โŒ

Normal view

Received โ€” 12 March 2026 โญ Palo Alto Networks Blog

Why Service Providers Must Become Secure AI Factories

The Pivot to Large-Scale Intelligence

For decades, Telecommunications Service Providers have been the central nervous system of the global economy, tasked with a singular, critical mission: connecting people.

The industry spent vast amounts of capital building networks that moved voice, then text and finally high-speed mobile data. We succeeded. According to GSMA's most recent report, there are 5.8 billion unique subscriptions. The world is connected.

But the mission is changing fast. We are no longer just moving data; we are now expected to host intelligence.

Todayโ€™s enterprises are drowning in data and desperate for AI-led capabilities to analyze and process the information. They are struggling with the immense capital costs, the scarcity of GPUs, and complex data sovereignty regulations that make public cloud options difficult for sensitive workloads.

We are no longer living in the communications age, or the internet age, or the social network era, not even in the generative AI era. We are entering the Agentic Era. In this new era, data is the raw resource, and AI agents and models are the machinery that refines it into value. The infrastructure required to do this โ€“ from massive data ingestion to complex training and high-volume real-time inference โ€“ is called the "AI Factory.โ€

And these AI factories are not being designed for human-speed operations, but rather for machine-speed operations.

This creates a generational opportunity for telecommunications service providers (SP). By building new (or transforming existing) data centers and edge locations into AI factories, SPs can offer hosted AI services that are high-performance, low-latency and compliant with regional requirements.

However, building an AI factory isn't just about racking GPUs. It is about realizing that an AI infrastructure presents a fundamentally new threat landscape that legacy security cannot handle. If the SPโ€™s AI factory is compromised (if models are poisoned, identities hijacked, training data exfiltrated) the damage to reputation and national infrastructure is incalculable.

To capture the AI opportunity, service providers need more than computing power; they need a blueprint for a secure AI architecture. At Palo Alto Networks, we view the security of the AI factory as a three-tiered layer cake, requiring holistic, integrated protection from the physical infrastructure up to the AI agents themselves.

The AI Threat Model Is a Structural Shift

For service providers building AI Factories, the challenge is not simply adding another workload to the data center. AI changes the risk equation entirely. It introduces new traffic patterns, new identities and new forms of autonomy that traditional network and core security architectures were never designed to govern.

  • Data Gravity Becomes Attack Surface: AI training and inference environments ingest massive volumes of data from distributed enterprise customers, partners and edge environments. This scale creates a new exposure layer. Malicious payloads, embedded model manipulation, and command-and-control traffic can hide within high-throughput AI data flows. Inspection models built for deterministic traffic patterns struggle when confronted with dynamic, AI-driven pipelines.
  • Non-Human Identities at Scale: An AI Factory is more than just infrastructure; it will be populated by autonomous agents. These agents retrieve data, call APIs, invoke tools and trigger workflows across networks and cloud environments. They require elevated privileges to function. For service providers, this means managing not just subscriber identities, but fleets of machine identities operating with delegated authority.
  • Agentic and Adversarial Threats: Attackers are also operationalizing AI. They probe for weaknesses faster, automate exploitation and increasingly target the AI systems themselves. Prompt injection can redirect an agentโ€™s mission. Data poisoning can subtly degrade model integrity. Rogue agents can be manipulated to access external tools or escalate privileges. These are not traditional perimeter attacks; they are attacks on reasoning, behavior and autonomy.

For service providers offering AI-as-a-Service, the implication is clear: Securing the AI Factory requires more than network defense. It requires real-time governance of models, agents and data flows, ensuring that autonomous systems operate within defined policy boundaries while maintaining performance and scale.

Next-gen platforms enable transformation.
The security of the AI factory required holistic, integrated protection from the physical infrastructure up to the AI agents themselves.

The Foundation โ€” Securing the High-Performance Infrastructure

The base of our cybersecurity stack is the physical and virtual infrastructure of the AI factory itself. This is a high-stakes environment. In a multitenant SP data center, you might have a financial institution fine-tuning a fraud detection model on one rack, and a government agency running inference on satellite imagery on the next. The barriers between these tenants must be absolute.

Foundational cybersecurity has two critical components: perimeter defense and internal segmentation.

The ML-Powered Perimeter

The front door of the AI factory must handle unprecedented throughput while performing deep inspection. Traditional firewalls, relying on static signatures, become bottlenecks and fail to catch novel threats hidden in massive data streams.

Palo Alto Networks addresses this with our flagship ML-Led Next-Generation Firewalls (NGFW). We have embedded machine learning directly into the core of the firewall. Instead of waiting for a patient zero to be identified and a signature created, our NGFWs analyze traffic patterns in real-time to identify and block unknown threats instantly. For an SP, this means you can provide the massive bandwidth required for AI data ingestion without compromising on security inspection at the edge.

Zero Trust Segmentation Inside the Factory

The perimeter is just the start. Once inside the data center, the biggest risk is the lateral movement threats and malware. If an attacker compromises a low-security tenant or a peripheral IoT device, they must not be able to jump to the sensitive GPU clusters or the model storage arrays.

In an AI factory, workloads are highly dynamic and virtualized. We provide robust segmentation across both hardware and software environments. We can enforce granular policies between virtual instances, containers and different stages of the AI pipeline (e.g., isolating training environments from inference operations). This allows a breach in one segment to be contained instantly, protecting the integrity of the entire factory.

The Engine โ€“ Securing AI Agents, Apps and Identities

The middle layer of the security stack is where the actual "work" of AI happens โ€“ the models, the LLMs, the agents. This is the newest frontier of cybersecurity and where traditional tools are most deficient.

This layer faces two distinct challenges: Protecting the integrity of the AI interaction and managing the identities of the nonhuman actors.

Securing AI Apps and Agents

As enterprises evolve from standalone LLMs to agentic AI systems that reason, call tools, access data, and take action across workflows, the challenge is no longer just what a model says; it is what an AI agent does.

How do you validate that an LLM powering your AI factory does not expose sensitive information, and that autonomous agents cannot be manipulated through jailbreak prompts, tool injection or malicious instructions? How do you prevent an AI agent from accessing unauthorized systems, escalating privileges, or executing unintended actions?

This is the role of Prismaยฎ AIRSโ„ขย โ€“ our security and governance platform for AI agents, apps, models and data. Prisma AIRS operates directly in the execution path of AI applications and autonomous agents. It enforces policy in real time, validates agent behavior, and blocks prompt injection, model manipulation and agent hijacking before they can impact the business.

Beyond filtering outputs, Prisma AIRS governs agent communications, tool access and data flows to prevent credential leakage, mission drift and unauthorized actions. For service providers delivering AI-as-a-Service, or enterprises deploying AI agents internally, Prisma AIRS enables integrity, compliance and continuous control as intelligent systems move from experimentation into mission-critical operations.

Built in alignment with emerging standards like the OWASP Agentic Top 10 Survival Guide, Prisma AIRS operationalizes best practices to defend against real-world agentic threats.

Governing Nonhuman Identity

Perhaps the most profound shift in the AI factory is who or what is doing the work. We are rapidly moving toward ecosystems of autonomous AI Agents. These agents need to authenticate to databases, authorize API calls to other services, and access privileged information just like a human employee.

If an attacker steals the credentials of a high-privilege AI agent, they own the factory.

This is why the Palo Alto Networks acquisition of CyberArk, the global leader in Identity Security, is so strategic for the AI era. CyberArk specializes in protecting privileged access, and crucially managing nonhuman identities. By integrating CyberArkโ€™s capabilities, we can ensure that every AI agent operating within the SPโ€™s factory is robustly authenticated, authorized for minimum necessary access, and its activities are monitored. We are securing the new digital workforce.

The Overwatch โ€“ Holistic, AI-Driven Threat Management

The top layer of the stack is about visibility and speed. An AI factory generates a deafening amount of telemetry data from networks, endpoints, clouds and identity systems. No human security operations center (SOC) can sift through this noise manually to find a sophisticated attack.

To fight AI-driven threats, you need AI-driven defense.

This is the role of Cortexยฎ, our flagship platform for holistic threat management. Cortex is designed to ingest billions of data points from across the entire Palo Alto Networks product portfolio and hundreds of types of third-party equipment, normalizing it into a single source of truth.

Cortex applies advanced AI and machine learning to this vast data lake to detect anomalies that signal a complex attack spanning different threat vectors. It might correlate an unusual login event from an AI agent (detected by the identity layer) with a subtle change in outbound traffic patterns at the firewall (layer 1), recognizing it as data exfiltration in progress.

For a Service Provider, Cortex provides the "single pane of glass" view over their entire AI factory operations, allowing them to detect, investigate and automatically respond to threats at machine speed, vastly reducing Mean Time to Respond (MTTR).

Building the Trust Foundation for the Agentic Era

The transition to becoming an AI factory is a necessary evolution for Service Providers seeking growth in the coming decade. Your ability to offer localized, sovereign, high-performance AI services will differentiate you from those who large-scale and cement your role as an indispensable partner to enterprises and governments.

But this opportunity is inextricably linked to trust. Your customers will not move their most sensitive data and IP into your AI factory unless they are certain it is secure against modern threats.

Security cannot be an afterthought bolted onto an AI infrastructure. It must be woven into the fabric of the factory, from the silicon to the software agents. By adopting a layered approach (securing the high-performance infrastructure with ML-led NGFWs, protecting models and identities with Prisma AIRS and CyberArk, while managing the entire landscape with Cortex) Service Providers can build the trusted foundations the AI era demands.

This week weโ€™ll be at Mobile World Congress talking about our security platform for AI Factories, along with five solutions and ecosystem partners. Come see us at in Hall 4, Stand #4D55.

The post Why Service Providers Must Become Secure AI Factories appeared first on Palo Alto Networks Blog.

The SOC Is Now Agentic โ€” Introducing the Next Evolution of Cortex

25 February 2026 at 17:30

See the agentic SOC come to life at Cortexยฎ Symphony 2026, the ultimate SOC event.

Today, the Cortexยฎ platform takes a massive step toward delivering the perfect union of human expertise and agentic AI across all of security operations. Our latest release embeds immersive, context-aware agentic AI across the platform, from code to cloud to SOC, delivering an agentic-first analyst experience for our customers.

With new Cortex AgentiXโ„ข agents built to tackle more use cases and an expanded AI-ready data foundation, this release slashes response times and redefines what high-efficiency SOC operations look like.

Attack Velocity Has Fundamentally Changed

Not long ago, adversaries took days to move from initial access to impact. Today, they weaponize AI across the attack lifecycle to operate up to 4x faster than just one year ago, executing end-to-end attacks in as little as 72 minutes, according to Unit 42ยฎ research.

These attacks are making manual response obsolete. Teams need the next generation of AI technology that can analyze, decide and act in real time. Our latest innovations, fueled by unified, high-fidelity data, help give defenders the edge they need to outmaneuver modern attacks.

An AI-Ready Data Foundation for the Agentic SOC

Agentic AI depends on data that is fast, flexible and built for scale. Cortex Extended Data Lakeโ„ข (XDL) provides that data foundation for Cortex XSIAM and the broader Cortex platform, serving as a single source of truth for security operations. Built for AI and analytics, it ingests more than 15 PB of telemetry daily across 1,100+ integrations, and is designed to provide the comprehensive data required for effective detection, investigation, and response.

With the introduction of Cortex XDL 2.0, we are revolutionizing how organizations store, access and manage data, enabling new levels of flexibility and control.

Cortex XDL 2.0: The open Data Lake built for AI-driven insights.

New capabilities added with the Cortex XDL 2.0 release:

  • Cost-efficient data lake tier that can lower SOC costs with flexible long-term retention for compliance, forensics and investigations.
  • Federated search to query distributed data sources without incurring additional ingestion or storage costs.
  • Native Chronosphere Telemetry Pipeline integration to filter and route telemetry at the source
  • AI-driven parsing that automatically builds production-ready parsers from sample logs using generative AI, removing hours of manual effort and accelerating time to value.

Together, these capabilities power AI agents with critical security signals and give security teams the data they need, when and where they need it, while controlling costs.

Redefining How Analysts Work in the SOC

Cortex introduces an agentic-first analyst experience that embeds advanced AI directly into the analystโ€™s daily workflow. Designed to reduce investigation time, the elevated experience brings together automatically generated case summaries, visualized issue relationships, and a centralized Resolution Center within a unified case management workspace.

ย 

AI now spans the Cortex console, allowing context-aware agents to work in real time alongside analysts. Using the Cortex Agentic Assistant, teams can call on agents to plan and execute investigation workflows directly within their cases.

This release also doubles the number of AI agents who are purpose-built for SecOps and Cloud Security. Here are three of the newest additions.

  • The Case Investigation agent delivers context-aware assistance that analyzes case artifacts and complex signals to accelerate triage. It recommends next steps, highlights critical evidence, builds AI case summaries, and takes action with analyst oversight.
  • The Cloud Posture agent helps teams uncover, triage and resolve misconfigurations and posture risks across cloud environments. It streamlines analyst workflows by proactively prioritizing risk, enriching exposures and applying approved fixes.
  • The Automation Engineer agent tackles one of automationโ€™s biggest pain points: Building and maintaining complex workflows. With simple natural language prompts, teams can generate working code and scripts for agents or playbooks.
Screenshot of PowerShell reverse shell activity with Mimikatz and Rubeus tools on EC2AMA...
The new Case Management Workspace provides full investigative context to streamline case analysis.

Our new agentic playbooks bring AI directly into automation workflows, embedding AI tasks that adapt in real time to help teams resolve incidents faster. They automate complex operations, analyze inputs with large language models (LLMs), and produce context-specific outputs.

Matt Bunch, Global CISO, Tyson Foods:

At Tyson Foods, protecting a complex global supply chain in an era of AI-driven threats requires us to move with the same machine speed as our adversaries. By consolidating onto the Palo Alto Networks Cortex platform, weโ€™ve effectively closed the gap between detection and response. The impact has been transformative as weโ€™ve increased our log visibility by 40% while reducing median time to respond by 50%. The agentic capabilities in the platform have allowed our teams to move from manual triage to high-level strategic defense, ensuring our global operations remain resilient and secure.

The Cortex Agentix Platform Has Arrived

The standalone Cortex Agentix platform brings the power of AI to everyone, delivering advanced orchestration and automation for the modern SOC. For Cortex XSOARยฎ customers, this marks the natural evolution of our market-leading SOAR platform, now enhanced with agentic intelligence to unlock meaningful productivity gains.

With more than 1,300 playbooks, 1,100 integrations, and built-in MCP support, Cortex Agentix combines over a decade of SOAR leadership with powerful AI capabilities to help security teams operate with greater speed, coordination and efficiency across the SOC.

Securing the Agentic Endpoint

As users increasingly run AI-powered code packages, browser extensions, plugins and more, they are opening the door to a new class of AI-driven threats at the endpoint. That is why we announced our intent to acquire Koi to help secure the emerging agentic endpoint. Once completed, the acquisition will strengthen our visibility and protection at the endpoint, extending our ironclad protection from the SOC to where AI code actually runs.

See the Agentic SOC Take Center Stage at Cortex Symphony 2026

To experience these innovations firsthand, join Lee Klarich, Chief Product and Technology Officer, and Gonen Fink, EVP of Products, alongside other industry leaders at Cortex Symphony 2026, the ultimate SOC event.


Forward-Looking Statements (unreleased feature only)

This blog contains forward-looking statements that involve risks, uncertainties and assumptions, including, without limitation, statements regarding the benefits, impact, or performance or potential benefits, impact or performance of our products and technologies or future products and technologies. Any unreleased services or features (and any services or features not generally available to customers) referenced in this or other press releases or public statements are not currently available (or are not yet generally available to customers) and may not be delivered when expected or at all. Customers who purchase Palo Alto Networks applications should make their purchase decisions based on services and features currently generally available.

The post The SOC Is Now Agentic โ€” Introducing the Next Evolution of Cortex appeared first on Palo Alto Networks Blog.

โŒ