Normal view

Received — 11 May 2026 Palo Alto Networks Blog

The Dangerous Momentum of Autodownload Phishing

5 May 2026 at 23:10

Modern phishing campaigns are no longer trying to convince users. They are trying to outrun them. By forcing an automatic progression from click to download, attackers eliminate the moment of hesitation entirely by forcing files to download instantly using trusted cloud platforms like Dropbox and Google Drive.

Detecting when these legitimate SaaS auto-download features are being weaponized is an immense challenge for traditional defenses. This is exactly where Cortex® Email Security steps in. By combining deep static analysis with advanced behavioral intelligence, the module can distinguish in this attack between a benign file share and a malicious, forced-momentum trigger.

This technical detection is vital because while the autodownload method is the primary cause of infection, its effectiveness relies on a clever strategy, using a wide range of changing social engineering lures. By alternating between lures like 'Invoices' or 'Quotes,' attackers rotate their themes to catch a wider variety of victims. This strategy allows attackers to convert trusted email links into rapid, dangerous file executions that effectively evade standard security measures.

How Forced Momentum Drives Auto-Downloads

The core of this attack leverages the infrastructure of real SaaS providers to eliminate the user's preview buffer. Typically, cloud sharing directs users to a webpage for file examination. In this campaign, however, forced-download parameters (such as ?dl=1 on Dropbox) are used instead. To ensure the victim executes the file once it lands on their machine, attackers hide the danger behind "visual anchors." By using double extensions like PDF and .EXE, the threat actor exploits default settings in certain operating systems that hide known extensions. The user's eyes stop at the familiar ".PDF" or ".ZIP," leading them to believe the file is a harmless document rather than a malicious executable.

When the targeted victim clicks the link in the email, it triggers an immediate file download in the browser, effectively bypassing any intermediary steps.

Attack Flow: From Email to Execution

  • The Bait: A highly personalized email arrives, using a trusted cloud link (like Dropbox) to lower the victim's guard.
  • The Trap: Clicking the link skips the usual "preview" screen and instantly drops a file onto the victim's computer.
  • The Disguise: The file is cleverly named to look like a safe PDF or document, hiding its true identity as a harmful program.
  • The Lock: In many cases, the attacker ensures only the intended victim can open the file, preventing security tools from scanning it first.
  • The Takeover: Once the victim opens the file, the attacker gains remote access to the system.
Attack flow chart, from email to execution.
Multi-step attack flow, starting from targeted phishing email, to bypass security and establish persistence.

The Library of Lures Strategy

To fuel the autodownload machine, attackers employ a flexible strategy by switching between various social engineering themes. This spear phishing campaign targets specific inboxes, such as "Orders," to exploit professional routines. Some common lures found in this campaign include:

  • Financial Urgency Fake "Invoices" or "Receipts" that induce anxiety. These often set close-day payment deadlines, pressuring recipients to click quickly.
  • Business Operations – "Quote Requests" or "Purchase Orders" that exploit professional habits.
  • Deceptive Naming – Concealing the download as a safe document, using display text like "invoice.pdf" in the email body to hide the underlying Dropbox URL.

Government Domain Impersonation

Attackers often leverage high-authority lures designed to paralyze a user's critical thinking. In one sophisticated wave, we observed threats impersonating a government entity by exploiting the high-reputation, official government domain. By borrowing the reputational authority associated with official infrastructure, the attacker successfully maneuvered an "Unidentified Payment Notice" past standard "Untrusted Sender" filters. To the recipient, the email carries the weight of a sanctioned document. Fearing legal or financial ramifications, they feel a heightened sense of urgency to click "View Invoice" to resolve the issue immediately.

Employee Impersonation

When government authority isn’t the angle, attackers shift to impersonating internal staff. In one case, the sender’s display name was spoofed to match a real employee in the target organization. Attackers rely on a “Momentum of Trust” tied to familiar names to overwhelm user judgment. Even when a generic Gmail address is used, users, especially those on mobile devices, rarely pause to check the underlying headers.

Internal Trust Amplification ("Human Relay")

The most effective aspect of this campaign occurs through Internal Laundering, where the threat shifts from external suspicion to a trusted internal message. This was observed when a Finance Department employee received a "Quote Analysis" file and, believing it to be a valid inquiry, mistakenly forwarded the link to the Procurement department.

At that stage, the attack no longer depended on deception, it propagated through trusted human workflows. These various tactics illustrate the sophistication and adaptability of phishing campaigns and highlight the importance of vigilance in email security.

How We Uncovered a Single Threat Actor

Although the lures appeared diverse, a deeper technical analysis revealed that they were all orchestrated by a single, coordinated threat actor.

By mapping the campaign, we uncovered a significant pattern: Each autodownload link pointed to a different file hash to evade signature detection, but all unique executables were ultimately associated with the same parent installer hash.

The file was identified as a specific Remote Monitoring and Management (RMM) executable, an administrative software used to manage computers remotely. Because RMM tools are legitimate, they often trigger fewer alerts than traditional Trojans. This allows the attacker to maintain persistent access under the guise of “authorized” system activity.

How Cortex Email Security Addresses the Threat

To defend against a campaign that emphasizes speed and rotation, behavioral analysis is essential.

The Cortex® Email Security Module addresses this threat:

  • Advanced URL Analysis – Detection of forced-download parameters, combined with delivery of high-risk files via URLs.
  • Deep Metadata Correlation Correlating sender identity with behavioral anomalies to flag threats that traditional scanners might overlook.
  • LLM-Based Intent Analysis Classifying phishing themes (invoice, payment, quote) despite variation.

The security engine triggers an alert by synthesizing LLM analysis with real-time email telemetry, global threat intelligence and behavioral signals.

Securing the Click

The combination of autodownload links and rotating lures is crafted to exploit user momentum and the "psychology of trust."

This campaign represents a shift from deception to acceleration. Attackers no longer need perfect lures, they only need to remove friction. Defenders must evolve accordingly, focusing not only on what a link is, but on what it forces a user to do.

Palo Alto Networks Cortex Advanced Email Security was built for this evolution. By moving beyond static file analysis to identify the behavioral "red flags" of autodownloads and forced-momentum URLs, we provide the visibility needed to stop these attacks before they reach the device.

The module examines email metadata, content, and behavior to uncover hidden malicious intent and sophisticated impersonation, including AI-crafted threats. By assigning precise risk scores to every detection, the system filters out the noise, allowing analysts to move past alert fatigue and focus on the most critical threats first.

Indicators of compromise discovered during this research are detailed on Unit 42’s GitHib instance.


FAQs

  1. Why is the "Auto-Download" parameter so effective? It removes the "moment of doubt." By bypassing the preview page, the attacker forces the file onto the computer instantly, prompting the user to "Open" it out of habit.
  2. How does the use of rotating lures benefit the attacker? It maximizes both psychological and technical success. People have different "blind spots" (e.g., finance professionals are likely to click on invoices), and variety increases the chances of finding a template that can bypass specific customers' security filters.
  3. Why might a sandbox fail to catch the malicious file? Because the link was "Identity-Bound." To the scanner, the link appeared to lead to a harmless error page (cloaking), resulting in a false negative.

Cloaking involves showing different content to security scanners than what is presented to the victim. By using Identity-Bound access, the file only reveals itself to the intended target.

The post The Dangerous Momentum of Autodownload Phishing appeared first on Palo Alto Networks Blog.

Received — 23 April 2026 Palo Alto Networks Blog

Palo Alto Networks Joins DNS-OARC as a Platinum Member

Palo Alto Networks recently joined the DNS-OARC community as a Platinum Member. Together, our organizations share a commitment to advancing collaboration in research and operational excellence across the global DNS ecosystem. DNS is critical to both internet infrastructure and security, and this collaboration facilitates the sharing of real-world insights among researchers and practitioners.

Our Contribution

We help organizations secure their digital environment with a comprehensive portfolio of cybersecurity solutions spanning Network, Cloud, Security Operations, AI and Identity. Trusted by more than 70,000 customers worldwide and informed by Unit 42® Threat Intelligence, their AI-driven platforms help organizations reduce complexity, modernize with confidence, and securely enable innovation.

As a Platinum Member, our subject matter experts will actively participate in the DNS-OARC community by engaging in discussions and contributing to research on evolving DNS threats and network challenges. The growing intersection of DNS and security makes access to intelligence and experience increasingly important. It strengthens the community’s ability to respond to emerging challenges and improves resilience across the internet.

Through our participation, our customers will gain stronger protection informed by community-driven intelligence and real-world operational insight. These learnings are continuously integrated into our threat intelligence and security capabilities. Our participation signals our support for DNS-OARC’s mission of fostering open dialogue and shared learning across the DNS ecosystem. This collaboration helps bridge DNS operations with broader security practices, improving coordination between operators, researchers and security practitioners.

Our Commitment to the DNS-OARC and Global Communities

Collaboration between our organizations strengthens the connection among DNS operations and modern security practices by bringing together operational insight and a global community dedicated to advancing the internet’s resilience.

For the DNS-OARC community, our commitment enhances knowledge sharing around evolving DNS threats, large-scale network operations and practical approaches to emerging challenges.

For organizations and customers, it reinforces a stronger alignment between DNS infrastructure and security, expands access to community-driven intelligence and supports more resilient, well-informed defenses.

Tong Zhao, Senior Manager of DNS Security Engineering, Palo Alto Networks:

We recognize the critical role of DNS-OARC in DNS operations and research. The teams from Palo Alto Networks believe that our DNS-OARC membership aligns perfectly with our goals. We are eager to participate in and contribute to the DNS community.

Our partnership with the DNC-OARC highlights the value of open collaboration in helping both the community and its participants stay ahead of an increasingly complex threat landscape. To learn more about how our expertise and insights support DNS-OARC’s mission to improve the security and stability of the internet’s DNS, visit DNS-OARC.

The post Palo Alto Networks Joins DNS-OARC as a Platinum Member appeared first on Palo Alto Networks Blog.

Closing the Gap by Enhancing Visibility and Mitigating Risks

1 April 2026 at 10:00

In the race to digitise public services, the UK’s digital estate has grown into a vast, borderless ecosystem that manual audits can no longer track. For UK Government departments, local authorities and NHS trusts, it is a sprawling, shifting landscape of cloud workloads, legacy infrastructure, shadow IT and third-party supplier connections.

This complexity creates blind spots that modern threats exploit. Recognising this vulnerability, the UK Government is moving toward a secure-by-design digital infrastructure, with the 2026 Government Cyber Action Plan (GCAP) setting a high bar for resilience. A central theme of the GCAP is the urgent need for the government to have better visibility of cyber security and resilience risk. Fundamentally, organisations cannot secure what they cannot see. As the GCAP explicitly states, the Government will use “data sources from across the government to truly understand government-wide and departmental cyber risks.”

The Challenge: Visibility in a “Landscape”

Many public sector organisations rely on a complex web of spreadsheets, data calls, legacy tools and manually curated lists to create an inventory of their internet-connected assets. But attackers do not look at an organisation's internal lists; they scan the internet for what they have forgotten to secure. Whether it is an unpatched server from a legacy project or a misconfigured database in a department, these "unknown unknowns" are the primary entry points for attackers.

The Strategic Mission: Empowering the Public Sector and Critical Industries

Palo Alto Networks Cortex Xpanse® is an active external attack surface management (EASM) solution that provides an outside-in view of organisations' entire digital footprint. It helps leaders meet national resilience goals:

  • Comprehensive, Continuous Visibility: Xpanse scans the global internet space continuously and identifies every asset associated with an organisation, without requiring software agents to be installed on your systems.
  • Accelerate Response: Leveraging automation, the solution streamlines response processes and enhances collaboration across dispersed teams from the sharing of findings to tracking actions and remediation.
  • Supply Chain Integrity: Inline with the new Cyber Security and Resilience Bill (bringing managed service providers and critical third parties into scope), Xpanse allows organisations to assess the internet-facing security posture of third-party partners and suppliers, ensuring a weak link elsewhere doesn't compromise the broader mission.
  • Alignment with GovAssure: Xpanse provides a consolidated risk profile and inventory for all internet-facing and cloud assets required for GovAssure assessments, turning a manual, months-long audit process into a continuous, data-driven cycle.
  • Investment prioritisation: Xpanse provides that much needed visibility to help executive committees and boards prioritise investment decisions on legacy IT and technical debt.

Aligning to National Cybersecurity Centre (NCSC) Guidance

How external attack surface management products work.

Palo Alto Networks Cortex Xpanse aligns with the National Cyber Security Centre (NCSC) external attack surface management (EASM) buyer's guide by providing automated discovery, continuous monitoring and risk prioritisation of internet-facing assets. It replaces manual, point-in-time audits with a proactive, agentless solution. By automating the discovery of all internet-accessible assets (including shadow IT and unmanaged cloud operations) the platform fulfills the NCSC’s core requirement for continuous global monitoring and rapid attribution. This data-driven approach allows for the automated prioritisation of critical exposures, such as RDP, and integrates seamlessly with multiple third-party automation and visualisation tools, including Cortex XSOAR® and XSIAM, to accelerate remediation with national incident response standards.

In fact, with Palo Alto Networks deployment of Cortex Xpanse, we were able to achieve a 95% reduction in external vulnerability management spending across more than 700,000 cloud instances, while improving coverage and outcomes.

Palo Alto Networks Cortex Xpanse Capabilities
  • Discover Assets: Leveraging organisations' known asset inventory and other data points, Xpanse performs continual, automated discovery of all internet-accessible assets, effectively eliminating blind spots created by shadow IT and unmanaged cloud operations.
  • Obtain Information: Always-on, continuous monitoring of an organisation's entire attack surface through daily scans of the global IP address space, ensuring that newly exposed services are identified quickly and accurately.
  • Perform Analysis: Xpanse automates and prioritises alerts on all identified risks by severity, enabling organisations to optimise resolution and risk management, allowing teams to properly allocate resources and focus on the most critical risks to the organisation.
  • Display Information and Provide Advice: Leveraging a unified view of the internet facing and cloud-based estate, Xpanse provides specific resolver guidance for every identified issue, supporting and monitoring automated resolution through multiple native integrations.
  • Monitor Risk: Always on, discreet continual monitoring provides an independent real time status of the digital estate. Leveraging the threat intelligence capabilities of Palo Alto Networks, Xpanse is uniquely positioned to provide rapid coverage for newly discovered vulnerabilities, exploits or misconfigurations.

Securing the public sector requires a move from manual, point in time assessments to data-driven intelligence. Cortex Xpanse provides the foundations to remove blind spots, secure the supply chain and prevent unknown vulnerabilities in the face of sophisticated threats.

For further information and case studies, visit the links below, or schedule a demo.

  • Palo Alto Networks: Slash false positives, remediation time budget with Cortex attack surface management.
  • U.S. Pentagon: Palo Alto Networks Cortex Xpanse supercharge the Cyber Defences for the Department of Defense.
  • Accenture: Secure rapid growth with Cortex Xpanse.

The post Closing the Gap by Enhancing Visibility and Mitigating Risks appeared first on Palo Alto Networks Blog.

Received — 19 January 2026 Palo Alto Networks Blog

Securing the AI Frontier

4 December 2025 at 15:14

Why the GSA OneGov Agreement Is a Game-Changer for Federal Cybersecurity

The mission to modernize government IT is accelerating at lightning speed, largely thanks to the transformative power of artificial intelligence (AI). Federal agencies are strategically leveraging AI to boost efficiency, enhance citizen services, and strengthen national security – a vision fully supported by the administration’s AI Action Plan.

At Palo Alto Networks, we are all-in on helping agencies deploy AI bravely and securely. Because the challenge isn't just about using AI for cyberdefense, but also about defending AI itself. We appreciate the U.S. General Services Administration (GSA) recognizing the critical need for scalable, efficient solutions.

That is precisely why the GSA OneGov Initiative is a massive, game-changing step forward. We are proud to be the first pure-play cybersecurity vendor to secure a OneGov agreement with the GSA. This strategic alliance simplifies and standardizes the process for agencies to access our world-class, AI-powered security platform, ensuring security is foundational to this crucial modernization mission.

The Wake-Up Call: The Silent Threat of AI Agent Corruption

If you needed a clear sign that AI has fundamentally shifted the cybersecurity landscape, our own Unit 42 research provides it. The new reality isn't just about hackers using AI in their attacks; it’s also about how internal AI provides another attack surface for threat actors.

The most insidious new threat we've observed is AI Agent Smuggling, where malicious attackers use AI agents to exploit other agents. Our Unit 42 research highlights two major vectors:

  • Indirect Prompt Injection: A security risk in LLMs where a user crafts input containing deceptive instructions to manipulate the model’s behavior, which can lead to unauthorized data access or unintended actions.
  • Agent Session Smuggling: Exploit vulnerabilities in agent-to-agent communication, injecting malicious instructions into a conversation, hiding them among otherwise benign client requests and server responses.

This confirms our core belief as stated in a recent secure AI by Design blog: The AI ecosystem (the models, data and infrastructure) is now a complex, expanding attack surface that traditional perimeter defenses were simply not designed to protect.

As I’ve said before, “If you’re deploying AI, you must deploy AI security.”

Secure AI by Design: A Strategic Alliance with GSA

The GSA’s OneGov Initiative aims to streamline procurement and drive down costs by leveraging the purchasing power of the entire federal government. This is more than an agreement; it’s a direct response to the call for a "secure-by-design" approach to federal AI adoption. This agreement simplifies and standardizes the process for agencies to access our world-class, AI-powered security platform, ensuring that security is foundational, not an afterthought. It provides industry leading AI security tools into the hands of our cyber defenders today.

Under the Hood: Technical Capabilities for the AI Ecosystem

To counter the autonomous threats we’re seeing, we provide a platform that protects the entire AI lifecycle, from the developer's keyboard to the data center.

1. Runtime Protection for AI Workloads

Securing the AI supply chain requires visibility across every stage, especially during runtime when models are processing sensitive data.

  • Prisma® AIRS™ delivers comprehensive security for the entire AI lifecycle, in one unified platform. It allows organizations to deploy traditional apps as well as AI applications, models and agents with confidence by reducing risk from misuse, data loss and sophisticated AI-driven threats. Prisma AIRS provides a clear, connected view of assets in multicloud environments, so teams can eliminate silos, accelerate responses, as well as scale cloud and AI apps securely.
  • Our Cloud-Native Application Protection Platform (CNAPP) has achieved the FedRAMP High designation, making it the preferred Code to Cloud™ solution to secure the entire application lifecycle from development to runtime. Our industry-leading CNAPP eliminates silos to deliver comprehensive visibility and best-in-class protection across multicloud environments.

2. Protecting Users and Data at the Edge

Even the most advanced AI defenses are undermined if users accessing applications and data are left vulnerable outside corporate security boundaries. The explosive growth of generative AI tools and the unseen behavior of AI agents are amplifying data exposure risks.

  • Prisma SASE (secure access service edge) secures all users, apps, devices and data, no matter where they are and no matter where applications reside.
    • Prisma Access (FedRAMP High Authorized) and Prisma Browser™ (FedRAMP-Moderate Authorized) integrate security capabilities, like zero trust network access (ZTNA), secure web gateway (SWG) and cloud access security broker (CASB), to provide a unified policy framework and a consistent user experience.
  • This approach helps agencies outpace the speed of AI-driven threats, safeguarding critical data and simplifying operations for a frictionless user experience. It ensures that the human element interacting with the AI is protected by the most stringent security controls available.

Deploy AI Bravely

The GSA OneGov agreement is a pivotal moment that provides federal agencies with the cost-effective, streamlined access they need to deploy AI with confidence. By leveraging our unified, AI-powered platform, government organizations can stop reacting to threats and start building secure-by-design AI environments. We are committed to remaining a key partner in this strategic initiative and helping the government achieve its mission outcomes safely.

For more information and access to promotional offers for new contracts signed on or before January 31, 2028, federal agencies can visit the GSA OneGov website.

The post Securing the AI Frontier appeared first on Palo Alto Networks Blog.

Received — 17 January 2026 Palo Alto Networks Blog

Unified AI-Powered Security

16 January 2026 at 18:00

Strengthening Cyber Resilience Across Northern Europe

Across Northern Europe, organizations are redefining how they work, innovate and compete. From the Netherlands’ smart logistics hubs to Finland’s AI-driven public services and the UK’s digital-first financial sector, this region is setting the global pace for responsible, data-driven transformation.

Yet behind this progress lies a growing challenge: security complexity.

According to the IBM Institute for Business Value (IBV), the average enterprise now manages 83 security tools from 29 vendors, leading to fragmented visibility, slower responses and rising risk exposure. In contrast, 96% of organizations that have unified their security platforms say they now view cybersecurity as a driver of business value, not a barrier to it.

That’s where the IBM and Palo Alto Networks partnership is making an impact. Together they are helping Northern European enterprises simplify, secure and accelerate their digital transformation with unified, AI-powered cybersecurity.

From Fragmented Tools to an Integrated Security Foundation

Northern Europe’s strength lies in its strong culture of trust and transparency, advanced digital infrastructure, as well as progressive regulatory frameworks. But as the EU NIS2 Directive, DORA and the AI Act come into force, achieving both compliance and cyber resilience require board-level oversight.

IBM and Palo Alto Networks are helping organizations lead this change. They combine IBM’s deep consulting and industry expertise with Palo Alto Networks market-leading security platforms and solutions, including Cortex XSIAM®, Cortex® Cloud™ and Prisma® Access. This integrated approach protects innovation, enables compliance efforts, and enhances operational efficiency.

The partnership not only secures organizational estates, but empowers faster decision-making, measurable ROI and sustainable transformation.

Five Capabilities Powering Secure Transformation

Organizations want to strengthen cyber resilience without slowing innovation. IBM and Palo Alto Networks help them do just that, through five connected capabilities that turn complex challenges into measurable outcomes.

1. Unified Security Platform: Simplify and See More

The Challenge: Too many tools, too little visibility.
The Reality: Most enterprises run more than 80 security tools from nearly 30 vendors.

By consolidating with IBM’s unified security approach and the Palo Alto Networks platforms, organizations are cutting total product costs by up to 19.4% and gaining a single, trusted view of their security posture.

The Outcome: Streamlined operations, faster decision-making and improved compliance enablement for frameworks like NIS2, all while reducing the energy footprint of sprawling infrastructure.

2. Cloud Security: Innovate Without the Risk

The Challenge: Cloud transformation introduces new risks and blind spots.
The Reality: 82% of breaches now involve cloud data, and nearly 40% span multiple environments.

IBM and Palo Alto Networks secure the journey from code to cloud to SOC, embedding security early in design and automating protection across environments. IBM’s AI deployment accelerators slash rollout time, while Cortex Cloud™ provides continuous visibility and compliance enablement.

The Outcome: Faster innovation with cloud operations that are secure by design, from day one.

3. Security for AI: Build Trust in Every Algorithm

The Challenge: Rapid AI adoption without consistent oversight.
The Reality: 82% of executives say trustworthy AI is critical to success, yet few have the controls in place.

IBM and Palo Alto Networks help organizations govern and protect their use of AI, securing data pipelines, scanning models and preventing adversarial attacks.

The Outcome: Confident AI adoption aligned to the EU AI Act requirements, where innovation can move forward without compromising data integrity or customer trust.

4. Security Service Edge (SSE): Connect People Securely, Anywhere

The Challenge: Hybrid work models demand reliable secure access everywhere.
The Reality: Human risk, not technology alone, is now the dominant factor in breaches, with 95% of data breaches involving human error, such as insider missteps, credential misuse and careless actions, underscoring how remote and hybrid workers’ behaviors significantly expand exposure.

With Palo Alto Networks Prisma Access and IBM’s consulting expertise, enterprises across Europe are simplifying secure connectivity through a unified zero trust framework.

The Outcome: Simpler, more efficient policy management and stronger protection across hybrid environments, where risk exposure is reduced, visibility is enhanced, and a seamless user experience is delivered.

5. SOC Transformation: Detect Earlier, Respond Faster

The Challenge: SOC teams are overwhelmed, missing as many as two thirds of daily alerts due to alert fatigue and limited resources.
The Reality: Over half of organizations report they can’t hire or retain enough skilled analysts, leaving gaps in coverage and consistency.

By combining IBM’s Autonomous Threat Operations Machine (ATOM) with Palo Alto Networks Cortex XSIAM, organizations can streamline and automate core SOC workflows, reducing response times by more than half and enabling analysts to focus on the most critical incidents.

The Outcome: Faster detection, shorter resolution times and a more proactive, resilient security posture. AI-driven automation not only boosts accuracy but can also shorten breach lifecycles by more than 100 days, helping teams defend smarter.

Built for Northern Europe’s Next Decade of Growth

As Northern Europe is a leader in digital innovation, the stakes for cybersecurity have never been higher. Trust, transparency and compliance are not simply checkboxes, but are competitive advantages.

IBM and Palo Alto Networks are helping organizations across the region turn that reality into action. By uniting AI-powered automation, cloud-native security and deep industry expertise, they’re enabling enterprises to move faster, reduce complexity and strengthen resilience. This is achieved while enabling alignment with the region’s evolving frameworks, such as NIS2, DORA and the EU AI Act.

To stay ahead, security can no longer be a fragmented layer sitting outside transformation; it must be the foundation that powers it. With IBM and Palo Alto Networks, organizations gain a unified security platform built for the next decade of digital progress – one that protects every connection, every line of code and every moment of innovation.

Resilient. Compliant. Unified.

That’s the future of cybersecurity in Northern Europe.

Learn how IBM and Palo Alto Networks can help your organization simplify complexity and strengthen resilience.

The post Unified AI-Powered Security appeared first on Palo Alto Networks Blog.

Received — 11 January 2026 Palo Alto Networks Blog

Crossing the Autonomy Threshold

What It Means and How to Counter Autonomous Offensive Cyber Agents

For years, we've anticipated this day. With the release of Anthropic's landmark report (detailing the disruption of a cyberespionage operation orchestrated by AI agents with minimal human intervention), the reality of autonomous offensive cyber agents has moved from speculation to an active, machine-speed threat. The report covers their internal identification and analysis of artifacts from the GTG-1002 campaign, which was conducted against over 30 different enterprise targets. This event is independently being tracked in the AI Incident Database as incident 1263. To have a successful defense in the age of AI, we need an immediate shift from human-led, reactive security to a proactive, machine-driven security paradigm.

The GTG-1002 campaign is the first open report of an AI agent, powered by Claude Code, targeting multiple enterprise environments. Using Claude Code as the primary orchestration framework, the agent was effective in all key phases of the attack:

  • Mapping attack surfaces without human guidance.
  • Exploit vulnerabilities using custom code generation.
  • Moving laterally by autonomously harvesting and testing credentials.
  • Conducting an intelligence analysis to identify and prioritize high-value data, rather than just exfiltrating raw dumps.

It was a watershed moment for several key reasons:

  • Stealth Traffic analysis of the inputs and outputs to Claude Code were the initial indicators of this attack, however, the attack was only observable in aggregate.
  • Self-Configuration The agent autonomously adapted its attack strategy to achieve actions on an objective.
  • Machine-Speed – The agent both orchestrated AND executed the campaign across all attack vectors.
  • Autonomous Context and Persistence Using structured markdown files, the execution agent maintained a persistent state of the attack, providing context and autonomous continuity between distributed sub-actions and attack phases.

This campaign, executed at “multiple operations per second,” marks the end of the necessity for the "human-in-the-loop” attacker and the arrival of the "human-on-the-loop" supervisor. Transitions between attack phases were controlled by the human to validate sufficient completion of the current phase before progressing. It was a thin layer of supervisory human control. With the whiplash pace of AI, defenders should anticipate the necessity of any human control to fade.

In the reported attack campaign, “commodity tools” were leveraged by the threat actor, which at first glance, may not seem particularly novel. However, the autonomous orchestration of these tools across multiple attack phases by Claude Code, using Model Context Protocol (MCP) servers, represents a sophisticated technical advancement in offensive agents. Critically, this method improved more than just the speed of the attack, it also introduced the concept of autonomy with negligible human supervision, supporting dynamic and contextual reasoning in attack path planning across multiple target systems (even beyond typical human analyses, particularly for non-intuitive/interpretable event logging). Custom tools can bring very targeted actions within the same or similar offensive agent architectures, and defenders should be ready for this inevitable evolution.

We Need Agents to Fight Agents

With the debut of real-world offensive agent operations, it is now crystal clear: Defenders cannot combat autonomous, offensive AI with manual, static human driven security operations. Defenses must blend machine-speed responses with on-the-fly adaptability to maintain effectiveness against the self-optimizing campaigns now being observed. The pivot to autonomous agent-driven security operations will require transforming many elements of the traditional security operations lifecycle. All stages from preparation to response processes need to be resilient and robust to changes in adversary speed, stealth, evasion, orchestration frameworks and indicators of compromise.

Meeting the Challenges of Machine-Speed Defense Head-On

A new defense paradigm must be adopted to effectively combat AI attacks that are both orchestrated AND executed beyond human reaction time. To transform security operations and outpace AI-driven threats, organizations need to employ the following core principles:

  • Precision of AI for Cybersecurity: Operating at machine speed requires precision and accuracy. Security systems must be capable of ingesting the right data, at the right time, and understanding the system context to detect and block threats in real-time, thwarting AI-generated attacks without generating erroneous alerts. Producing false positives is problematic at human speeds, and the problem compounds at machine speed.
  • Proactive Cybersecurity for AI Systems: We must safeguard AI systems with real-time security solutions, preventing the models and applications from being directly or indirectly co-opted for malicious use. This demands a deep and continuous understanding of how AI agents might be abused via their application interfaces, permissions, provenance, identity and wider interactions across organizations.
  • Transform Visibility into Observability: Visibility only encompasses a direct presence or absence. Observability is the combination of visibility plus some degree of cognitive and contextual reasoning. The visibility of a traffic sign does not guarantee a driver will observe and respond to it. The GTG-1002 attack evaded detection by splitting and distributing small, seemingly benign fragments of the full campaign across numerous sessions. The requests were visible, but the scope of the malicious campaign was not observed from the isolated requests. To identify and help stop such techniques, defenses need distributed observability, which can only be achieved from context-aware agents that understand the nature and impact of disparate events and can disrupt such attacks when they are identified.
  • Agentic Security Operations: As an industry, we must also acknowledge the difference between autonomous and automated systems. The industry has been integrating elements of automation for years. Scripting, decision trees and playbooks are mechanisms for speeding up the response in specific context, but do not necessarily generalize or work across different phases. If the attacker is using an agentic system for 90% of the attack lifecycle, security operations centers (SOCs) must also implement an agentic system for 90% of their triage, investigation, remediation and threat hunting workflows. This must be the rule, rather than the exception. By combining observability with dynamic AI agents capable of coordinated decision making and task execution, SOCs can deliver proactive autonomous protection at scale.

The Future Is Now. Are You Ready?

The GTG-1002 campaign is a clear signal that offensive AI agents are being used in the wild. The adoption of AI agents by threat actors will accelerate and demand a decisive transformation of defensive security operations to include agent orchestration tools customized to respond to the uniqueness of offensive AI agents.

At Palo Alto Networks, our platformization strategy was built precisely for this moment. This interconnectivity between tools and systems transforms visibility into observability necessary for AI agent orchestration.

In light of GTG-1002, there is an unequivocal need for the security community to accelerate the pivot from automated to autonomous security operations. AI agents can quickly find and exploit vulnerabilities, moving stealthily across the attack chain. We must shift from human-led, reactive defense to fast, proactive machine-driven security to ensure cyber resilience in the age of AI.

Are you ready? Learn about securing AI agents and how to create a trustworthy AI ecosystem.


Key Takeaways

  • Autonomous Orchestration and Execution: The GTG-1002 campaign was a watershed event because the AI agent, powered by Claude Code, autonomously orchestrated and executed all key phases of the attack, from mapping surfaces and exploiting vulnerabilities to moving laterally and conducting intelligence analysis at machine speed.
  • Shift to Machine-Driven Security Paradigm: The emergence of autonomous offensive cyber agents, as demonstrated by the GTG-1002 campaign, demands an immediate pivot from human-led, reactive security to a proactive, machine-driven security defense model.
  • Distributed Observability is Essential to Agentic Defenses: To counter new attack techniques like GTG-1002, which evade detection by splitting the campaign into small, distributed, and seemingly benign fragments, defenses must adopt distributed observability to connect disparate events using context-aware agents.

Further Reading:

The post Crossing the Autonomy Threshold appeared first on Palo Alto Networks Blog.

❌