersecurity vulnerability sharing structure and burgeoning efforts to catalog security risks to AI systems. Provisions in the White House AI Action Plan, which Palo Alto Networks supports, call for the creation of an AI Information Sharing and Analysis Center (AI-ISAC), reinforcing the importance of addressing that disconnect. This integration is essential, as leveraging the existing, widely adopted cybersecurity infrastructure will be the fastest path to ensuring these new standards are accepted and operationalized.

Established Construct for Vulnerability Management and Disclosure

The global cybersecurity community relies on a mature infrastructure for sharing standardized vulnerability intelligence. Central to this ecosystem is the CVE List, established in 1999 as the authoritative catalog of cybersecurity vulnerabilities. Through CVE IDs and a network of CVE Numbering Authorities (CNAs), this framework enables consistent vulnerability documentation and disclosure.

Similarly, the Common Vulnerability Scoring System (CVSS) provides standardized severity assessments, allowing security teams to prioritize responses. Together with resources like the National Vulnerability Database (NVD) and CISA’s KEV Catalog catalog, these tools form the backbone of global vulnerability management, information sharing and coordinated disclosure.

Why AI Breaks the Traditional Model

While this infrastructure has served the cybersecurity community effectively for over two decades, it was designed around traditional threat models that AI systems substantially upend. Attacks on AI systems represent a critical departure from traditional cybersecurity threats as they operate insidiously, subtly corrupting core reasoning processes, causing persistent, systemic failures, some of which only become evident over time. Most traditional cybersecurity tools are not equipped to recognize those breakdowns because they assume deterministic behavior and rules-based logic. AI systems defy those assumptions because AI is probabilistic, not deterministic. Consequently, attacks on AI models may remain hidden for extended periods.

Unlike traditional cybersecurity threats that target code, adversarial AI attacks target the underlying data and algorithms that govern how AI systems learn, reason and make decisions. Consider the following predominant adversarial attack methodologies on machine learning:

• Poisoning attacks inject malicious data into training datasets, corrupting the model's learning process and creating deliberate vulnerabilities or degraded performance.
• Inference-related attacks exploit model outputs to extract sensitive information or learn about its training data. This includes model inversion, which reconstructs sensitive data from the model's outputs, as well as membership inference, which identifies whether specific data points were used in training.

The expansion of existing security frameworks and programs is necessary to cover the enumeration, disclosure and downstream management of security risks to AI systems.

Advancing AI Security Through the AI Action Plan

In July, the Administration unveiled the AI Action Plan, an innovation-first framework balancing AI advancement with security imperatives. The Plan prioritizes Secure-by-Design AI technologies and applications, strengthened critical infrastructure cybersecurity and protection of commercial and government AI innovations.

Notably, it recommends establishing an AI Information Sharing and Analysis Center (AI-ISAC) to facilitate threat intelligence sharing across U.S. critical infrastructure sectors and encourages sharing known AI vulnerabilities, “tak[ing] advantage of existing cyber vulnerability sharing mechanisms.” These provisions affirm that AI security underpins American leadership in the field and, where possible, should be built upon existing frameworks.

Redefining Boundaries for AI Threats

To position the CVE Program for the AI-driven future, Palo Alto Networks is engaging directly with industry and program stakeholders to chart the path forward. Traditionally, the CVE Program serves as an ecosystem-wide central warning system. It provides a unified source of truths for security risks. A security risk catalog and identification system are needed for AI systems, as they currently fall outside the traditional scope of the CVE Program that has focused exclusively on vulnerabilities rather than on malicious components. The historical aperture of the current CVE Program excludes harmful artifacts, such as backdoored AI models or poisoned datasets, which represent fundamentally different attack vectors, in turn creating security blind spots.

Securing AI’s Promise

The United States leads in AI innovation and must equally lead in securing it. As momentum builds behind the AI Action Plan and the establishment of the AI-ISAC, we have a critical window to shape information sharing frameworks of the future. The goal is to ensure that cybersecurity and AI security infrastructure advance in unison with the technology itself. Integrating new AI vulnerability standards into trusted frameworks like the CVE Program aligns with industry focus and needs. Through proactive, coordinated action, we can unlock AI’s full promise while safeguarding the models that are embedded in the critical systems on which our nation depends.

The post Bridging Cybersecurity and AI appeared first on Palo Alto Networks Blog.

The New Frontier of Agentic Development: Accelerating Developer Productivity

The world of software development is undergoing a rapid transformation, driven by the rise of AI agents and autonomous tools. Factory is advancing this shift through agent-native development, a new paradigm where developers focus on high-level design and agents, called Droids, handle the execution. Designed to support work across the software development lifecycle, these agents enable a new mode of development, delivering significant gains in speed and productivity, without sacrificing developer control.

As developer workflows increasingly rely on autonomous development agents, the way software is built evolves. This shift introduces important security considerations, such as prompt injection, sensitive data loss, unsafe URL access and malicious code execution, which, if left unaddressed, can undermine the very benefits these agents offer. Accelerating productivity depends not just on deploying agents, but on deploying them securely. This is where Palo Alto Networks, with its purpose-built AI security platform, Prisma^® AIRS™, plays a critical role.

The Productivity Paradox: Where Agents Introduce Risk

Autonomous agents operating across the software development lifecycle accelerate developer productivity, while also introducing a complex, language-driven threat surface that traditional security tools are not equipped to handle. As a result, new risks emerge, such as prompt injection or leaking secrets that extend beyond the visibility and control assumptions of traditional security approaches. Addressing these considerations is essential to preserving the benefits that agentic development provides.

Recognizing this shift, Palo Alto Networks has introduced targeted capabilities to accelerate secure development workflows. These efforts focus on three critical defense areas: preventing prompt injection, blocking sensitive data leaks and enabling robust malicious code detection capabilities, all of which are necessary to secure the full lifecycle of agent-driven systems.

The Solution: Securing Agentic Workflows for Acceleration

The solution is designed to convert security challenges directly into deployment confidence, dramatically accelerating productivity. By natively integrating Prisma AIRS within Factory’s Droid Shield Plus, the platform is able to inspect all large language model (LLM) interactions, including prompts, responses and subsequent tool calls, to enable comprehensive security across each interaction with the agent.

Prisma AIRS is a comprehensive platform designed to provide organizations with the visibility and control needed to safeguard AI agents across any environment. The platform continuously monitors agent behavior in real time to detect and prevent threats unique to agent-driven systems.

How Security Drives Speed

Embedding security natively into the Factory platform enables two crucial outcomes. To start, it delivers a secure, agent-native development experience for every developer, fostering immediate trust in the integrity of the generated code and documentation. This assurance removes friction often associated with AI-powered workflows, which can accelerate enterprise adoption and scaling of the Factory platform across the organization.

When developers can trust the agents and the integrity of the generated code and documentation, they can innovate faster and deploy with greater confidence. Instead of waiting for security reviews or dealing with fragmentation, security is woven seamlessly into the development lifecycle.

The integration follows a clear API Intercept design pattern:

• When a user enters a prompt or initiates work in Factory, Prisma AIRS intercepts the workflow. If a malicious prompt is detected, the platform can add logic to coach or block the user.

• Similarly, after the LLM generates code, Prisma AIRS intercepts the generated content. If secrets are detected, the platform again adds logic to coach or block the result before it reaches Factory or the user.

This real-time inspection of prompts and generated code enables development teams to be protected against threats, such as privilege escalation, prompt injection and malicious code execution, without disrupting developer velocity.

Deploy Bravely

Prisma AIRS 2.0 establishes a unified foundation for scalable and secure AI innovation. By combining Factory’s agent-native development platform with the threat detection capabilities of Palo Alto Networks Prisma AIRS, organizations gain a powerful advantage. Together, this approach helps organizations adopt agentic development with confidence by embedding security directly into the development experience.

For enterprises looking to confidently scale AI automation and realize the immense productivity gains offered by Factory’s Droids, integrating Prisma AIRS is the next step. This combined approach enables teams to "Deploy Bravely." To learn more about this strategic partnership and integration, see our latest integration announcement and review the Droid Shield Plus integration documentation.

---

Key Takeaways for Secure Agentic Development

When adopting Factory with Prisma AIRS, enterprises realize immediate benefits that accelerate their AI strategy:

1. Specialized Threat Defense
   Enterprises gain real-time, targeted protection against agent-specific threats, specifically prompt injection attacks and data leaks, which legacy tools cannot address.
2. Native, Seamless Security
   Moving from a fragmented review process to a continuous, automated defense via API Interception, security enables compliance without slowing down development velocity.
3. Deployment Confidence
   The native integration transforms security risks into operational assurance, accelerating the large-scale enterprise adoption and scaling of your Factory agent-native automation initiatives.

The post Prisma AIRS Secures the Power of Factory’s Software Development Agents appeared first on Palo Alto Networks Blog.

Artificial intelligence has shifted to being the primary engine for market leadership. To compete, enterprises are shifting from general-purpose computing to AI factories, specialized infrastructures designed to manage the entire lifecycle of AI. However, this transition requires robust security without sacrificing performance and efficiency.

We are proud to announce that Palo Alto Networks Prisma^® AIRS™, accelerated on the NVIDIA BlueField data processing unit (DPU), is now part of the NVIDIA Enterprise AI Factory validated design.

The integrated solution embeds zero trust security directly into the AI infrastructure, providing comprehensive protection without impacting AI performance. By deploying Palo Alto Networks Prisma^® AIRS™ Network Intercept directly onto the NVIDIA BlueField and extending to the cloud, Prisma AIRS establishes an essential zero trust governance fabric for the AI factory, enabling enterprises to accelerate innovation while maintaining control.

This critical architectural shift enables optimal AI performance and infrastructure efficiency by offloading security processing to an isolated domain, while leveraging the DPU's hardware acceleration via NVIDIA DOCA to enforce security policies at line speed. The implementation also leverages real-time workload information captured using DOCA Argus, which is then passed to Cortex XSIAM^® where it is used for AI-driven responses using the Cortex XSOAR^® orchestration platform.

Rich Campagna, SVP Product Management, Palo Alto Networks said:

The AI Factory is the new engine for value creation, and securing it is a board-level imperative. The validation of Palo Alto Networks Prisma AIRS accelerated with NVIDIA BlueField within the NVIDIA Enterprise AI Factory enables a new security architecture for the AI era. We are embedding trust directly into the infrastructure, giving leaders the confidence to safeguard their proprietary intelligence and deploy AI bravely.

Kevin Deierling, senior vice president of Networking at NVIDIA said:

AI is transforming every industry and security must evolve to protect AI factories. To be scalable, security must be distributed and embedded within the AI infrastructure. This is achieved with NVIDIA BlueField running Palo Alto Networks Prisma AIRS to deliver robust, runtime security for the AI factory, with optimal AI performance and efficiency.

Deploy AI Bravely with a Future-Proof Foundation

The Future of Secure AI Factories

In addition to deploying Palo Alto Networks Prisma AIRS on NVIDIA BlueField in a distributed model, it’s essential to maintain a centralized Hyperscale Security Firewall (HSF) cluster at the ingress and egress points of the AI factory to enforce a defense-in-depth strategy. Beyond network segmentation, individual workloads can selectively route traffic through hyperscale clusters to detect advanced application-layer threats and prevent lateral movement. These hyperscale firewall clusters scale elastically with demand, delivering session resiliency and the high availability required for critical AI operations.

This architecture fundamentally improves the Total Cost of Ownership (TCO) for AI infrastructure. By isolating security functions on BlueField, enterprises enable 100% of host computing resources to be dedicated to AI applications. This elimination of resource contention allows the AI Factory to maximize token throughput and capital efficiency.

This validated design is the blueprint for immediate efficiency. It provides a seamless path for enterprises to shift from general-purpose clusters to secure AI factory infrastructure without costly overhauls. More importantly, this collaboration establishes an unparalleled roadmap for future-proofing your investment. By securing operations with the high-performance NVIDIA BlueField-3 today, the architecture is inherently ready for the next generation, NVIDIA BlueField-4. This forward compatibility helps AI factories immediately handle gigascale demands, scaling up to 6X the compute power and doubling the bandwidth when BlueField-4 becomes available.

The inclusion of the Palo Alto Networks Prisma AIRS platform in the NVIDIA Enterprise AI Factory Validated Design bolsters enterprise AI security. By establishing the zero trust governance fabric of Prisma AIRS runtime security on NVIDIA BlueField, organizations gain a comprehensive defense. Proprietary and sensitive data is secured throughout the entire stack, and models are protected from adversarial threats, such as prompt injection attacks. With Prisma AIRS, the world's most comprehensive AI security platform, leaders gain the confidence to innovate and deploy AI bravely. This validated design is the essential blueprint for securely accelerating your market leadership without compromising security.

Join our "How to Secure the AI Factory" breakout session at NVIDIA GTC 2026, March 16-19, in San Jose, CA to hear more about this transformative solution and accelerate your AI innovation securely.

The post Palo Alto Networks Announces Support for NVIDIA Enterprise AI Factory appeared first on Palo Alto Networks Blog.

Transforming Real-Time Protection with Cloud-Delivered Security Services

Discover how unified prevention provides IT leaders with real-time protection across every attack surface.

The line between innovation and exposure has never been blurred in today’s hyperconnected digital world. Every new device, application and cloud workload expands the modern attack surface, creating endless opportunities for adversaries who are scaling faster and becoming more sophisticated than ever before. The threat landscape is no longer defined by isolated malware or phishing emails. The modern attack surface has evolved into a dynamic, adaptive ecosystem, driven by automation and artificial intelligence. Traditional security is no longer enough against AI-powered adversaries; protecting the modern attack surface demands a unified, intelligent Cloud-Delivered Security Services (CDSS) platform.

Attackers have learned to weaponize the same innovations that once gave defenders an advantage. Generative AI now enables them to craft convincing phishing messages, generate polymorphic malware that changes with every delivery, and automate reconnaissance at an unprecedented scale. Ransomware groups operate with the speed and agility of modern startups, using AI to identify weaknesses while staying one step ahead of detection. The result is an era where breaches unfold in minutes rather than days. Organizations are left with little room for error, underscoring the urgent need for security that goes beyond traditional approaches.

The Power of a Unified, Cloud-Delivered Security Service Platform

The power of our Cloud-Delivered Security Services lies in our ability to bring together every layer of protection into a single, intelligent, connected system. This unified platform combines Advanced Threat Prevention, Advanced WildFire^® (AWF), Advanced DNS Security (ADNS) and Advanced URL Filtering (AURL) into a single AI-powered fabric that operates at the speed of the cloud.

Powered by Precision AI^®, this framework delivers real-time contextual awareness across every stage of the attack lifecycle. It continuously analyzes billions of signals across networks, users and applications to transform raw data into actionable insights. This capability enables organizations to move from reactive detection to proactive prevention, stopping threats before they can disrupt operations.

Every day, our CDSS services analyze up to 5.43 billion new events, detect nearly 8.95 million never-before-seen attacks, and block up to 30.9 billion threats inline. This scale of visibility is strengthened by AI that’s trained on shared threat data from more than 70,000 customers, creating a powerful network effect that delivers patient-zero prevention everywhere. This depth of intelligence provides the visibility and context needed to understand and stop even the most sophisticated attacks as they evolve.

Shared telemetry flows naturally across services, helping ensure threats are detected and prevented without operating in silos. A phishing domain identified by Advanced DNS Security can immediately inform Advanced URL Filtering to block the malicious site. When Advanced WildFire uncovers a new zero-day technique or malicious artifact, that intelligence is shared instantly across the CDSS intelligence layer. Inline services, like Advanced Threat Prevention and Advanced URL Filtering, are enabled to strengthen protections in real time without manual intervention.

For IT leaders and security teams, this unified approach delivers comprehensive visibility and protection that keeps pace with their environment. Continuous intelligence adapts as conditions change, reducing complexity and improving operational efficiency. With consistent policy enforcement, faster decision-making and unified management across the enterprise, organizations can shift their focus from maintenance to innovation and growth.

The Moment Traditional Security Stopped Being Enough

There was a time when traditional network security was enough. Perimeter defenses and signature-based tools could reliably detect and block most threats before they caused harm. For years, this layered approach gave organizations a sense of confidence and control. But that moment has passed.

Our Unit 42® team has found that attacks are now faster, more sophisticated and more disruptive than ever, with 86% of major incidents in 2024 resulting in business disruption. This shift underscores how quickly traditional defenses are being outpaced and why yesterday’s security models no longer match today’s threat landscape.

Traditional, siloed architectures simply cannot keep up with modern attackers. What once served as a strong defense is now outmatched by adversaries who use AI to move faster and slip through the cracks of static security controls. Attackers no longer need to rely on predictable patterns or known exploits. They can use machine learning to probe defenses, mimic legitimate activity and disguise malicious activity within normal traffic, allowing them to bypass systems once they are considered unbreakable.

Older security products that depend on static signatures or manual policy updates cannot match this speed and scale. They respond to what has already happened, not to what is happening right now. By the time a new rule is written or a patch is applied, the threat has already evolved. Fragmented visibility and delayed response times give adversaries the upper hand, leaving IT teams defending blind against threats that adapt and shift faster than their defenses ever could.

In an effort to compensate, many organizations continue to add more tools: One for web filtering, one for DNS, one for malware analysis and one for data protection. While each solution provides value, they rarely work together. The result is an overcomplicated ecosystem of disconnected products that create visibility gaps, duplicate alerts, inconsistent policy enforcement and operational overhead. These gaps are exactly where attackers find their opportunity.

The moment traditional security stopped being enough was the moment attackers learned to think and move like machines. The rise of AI-powered threats marked the end of static defense and the beginning of a new kind of warfare, one that demands prevention and is predictive, adaptive and unified.

Today, enterprises don’t need more point products. They need a single, intelligent security fabric so they can see, understand and act across every vector, from DNS to SaaS to endpoint, in one coordinated motion. Attackers increasingly weaponize GenAI to craft more evasive phishing pages, malware and domain infrastructures. So, security teams must rely on defenses that can counter these techniques in real time by effectively battling AI with AI.

That is where cloud-delivered security services (CDSS) redefine the game, bringing AI-driven prevention to every corner of the network.

Your Defense Is Only as Strong as What’s Enabled

Having the proper security tools is only part of the equation. Real protection comes when those tools are fully enabled, integrated and working together to secure the organization. Cloud-delivered security services deliver their greatest value when they are live and continuously analyzing traffic, sharing intelligence and adapting in real time to support the business.

Too often, organizations have the right capabilities in place but leave them underutilized or inactive. Protection begins the moment each service is turned on and working in unison to deliver real-time prevention at scale. Ensuring that these capabilities are fully enabled and actively defending the network is what turns investment into impact.

Prevention is about readiness, not reaction. The most resilient organizations are those that activate early, integrate completely and allow automation to amplify what human oversight cannot. When IT leaders enable Advanced Threat Prevention, AWF, ADNS and AURL, prevention becomes continuous, intelligent and aligned with the pace of modern threats.

The power of our CDSS lies in both their advanced technology and the unity they create. Together, these services form an intelligent defense that connects detection, prevention and response into one seamless operation, all powered by Precision AI.

Now, with AI reshaping both innovation and risk, CDSS helps organizations stay confidently ahead. IT leaders who enable these capabilities strengthen visibility, simplify operations and elevate their overall security posture.

Fully enable your defenses and have them ready to prevent threats at each stage of the attack lifecycle. Learn more about activating CDSS through Strata™ Cloud manager or speak with your Palo Alto Networks representative to see how unified, AI-powered prevention can strengthen your organization’s security posture.

---

Key Takeaways

1. Traditional Security Is Insufficient Against Modern Threats
   The rise of AI and automation has created an era in which attackers move faster and are more sophisticated than traditional, siloed security products can handle, leading to an increasing number of major incidents that disrupt business.
2. Unified Cloud-Delivered Security Services (CDSS) Are Necessary for Proactive Prevention
   Protecting the modern attack surface requires a single, intelligent, connected CDSS platform that unifies all layers of protection (e.g., Advanced Threat Prevention, AWF, ADNS, AURL) into an AI-powered fabric, enabling proactive, real-time prevention rather than reactive detection.
3. Real Protection Depends on Full Activation and Integration
   Having the right security tools is only part of the solution. The greatest value and protection are realized when your fully enabled CDSS is integrated and working in unison to continuously analyze traffic and share intelligence.

The post The Power of Unity appeared first on Palo Alto Networks Blog.

The intersection and evolution of operational technology (OT) and information technology (IT), as well as the cybersecurity risks associated with both are becoming increasingly critical business challenges for organisations of all sizes, across all geographies.

As digital transformation expands into OT environments, convergence with IT systems is inevitable. This convergence may generate exciting business opportunities, such as creating new sources of income and improving business outcomes, but it also presents new cybersecurity risks and complexities, for which many industry leaders are not prepared.

Why Is OT/IT Convergence So Complex?

There are many overlapping forces driving the OT and IT worlds together, creating a hairball of complexity from varying sources:

• People: OT and IT communities are historically different in many ways (technological, operational, regulatory and culturally) and have different priorities and focuses.
• Technology: The age of technology in OT environments means that legacy equipment and machinery are often incompatible with the latest IT software, increasing their vulnerability to cyberthreats.
• Mindsets: Historically, ‘secure by design’ has not been a focus in OT. System uptime and employee safety have traditionally been prioritised over cybersecurity in OT environments, unlike IT where cybersecurity is ingrained.

Understanding the Risk and Impact

OT/IT cybersecurity is a strategic issue, not just a technical requirement, and it must be designed into systems as early as possible. The consequences of not acting from the start far outweigh any advantages gained by disregarding the issue.

This is particularly true for critical infrastructure, such as water purification systems, power grids, air traffic control systems, communications networks and battlefield command-and-control systems, all of which are open to potential cybersecurity risk. Always assume that your adversaries are willing to exploit your Achilles heel when it comes to securing OT/IT systems.

Key Attention Areas in OT/IT Convergence

All senior business leaders should consider the following areas with OT/IT convergence and cybersecurity:

1. Mindset: Industry leaders need the right mindset to balance cybersecurity best practices with a seemingly endless number of new devices and data sources caused by OT/IT convergence.
2. Technology: Technologies, such as artificial intelligence, machine learning and cloud computing, represent both opportunities and threats in the world of OT/IT cybersecurity. Modern technology systems must be built with tomorrow’s security risks in mind.
3. Compliance: The NIS Directive and its follow-on NIS2 Directive outline the responsibility for organisations to take reasonable steps toward a solid cybersecurity posture. This applies to the increasingly digital OT world because of the classification of many OT systems as a critical infrastructure.
4. Teams: Organisations need to recognise and confront the cultural silo separating OT and IT teams in order to reduce complexity, promote collaboration and achieve a reliable, frictionless state of OT/IT cybersecurity.
5. The cloud, data and device proliferation: When digital OT systems are infected, the attacks easily and quickly move laterally over a mesh of intersecting networks, carrying ‘digital germs’ with them. The risk here is high, particularly with the huge proliferation of devices and data from converged workloads in the cloud.
6. The future: There is a growing urgency from business stakeholders to make OT systems more digitally driven to ensure agility and efficiency. Boards that are now prioritising OT/IT cybersecurity are making a strong statement about the business implications to this strategy.

Next Steps

To help you understand and prepare for the cybersecurity risks inherent at the intersection of OT and IT, we have captured insights and recommendations from forward-thinking industry experts in a new guide: Executive Edge: Peer Insights - Complexity at the intersection of IT and OT.

This Peer Insights guide for C-suite executives explores how to streamline security, reduce complexity, and anticipate threats across the IT/OT environment, ultimately helping you drive change within your organisation.

Download the Peer Insights guide.

The post The Strategic Imperative for OT/IT Convergence appeared first on Palo Alto Networks Blog.

The transformative potential of artificial intelligence (AI) across industries is undeniable. But realizing AI's true value hinges on three cybersecurity imperatives: Understanding the AI-cybersecurity nexus, harnessing AI to supercharge cyber defense, and embedding security into AI tools from the ground up through Secure AI by Design.

Nowhere is this convergence more urgent than in financial services. Sitting at the center of our global economy, financial institutions face a dual mandate: Embrace AI for cybersecurity and cybersecurity for AI.

I was honored to cover these key principals in my testimony before the House Committee on Financial Services, led by Chairman French Hill. The hearing, entitled “From Principles to Policy: Enabling 21st Century AI Innovation in Financial Services” convened witnesses from Palo Alto Networks, Google, NASDAQ, Zillow and Public Citizen. Together, we examined AI use cases in the financial services and housing sectors, including those specific to cybersecurity. We assessed how existing laws and frameworks apply in the age of AI.

The Defense Advantage Is AI-Powered Security Operations

Attacks have become faster, with the time from compromise to data exfiltration now 100 times faster than four years ago. The financial sector bears disproportionate risk, given the value of its data and interconnected systems, while firms contend with evolving regulatory expectations, talent shortages and the persistent tendency to elevate cybersecurity only after an incident.

Generative and agentic AI intensify these pressures by accelerating every phase of the attack chain, from deepfake-driven fraud to tailored spear phishing campaigns. Our researchers at Unit 42^® have found that agentic AI, autonomous systems that can reason and act without human intervention, can compress what was once a multiday ransomware campaign into roughly 25 minutes.

To keep pace, financial institutions must pivot to AI-driven defenses that operate at machine speed.

Security operations centers (SOC) have long been overwhelmed by traditional alerts and fragmented data. Security teams, forced into manual triage across dozens of disparate tools, face an inefficient model that leaves vulnerabilities exposed, burns out analysts and makes it impossible to operate at the speed necessary to outpace modern attacks.

The average enterprise SOC ingests data from 83 security solutions across 29 vendors. In 75% of breaches, logging existed that should have flagged anomalous behavior, but critical signals were buried. With 90% of SOCs still relying on manual processes, adversaries have the clear advantage.

AI-driven SOCs flip this paradigm, acting as a force multiplier to substantially reduce detection and response times. To illustrate the scale of this necessity, consider our own security operations. Palo Alto Networks SOC analyzes over 90 billion events daily. Without AI, this would be an impossible task for human analysts. But by applying AI, we distill that down to a single actionable incident.

Financial institutions migrating to AI-driven SOC platforms are seeing transformative results:

• One customer reduced the Mean Time to Respond (MTTR) from one day to 14 minutes.
• Another prevented 22,831 threats and processed 113,271 threat indicators in less than 5 seconds.
• A large bank saved 180 hours per year by automating security information and event management reporting; 500 hours through automated data collection; 360 hours by automating four Chief Technology Officer playbooks; and 240 hours with automated threat intelligence enrichment.

These improvements are critical to stopping threat actors. But none of this would be possible without AI.

Securing the New AI Attack Surface

As AI adoption grows, it will further expand the attack surface, creating new vectors targeting training data and model environments. AI's rapid growth is outpacing the adoption of security measures designed to protect it. Nearly three-quarters of S&P 500 companies now flag AI as a material risk in their public disclosures, up from just 12% in 2023.

Traditional security tools rely on static rules that miss advanced attacks, like multistep prompt injections or adversarial manipulations. Autonomous AI agents can take unpredictable actions that are difficult to monitor with legacy methods.

Rapid AI adoption has exposed organizations' infrastructure, data, models, applications and agents to unique threats. Unlike traditional cyber exploits that target software vulnerabilities, AI-specific attacks can manipulate the foundation of how an AI system learns and operates.

A Secure AI by Design

Even with an understanding of the risks, many organizations struggle with the lack of clarity on what effective AI security looks like in practice. Recognizing the gap between intent and execution, Palo Alto Networks developed a Secure AI by Design policy roadmap that provides organizations with a comprehensive roadmap that integrates security throughout the entire AI lifecycle.

A proactive stance ensures security is a feature, not an afterthought, crucial for building trust, maintaining compliance and mitigating risks. The approach addresses four imperatives organizations most pressingly face in AI adoption:

1. Secure the use of external AI tools.

2. Secure the underlying AI infrastructure and data.

3. Safely build and deploy AI applications.

4. Monitor and control AI agents.

The Path Forward

For financial institutions, Secure AI by Design must be anchored in enterprise governance. Institutions should maintain risk-tiered AI inventories, enforce strict access controls and implement testing commensurate with risk. Governance structures should enable board oversight and align with established model risk practices.

Policymakers also have a critical role to play in promoting AI-driven security operations, championing voluntary Secure AI by Design frameworks, ensuring policies safeguard innovation, enabling controlled experimentation and strengthening public-private collaboration.

Ultimately, the financial institutions that will thrive will recognize cybersecurity as the foundation that makes innovation possible. By embracing AI-driven defenses and securing AI systems from the ground up, the sector can confidently unlock AI's transformative potential while safeguarding the trust and stability that underpin the global economy.

Read the full testimony to learn more about how cybersecurity can enable AI innovation in financial services.

The post From the Hill: The AI-Cybersecurity Imperative in Financial Services appeared first on Palo Alto Networks Blog.

If 2025 proved anything, it’s that no one wins alone in cybersecurity. AI-driven threats accelerated, and environments grew more complex while enterprises pushed hard for simplicity, integrated protection and security outcomes that deliver measurable results and meaningful value.

In response, we saw our partners around the globe lean into integration, treat AI as a built-in advantage and use the strength of our ecosystem as a force multiplier. The result: What could have been a disruptive year instead became one defined by growth and learning across our partner community.

Now, those lessons are guiding how Palo Alto Networks plans to partner with even greater precision in 2026. We remain a channel-first company that’s all-in on our ecosystem and united with our partners in a shared purpose to protect our customers’ digital future. But we also intend to double down in several areas in the year ahead, and we’re asking our partners to join us in doing the same.

1. Simplifying Security Through Integration

One message from customers that came through loud and clear in 2025 is that complexity is the enemy of resilience. Many enterprises are grappling with tool sprawl – multiple consoles, disconnected policies and overlapping investments that slow down their teams when speed and agility matter most.

The partners who delivered some of the most transformative results for organizations this year were those who chose integration over complexity and collaboration over siloed tools. With a laser focus on simplifying security, they were able to help customers:

• Consolidate fragmented point tools onto a unified security platform.
• Align visibility across the network, cloud and security operations center (SOC), so teams can respond faster.
• Build architectures with zero trust and AI-powered detection at the core.

We saw this simplifying-security trend through integration across our ecosystem. Partners unified cloud security and detection workflows through Cortex^® Cloud™ and Cortex. Teams modernized network architectures with tighter integration across our platform. We expect this activity to only accelerate in the coming year as our cloud security offerings continue to evolve.

When we innovate together, customers gain stronger defenses and a faster time-to-value. That’s why Palo Alto Networks has invested so heavily in platformization. When you connect our capabilities across network security, cloud security and security operations (wrapping them with your consulting, delivery and managed services) customers can experience something fundamentally better. With fewer gaps and clearer signals, they can build a security posture that’s built for the speed of modern threats.

In 2026, deep integration will remain a cornerstone of how we partner with precision. We’ll continue aligning our portfolio, programs and joint engagement model, so you can build offerings that reduce complexity for customers and create stronger differentiation for your business.

2. Making AI a Built-in Advantage

At Palo Alto Networks, our approach to AI in cybersecurity is straightforward. We believe AI must be embedded, not bolted on. It has to live in the data, analytics and workflows your teams rely on every day. That’s the thinking behind Precision AI^®, and it’s why we built AI capabilities into our platform’s core.

Partners who treated AI as a platform capability rather than a standalone tool delivered some of the strongest outcomes for customers in 2025. They were able to meet customers’ needs and deliver business outcomes in a single, unified approach. They helped organizations:

• Detect and respond to threats faster with AI-assisted analytics.
• Use automation to streamline change, investigation and response workflows.
• Tie AI to tangible outcomes, such as reduced risk, higher productivity and a better user experience.

In 2026, we’ll double down on AI across the platform and invest in the tools, content and enablement you need to bring those capabilities to life. Our focus is on making it easier for you to build AI-powered services that are repeatable and aligned to the outcomes customers expect.

Upcoming program changes reflect that intent. We’ll promote next-generation security as a growth engine and invest in ways that strengthen partner profitability across consulting services, resale, quality delivery, technical support and managed security services.

3. Ensuring Our Ecosystem Can Be a Growth Engine for Everyone

As AI raised the bar for both attackers and defenders in 2025, the partners who leaned into platformization and outcome-driven services were the ones who helped customers stay ahead of the curve. Those successes are now shaping how we strengthen and scale the partner ecosystem in 2026.

Our ecosystem isn’t just a route to market; it’s intended to be an economic engine for everyone involved. This year, many partners grew their business by building practices around our platform and aligning their services with where customers needed the most support: strategy, implementation, optimization, ongoing operations. We saw especially strong momentum from partners’ expansions:

• Consulting and advisory services around zero trust and AI-driven transformation.
• Resale opportunities centered on platform consolidation and next-generation security.
• Quality delivery and technical support that keep deployments reliable and current.
• Managed security services that give customers 24/7 protection and expert oversight.

These achievements reflect the value exchange at the heart of our ecosystem. Palo Alto Networks invests in platformization, AI and enablement, while our partners bring delivery expertise, regional insight and service innovation. Together, we create outcomes neither of us could deliver alone.

In 2026, we plan to build on that momentum and drive even greater partner profitability. Program evolutions will focus on growth across the full lifecycle, from initial design and implementation to long-term operation and optimization. We’re also expanding collaboration with our technology alliances to build new joint offerings and solution plays that the ecosystem can take to market together.

When we combine our platform, your expertise and the capabilities of our Alliance partners, then customers gain more paths to adopt next-generation security with confidence, and you gain more opportunities to develop differentiated, high-value practices.

Keeping Customers at the Center

At the heart of every partner collaboration is the customer, of course. Everything we build, integrate and advance together starts and ends with protecting them. This year, ecosystem alignment delivered measurable impact for our customers across industries. When partners lead with integrated solutions anchored in our platform, organizations saw visible improvements:

• Faster deployment of secure solutions.
• Reduced complexity with unified visibility.
• Greater confidence in defending against today’s AI-driven threats.

We saw this firsthand in joint wins across cloud security transformations, zero trust modernization and AI-assisted threat detection. When our ecosystem moves together, customers can move faster, operate more securely and achieve meaningful outcomes. Customer success is the foundation of everything we do as a partner-led organization, and it will remain our North Star in 2026.

Partnering with Precision in 2026 and Beyond

What we learned and achieved together in 2025 points us toward a clear focus for 2026 to advance ecosystem-led innovation, so we can deliver outcomes that matter most to our customers.

With that mission in mind, we will focus on the following four priorities:

• Deeper Integration – Expanding API partnerships and strengthening interoperability across the platform.
• Co-Innovation – Enabling partners to build solutions tailored to industry needs and use cases.
• Empowered Enablement – Investing in learning, automation and AI capabilities that fuel differentiated, profitable services.
• Simplified Engagement – Streamlining programs and tools, so that partnering with us is faster and more rewarding.

These priorities highlight the real strength of our ecosystem: How platformization, AI and partner expertise come together to enable what we could not build alone.

Finally, to our partners and customers, thank you. Your trust, collaboration and commitment push us to innovate boldly and continuously. As we enter the new year, I’m excited about what we’ll build together. When we align our AI-powered platform, our partner programs and your expertise in delivery, services and managed security, we can deliver something far greater than a set of solutions.

We’re a powerful team that’s not just defending against what’s next; we’re defining the future of cybersecurity. And together, we’re unstoppable.

Partners, join us in shaping the next chapter of secure, AI-powered innovations. Connect with your Channel Business Manager to align on 2026 opportunities, upcoming program updates and ways we can elevate customer outcomes together. Visit the partner portal to learn more.

---

Key Takeaways

• Integration beats complexity.
  Unifying technology, data and expertise drove the strongest outcomes in 2025, helping partners reduce risk and accelerate time-to-value for customers.
• AI is a built-in advantage.
  By tapping into AI embedded across our cybersecurity platform, partners can address security and business outcomes simultaneously and deliver repeatable, profitable, AI-powered services.
• The partner ecosystem is a growth engine, and together, we’re unstoppable.
  Our 2026 priorities focus on deeper integration, coinnovation, empowered enablement and simplified engagement that drive partner profitability and stronger customer outcomes.

The post Partnering with Precision in 2026 appeared first on Palo Alto Networks Blog.

Every year, the cloud is becoming more distributed, automated and tightly wired into the business. Every day, adversaries compress the timeline between compromise and data exfiltration. What once took them 44 days now takes minutes. For the fifth year in a row, Palo Alto Networks State of Cloud Security Report 2025 captures the changes both big and small that security leaders are navigating in the market today. Our report reveals that the rapid adoption of enterprise AI is fueling an unprecedented surge in cloud security risks, driving a massive expansion of the attack surface. We found that 99% of organizations experienced at least one attack on their AI systems within the past year, and the acceleration of GenAI-assisted coding is outstripping security teams' capacity to keep pace. What’s missing isn't just visibility, it’s alignment.

Our research, drawing on insights from more than 2,800 security leaders, surfaces the critical cost of misalignment across teams, tools and workflows. This report provides key benchmarks to help inform the decisions that shape your cloud strategy as we track where teams gain ground, where they struggle, and how the threat landscape, now accelerated by AI, is evolving.

The Cloud Attack Surface Is Expanding with AI

The biggest shift in the cloud landscape is the acceleration of risk driven by AI adoption. As cloud infrastructure expands to host the growing number of AI workloads, it has become a critical target. The introduction of GenAI into development pipelines is also compounding the problem by increasing the volume of insecure code going into production.

Of those surveyed in the 2025 report, 75% of organizations stated that they are running AI in their production environments today. That level is significant, as it points to the growing adoption and use of AI as businesses are locked in what looks like a modern arms race to bring the latest capabilities and benefits to their organizations and customers. In addition, as stated earlier, our findings confirm that 99% of organizations reported at least one attack on their AI systems within the past year. This number proves that AI needs human guardrails, as well as to be secured to contain the risk of critical data exposure by adversaries.

The AppSec Pipeline Is Not Secure Enough Yet

As AI expands the cloud attack surface and has been proven to be a significant target, we can see that code development pipelines are also being stressed by the same forces. An important trend from the 2025 report is the rise of GenAI-assisted coding (vibe coding), used by 99% of respondents. The use of vibe coding is generating insecure code faster than security teams can review it. The acceleration creates a massive risk gap: 52% of teams are shipping code weekly, but only 18% are able to fix vulnerabilities at that same pace. This confirms that traditional, human-led approaches to application security are inadequate, leaving security teams to fight threats with fragmented tools and slow, manual fix cycles.

As the pace of development increases, the disconnect between security assessment and remediation is becoming more apparent too. While teams are making progress by shifting away from outdated vulnerability prioritization methods, they still struggle to integrate security effectively into the development workflow. This introduces a large number of vulnerabilities into production, where 20% of organizations report that an average of 37% of their high or critical issues reach their production environments. Once in production those vulnerabilities linger, as 82% of organizations report it taking longer than a week to deploy code fixes. What is slowing teams down?

The traditional refrain toward implementing prevention that blocks risks from reaching production during rapid code development is still true today. The barriers are clear: 31% cite poor CI/CD integration and another 31% worry about slowing down development. On the positive note, only 17% rely on CVSS scores to prioritize their fixes as teams are now moving more toward context-rich decisions based on exploitability-based triage (32%) and business impact (33%).

The New Frontiers of Cloud Risk

Attackers are rapidly pivoting to exploit the foundational layers of the cloud, with a clear focus on ungoverned interfaces and overprivileged access. The volume and autonomy introduced by AI agents further accelerates this exploitation, turning minor gaps into major incidents.

Attacks on APIs Jump for 41%

APIs are the new primary entry point. Attacks on APIs increased for 41% of organizations in the last year, marking the sharpest rise of any threat category measured. As agentic AI relies heavily on APIs to operate, this explosion in usage has greatly expanded the attack surface. Furthermore, nearly every AI-related threat, including model supply chain tampering, token theft and prompt injection, involves an API boundary. This reinforces the role of ungoverned interfaces in scalable AI compromise, with 47% of AI system breaches involving data exfiltration through assistants or plugins.

Identity Still Remains the Weakest Link

Insufficient access controls remain a leading vector for credential theft and data exfiltration. 53% of organizations cite lenient identity and access management (IAM) practices as a top data security challenge. This problem is compounded by complexity. The number climbs to 57% among organizations running more than six AppSec tools, proving that the discipline required to maintain least privilege is failing to scale with tool sprawl. Data leaves through both legitimate business systems and breach events, making it fundamentally an identity problem.

The top three exfiltration vectors confirm this focus:

• SaaS sync or export misuse: 63%
• Overpermissive external sharing: 59%
• Compromised credentials or tokens: 58%

Lateral Movement Risks Persist

Once an attacker gains a foothold, they can move freely. Twenty-eight percent point to unrestricted network access between cloud workloads as a growing threat, allowing attackers to pivot across environments and turn minor compromises into major incidents.

The Growing Imperative of Cloud & SOC Must Merge

The gap between detection and resolution is where breaches succeed. Today the cloud and SOC divide is proving too slow in the face of machine-speed threats. Structural fragmentation is clearly visible in response times, while 74% of organizations detect threats within 24 hours, 30% take more than a full day to resolve them. A delay like this is caused by disjointed workflows and isolated data sources between cloud and SOC teams, which stall incident response (IR) for 50% of organizations.

The demand for consolidation shows up across the board:

• 89% of organizations believe cloud security and security operations must fully merge, not just integrate.
• Organizations currently manage an average of 17 tools from five vendors, creating fragmented data and context gaps.
• Consequently, 97% of respondents prioritized consolidating their security footprint to address the chaos of tool sprawl.

The model that worked for lift-and-shift can't contain threats that move at machine speed. Organizations are ready to collapse the distance between teams and tools.

About the Report

The State of Cloud Security Report 2025 draws from over 2,800 security leaders and practitioners across 10 countries and includes breakouts by region, industry and cloud maturity, along with the full incident data and strategic insights we’ve touched on here.

Learn More and Transform to an Agentic-First Platform

To stay ahead of adversaries who use AI to launch attacks at machine speed, human-led defense is no longer sufficient. The report emphasizes that organizations must counter with an equivalent evolution: Agentic security, leveraging autonomous agents to deliver cloud security from code to cloud to SOC.

Download the full State of Cloud Security report to see how today’s leaders are closing the gap and what we recommend.

The post Where Cloud Security Stands Today and Where AI Breaks It appeared first on Palo Alto Networks Blog.

From Fragmented Fences to Cohesive Control

The attack surface for today’s enterprises is incredibly heterogeneous and dynamic. Applications and data are in constant motion, spanning public clouds, private data centers and edge locations. Users connect from anywhere.

For security leaders, this environment has led to an explosion in not only operational complexity, but in many cases, uncertainty. ​​Together, Nutanix and Palo Alto Networks enable security to finally match the speed and scale of these dynamic hybrid cloud environments.

The security ecosystem has become vast and complex. Point solutions accumulate to address specific gaps, yet each adds another interface, another policy language and another integration to manage. However well intentioned, this sprawl can lead directly to fractured visibility, overlapping tools and operational fatigue.

Elevate Perimeter Protection to Defense-in-Depth

Enterprises today face unprecedented security complexity as hybrid and multicloud environments become the new normal. Currently, 94% of enterprises use some form of cloud service, while 89% report having a multicloud strategy in place. This distributed reality means security is paramount: while managing cloud spending is the number one operational challenge (82% overall), security remains a major concern, affecting 79% of all organizations.

Hybrid cloud adoption offers agility, but it also introduces distinct security challenges that strain traditional approaches. Adversaries have taken notice. Hybrid and multicloud environments are prime targets because they connect sensitive data, privileged accounts and critical systems across public, and on-premises infrastructure. Perimeter-based security models, built for static networks and centralized data centers, cannot keep pace in a world where apps and data continuously move between platforms.

Defense-in-depth has become essential for addressing the inherent dynamism of today’s environments. Network visibility is required to monitor and contain east-west traffic and lateral movement of threats inside cloud environments. Identity controls must verify every user, device and interaction across a distributed workforce. Data protection must follow sensitive information as it traverses multiple clouds, data centers and edge locations.

Yet managing these protections as distinct layers is no longer viable. Each cloud provider introduces its own native security controls. Each additional tool adds another interface and another policy set to maintain. Defense-in-depth only achieves its purpose when its layers are fully unified, providing consistent control enforcement from the edge to the core, comprehensive visibility across traffic, and essential data protections for all workloads, wherever they reside.

Freedom of Choice Without Fragmentation

Hybrid environments span public clouds, private infrastructure, SaaS ecosystems and legacy on-premises systems. No single vendor can realistically cover that entire landscape, and forcing security into a single closed ecosystem risks creating gaps where those environments meet.

The answer lies in an open ecosystem approach that allows organizations to assemble best-of-breed capabilities rather than being locked into a single provider’s stack.

This flexibility empowers security teams to adapt to the unique requirements of each environment while still operating through a unified security model. Policies can be applied consistently, intelligence can be shared across layers, and protections can move in step with workloads, regardless of platform. In short, this model can effectively support freedom of choice while relieving the operational burden of managing hybrid and multicloud security.

A Unified Security Layer Across Every Environment

Open ecosystems solve the problem of choice. What remains is the challenge of bringing those best-of-breed capabilities together into a solution that is coherent and scalable.

To transform defense-in-depth from a conceptual framework into a practical system aligned to the realities of hybrid and multicloud deployments, this unified layer should be built on core capabilities:

• Inline visibility for east-west traffic within virtualized and cloud environments, enabled by deploying next-generation firewalls directly inside virtual private networks:
  This approach inspects workload-to-workload traffic, identifies anomalous behavior and stops lateral movement before it spreads.
• Consistent policy enforcement across public cloud, private data centers and edge locations through a centralized management plane:
  A single set of policies should be authored once and pushed everywhere, assuring a consistent security posture across all clouds and environments.
• Abstraction of security intent from network coordinates through tag-driven automation, an approach that allows security policies to be expressed in terms of workload attributes (rather than IPs or locations):
  These protections follow workloads automatically as they move. Through integration with orchestration pipelines, this approach aligns controls with rapid application rollouts in CI/CD workflows, all without manual reconfiguration.

With these core capabilities, security can finally catch up to the fluidity promised by hybrid cloud operating models.

Explore how Palo Alto Networks and Nutanix, work together to make this unified vision a reality, including joint offerings, like Palo Alto Networks secured Nutanix clusters with VM-Series Firewalls for AWS^® and Microsoft^® Azure.

The post Untangling Hybrid Cloud Security appeared first on Palo Alto Networks Blog.

We are proud to announce that Frost & Sullivan has recognized Palo Alto Networks Prisma^® Browser as the best-positioned market leader in the Frost Radar: Zero Trust Browser Security (ZTBS), 2025 report, securing the premier position for innovation and a leadership position on growth.

This recognition comes at a pivotal moment. For the modern enterprise, the browser is no longer just an application; it is your new OS. With 85% of the work happening in browsers, it has become the focal point where revenue is generated and sensitive data is accessed. However, this shift has transformed your primary workspace into the primary attack vector, with 95% of organizations having reported a security incident originating in the browser, placing it on the frontline against sophisticated AI^® threats and critical vulnerabilities. The risk of evasive, AI-driven phishing attempts is compounded by the widespread use of managed and unmanaged devices, creating blind spots that allow sensitive data to be exfiltrated faster than ever.

To combat this, enterprises need a browser that doesn't just display the web but actively defends it with its users, apps, data and devices. This is a necessity that drives our latest industry recognition.

Proven Leadership Validated by the Market

Prisma Browser’s recognition as the best-positioned leader, securing the premier position for innovation and a leadership position on growth, is a testament to our commitment to deliver best-in-class security that is both easy to deploy and that IT and users love to use. By integrating Palo Alto Networks Precision AI^® technology, Cloud-Delivered Security Services (CDSS) and Enterprise DLP, we ensure our customers benefit from the power of our security engines. And because they are natively integrated in the browser, we are mitigating threats hiding in encrypted traffic, blind spot web channels, AI-powered spear phishing and other evasive web threats that legacy security tools simply cannot identify.

Prisma Browser’s Innovation Advantage

Our leadership is driven by continuous strategic innovation in the secure browser space. Prisma Browser delivers critical "last-mile" protection through the native integration of CDSS, including Advanced WildFire^® for zero-day malware analysis and Advanced URL Filtering instantly at the point of user interaction. Building on this foundation, our latest innovations extend secure work to all applications, including those beyond SSO, providing full visibility and last-mile protection for unmanaged applications, such as GenAI apps, closing gaps left by incomplete identity coverage. We further solidify this best-in-class security through additional cutting-edge innovations: Advanced Web Protection for real-time evasive threat protection, Advanced Browser Protection for zero-day browser exploitation defense, and Advanced Extension Security for runtime extension security.

At the core of this defense is Precision AI, our proprietary engine that combines machine learning, deep learning and generative AI to automate detection, prevention and remediation with industry-leading accuracy. Unlike standard security tools that rely on static signatures, Prisma Browser, powered by Precision AI, inspects live, fully rendered content. It detects evasive phishing attempts (such as AI-generated cloaking) and malicious reassembly attacks that legacy tools miss, effectively fighting AI with AI. Fueled by intelligence from over 70 thousand customers, Prisma Browser delivers unmatched threat detection, identifying and blocking up to 8.95 million new and unique attacks every single day.

The Frost Report says this about Palo Alto Networks Innovation:

Key differentiating capabilities include last-mile data leakage protection with browser-level visibility; AI-powered web attack detection and prevention with full page runtime visibility; detection and disabling of malicious extensions using behavioral monitoring; an advanced AI-powered DLP engine; in-browser anti-exploit protection; and a rich library of AI applications and agents.

Crucially, Enterprise DLP capabilities are embedded directly into the rendering engine, granting granular control over sensitive data that traditional network-level tools effectively miss. This helps ensure that data on both managed and unmanaged devices remains secure against exfiltration via clipboard restrictions, screenshot blocking, real-time redaction and more, without disrupting the user experience.

Prisma Browser’s Growth Advantage

Central to the widespread adoption of Prisma Browser is our proven ability to secure the managed workforce at scale without disrupting daily workflows. One of our key differentiators is our 100% license portability, which allows organizations to deploy Prisma Browser across their entire fleet of devices, whether as full browsers, extensions, mobile solutions and firewall connectors with complete flexibility. This frictionless deployment model enables IT teams to instantly layer enterprise-grade security and unified policies onto the same native browser UX employees already know and use.

For CISOs and CIOs focused on streamlining operations, Prisma Browser is also offered as a fully integrated solution within the Prisma^® SASE platform, enabling unified policies across all Palo Alto Networks solutions.

Looking Ahead

While we are proud of our position on the Frost Radar: Zero Trust Browser Security (ZTBS) report, we are just getting started. By accelerating initiatives in GenAI security, complete web protection, modern data protection and VDI reduction, we are redefining the browser. We don't just want the browser to be where you work; we are transforming it from the primary attack vector into one of the organization's most robust lines of defense and the single point where they can identify AI driven attacks and fight AI with AI.

Read the full Frost Radar: Zero Trust Browser Security (ZTBS), 2025 report to explore the details behind our market leadership. Then, schedule a demo to witness how Prisma Browser transforms your primary workspace into your strongest line of defense.

The post Redefining Workspace: Prisma Browser Secures Leadership in Frost Radar appeared first on Palo Alto Networks Blog.