Normal view

Received — 8 June 2026 Palo Alto Networks Blog

How AI and Evasion Demand a Radical Shift in Network Threat Prevention

The Future of Threat Defense Resides at the IP Layer

For years, network security operated on a relatively predictable premise: inspect traffic, identify malicious content, and block it. Because deep content inspection created a seemingly robust defense in depth, relatively static legacy approaches—like reliance on threat intelligence feeds—were allowed to simply persist in the background.

The weaponization of agentic AI and highly evasive techniques has fundamentally shattered that model. Attackers are no longer just iterating on old threats. They are launching attacks at staggering velocity, completely outpacing threat feeds, and employing evasion tactics that actively starve legacy prevention solutions of the content they rely on to inspect.

Our new research report from Unit 42, Attackers Are Evading Threat Prevention at the Internet Edge, reveals how adversaries are actively exploiting the contextual vacuum at the IP layer to bypass standard security controls. For security leaders, understanding this shift is no longer optional. As the nature of the threat fundamentally changes, our strategic approach to network security must definitively change with it.

The AI-Accelerated, Evasive Attack Lifecycle

To understand why legacy defenses are failing, we must look at how adversaries are accelerating and obfuscating every stage of the attack lifecycle. As these threats progress, the commonly used network indicators we have long relied upon are vanishing, collapsing traditional defenses and leaving defenders with little to act on.

Powered by frontier AI, adversaries now automate reconnaissance and exploitation at huge scale and speed, while using anonymizers to mask their intent. Once an intrusion is launched, orchestration shifts to highly evasive command and control (C2). Attackers hide communications using advanced encryption and AI-built malware-less techniques. They’re also bypassing traditional web and DNS inspection entirely by routing traffic directly to IP addresses—a tactic Unit 42 found in 23% of modern malware

Ultimately, the takeaway is clear: network threat prevention can no longer rely solely on detecting malicious payloads. As AI-driven attacks continue to minimize their footprint, security strategies must augment content inspection with real-time IP layer monitoring to left-shift threat detection and counter these rapid, machine-speed threats at the network foundation.

Existing Approaches Aren’t Working

Where content-based detection falls short, many security vendors and organizations still rely on IP threat intelligence feeds to pick up the slack in an attempt to filter out malicious connections on the network layer. However, after years of operating under this model, the results are in—the traditional feed is showing its age.

Attackers have long relied on proxies, anonymizers, residential routers and public cloud providers as a tactic to evade detection. However, agentic AI morphs this process, enabling rapid infrastructure rotation and stealth at an unprecedented scale. As this autonomous evasion accelerates, experienced network defenders continue to run into the well-known limitations of classic IP blocklists:

  • Too slow to keep pace: Unit 42 found an average 20-day lag time before new threats hit popular feeds. Because agentic AI enables adversaries to autonomously rotate proxy IPs in hours, these lists are obsolete at the moment of delivery.
  • Fundamentally incomplete: IP feeds are unable to see a massive portion of the modern attack surface. Unit 42 research indicates that 52% of malicious IPs used for direct-to-IP connections are completely absent from these lists.
  • Unactionable on shared infrastructure: Even known threats are often impossible to block. The Unit 42 team reports that 37% of direct-to-IP traffic uses reputable CDNs and cloud providers. IP feeds cannot distinguish malicious connections from legitimate ones, making blocking too risky for business continuity.
  • A management nightmare: Among the security teams that Unit 42 polled, 30% indicate resource-intensive vetting and false-positive triage as their top pain point. To avoid breaking legitimate traffic, feeds are frequently relegated to an alert-only mode, defeating the entire purpose of prevention.

If modern and agentic AI-enabled attacks can outrun traditional network payload-based detections, we need a new weapon in the network defender’s arsenal. We can no longer depend on yesterday’s IP feeds to secure such an extremely agile threat environment.

The Blueprint for Modernizing the Internet Edge

To outpace the impact of agentic AI and advanced evasion on network threat prevention, security leaders must redefine their defense strategy and shift-left to track the attacker infrastructure itself—monitoring the exact IP layer locations where adversaries build and control their campaigns. Deep content inspection remains essential, but securing the modern edge requires establishing the context and intent of a connection before a session is established.

To achieve this goal, organizations must move beyond the limitations of static defense and adopt a modern security blueprint:

  • Proactive protection against attacker infrastructure: While high-quality threat feeds remain essential for SOC investigations and incident response, relying on them for frontline, real-time prevention creates major blind spots. Instead, security teams must use real-world, global telemetry to proactively identify and block connections to attacker-controlled hosts before requesting a URL or file.
  • Zero trust principles applied to the network layer: An IP address without a negative reputation does not equal a safe connection. Continuous verification requires extending zero trust down to the network foundation. It validates the real-time behavior and intent of every single session to ensure attackers cannot hide in the contextual vacuum of the IP layer.  
  • Reducing the attack surface with rich contextual attributes: Traditional IP blocking is like a blunt instrument that creates unacceptable false positives and alert fatigue. To modernize the edge, security teams need deep, attribute-based visibility across the entire Internet address space to reduce noise and replace legacy IP feeds entirely.  

By moving away from point-in-time assumptions and embracing real-time, inline protection, security leaders can reclaim the advantage at the network foundation.

To see how these evasion tactics operate in the wild, read the latest Unit 42 report, Attackers Are Evading Threat Prevention at the Internet Edge. You’ll find this report valuable in understanding the systemic gaps in legacy risk models and learning why continuous verification must be our new mandate.

The post How AI and Evasion Demand a Radical Shift in Network Threat Prevention appeared first on Palo Alto Networks Blog.

Reinventing Security for the Agentic NVIDIA AI Factory

Building on the momentum of NVIDIA GTC Taipei at COMPUTEX  2026, the conversation has moved beyond AI experimentation to the industrialization of intelligence. Organizations are rapidly deploying AI Factories – high-performance, purpose-built computing infrastructures designed to manufacture intelligence at an unprecedented scale. AI’s next phase is agentic. Autonomous AI agents are reshaping enterprise operations—and demand security architectures that can keep pace with the speed and scale of innovation.  We are proud to announce the integration of Palo Alto Networks Cortex XSIAM with the NVIDIA DOCA Argus framework, a breakthrough that brings real-time, AI-powered security operations directly into the heart of the NVIDIA AI factory. 

By operating on the NVIDIA BlueField data processor, DOCA Argus provides situational awareness through real-time memory analysis at the silicon level. This allows Cortex XSIAM to detect kernel-level rootkits and "living-off-the-land" attacks without installing security agents on the host system.

This innovation builds upon our proven foundation with Palo Alto Networks Prisma AIRS, where AI Runtime Security is deployed natively on NVIDIA BlueField, and powered by NVIDIA DOCA, bringing defense in depth. This integration enables offload , isolation and acceleration of security in AI factories.  

Purpose-Built Observability for the AI Factory

Deployed consistently across the AI factory, DOCA Argus monitors and correlates AI application processes, network telemetry, and data access to detect sophisticated anomalies that traditional tools miss. With this integration, Cortex XSIAM recognizes the high-fidelity data from DOCA Argus as a native Palo Alto Networks sensor, allowing for better decisions with the new intelligence gathered directly from the host.

By integrating Cortex XSIAM with the NVIDIA DOCA Argus framework, we leverage the innovations of two industry leaders to deliver a seamless, high-performance SecOps ecosystem for your most valuable AI assets.

Why This Integration Is a Game-Changer for SecOps

  • Process Introspection: Residing on NVIDIA BlueField, DOCA Argus has the unique ability to correlate network telemetry with deep process inspection.
  • Anomaly Detection: By analyzing traffic and host behavior simultaneously, XSIAM can detect sophisticated anomalies (e.g., lateral movement or data exfiltration) that traditional tools miss.
  • Unified Intelligence: Cortex XSIAM recognizes the security and alert information in this high-fidelity data, providing security teams with end-to-end visibility and dedicated security dashboards specifically for their AI infrastructure.

 

Native integration of DOCA Argus with XSIAM

 

Palo Alto Networks Prisma AIRS Across the NVIDIA AI Factory

The inclusion of Prisma AIRS in NVIDIA AI Factory validated design delivers a unified security platform, providing proactive, defense-in-depth security across critical layers of the AI ecosystem. 

Serving as the network enforcement engine for this architecture, Prisma AIRS secures the infrastructure of the modern AI Factory. By unifying protection and visibility into a single automated fabric, it eliminates the traditional trade-off between security and agility, allowing organizations to innovate at machine speed without compromising performance or governance. 

Beyond enforcement, the broader Prisma AIRS platform acts as the security blueprint for the entire enterprise AI ecosystem—consolidating fragmented point-tools to slash total cost of ownership while providing end-to-end observability from the data plane to the model layer. The platform scales dynamically alongside your AI clusters to safeguard raw datasets, build Layer 7 micro-perimeters around autonomous agents, and protect proprietary model weights from external threats—all without throttling mission-critical performance.

By deploying the AI Runtime Firewall directly on NVIDIA BlueField, we establish a foundational network security layer that is fully offloaded, isolated, and accelerated. This provides pervasive protection across the Enterprise AI Factory without sacrificing critical compute resources.

Securing the NVIDIA AI factory requires the entire Prisma AIRS suite, which secures the AI lifecycle through five specialized pillars:

  • AI Model Security: Protects against model tampering, malicious scripts and data exfiltration attacks before deployment.
  • AI Red Teaming: Advanced threat simulation and vulnerability discovery to enable the safety, security and integrity of your AI and Agents deployments.
  • AI Runtime Security Firewall: Protects against prompt injection, data leakage, abuse and AI-specific runtime threats across distributed inference flows.
  • AI Agent Gateway acts as the control plane for the AI enterprise – governing tool calls, model access and external connections. Every agent interaction is enforced through centralized policies.
  • Agent Identity Security assigns each agent a governed identity with precise permissions and full traceability, ensuring actions are attributable and enforceable.

 

A Forward-Looking Architecture: Embracing Vera NVIDIA BlueField-4 STX

Looking ahead to the next frontier of enterprise-scale agentic AI, Palo Alto Networks is closely aligning its platform approach with the NVIDIA Vera BlueField-4 STX architecture, extending protections to AI data storage infrastructure. As AI data demands surge, high-throughput, large-scale environments require a move toward hardware-isolated, performance-neutral protection to support the rapid growth of critical AI applications.

Operating within an isolated trust domain on future BlueField-4 silicon, our inline security capabilities will maintain strict, policy-driven controls independently of the host operating system and storage systems. This co-design enables critical forward-looking innovations for data, agents, and context memory, ensuring security is offloaded, isolated and accelerated to support the next generation of the AI Factory.

                        

NVIDIA BlueField-4

 

Key Takeaways

Our ongoing collaboration with NVIDIA focuses on these essential pillars for reimagining AI security:

  • Deliver the industry-leading security platform reinvented for the unique demands of the AI factory. High-throughput, large-scale environments require a move toward hardware-isolated and performance-neutral protection to support the rapid growth of critical AI applications. By offloading AI Runtime Firewall directly to the NVIDIA BlueField, we enable zero-latency protection and strict data governance that neutralizes threats (like model theft) while maintaining peak performance and the integrity of your proprietary models.This architecture embeds security directly into the infrastructure, out of the way of app developers.
  • Transform the SOC and achieve deep visibility across AI environments by leveraging Cortex XSIAM to provide real-time detections and automated response. By connecting infrastructure protection with this centralized intelligence, you can secure the AI journey, from development in the factory to operations at the secure industrial edge.
  • Zero-Trust for AI Infrastructure: This helps ensure that as your operations scale toward multi-agent architectures, your security footprint is fully offloaded, isolated, and accelerated to protect advanced inference flows, autonomous agents, and data pipelines without throttling performance.
  • Unified Platform Architecture: Beyond standalone point tools, the Prisma AIRS platform serves as a unified security fabric that spans the entire AI lifecycle—from safeguarding raw data to autonomous agents.

Deploy Bravely

The Palo Alto Networks platform approach delivers a comprehensive solution to secure an enterprise's entire AI ecosystem. By integrating Cortex XSIAM with the NVIDIA DOCA Argus framework, we are extending this comprehensive, deep visibility and protection to the very heart of the AI Factory. With this integration, security teams can leverage an agentless approach via DOCA Argus to gain deep visibility into AI systems hosts by simply downloading the content pack from the Cortex Marketplace.

The Palo Alto Networks platform secures the entire AI journey, protecting the infrastructure, intelligent applications, agents and data it produces. With the inclusion of Prisma AIRS in NVIDIA Enterprise AI Factory Validated Design, we have delivered the blueprint for secure AI. 

Palo Alto Networks and NVIDIA are redefining security for the AI factory. Together, we are ensuring your security architecture is as fast, scalable and innovative as the intelligence it protects, empowering you to scale AI production with reduced latency and stronger governance.

Discover more through the Palo Alto Networks partner directory, or read the official press release from NVIDIA for more details.

The post Reinventing Security for the Agentic NVIDIA AI Factory appeared first on Palo Alto Networks Blog.

A 4X Gartner Magic Quadrant for EPP Leader. Built for the Agentic Era.

29 May 2026 at 15:16

I am incredibly proud to share that Palo Alto Networks has been named a Leader in the 2026 Gartner® Magic Quadrant™ for Endpoint Protection Platforms for the fourth consecutive year. For us, this recognition is a testament to our team's relentless vision as we continue to define endpoint defense—from the pioneer days of XDR to the new frontier of agentic AI.

We believe our repeated recognition as a Leader is built on a single, uncompromising commitment to our customers and partners: empowering organizations with reduced overhead, rapid threat response, a strengthened security posture, and the resilient protection required to close the most critical security gaps. We are now leading the shift into the agentic era. While AI agents significantly boost enterprise productivity, they also introduce novel attack surfaces that legacy EDR tools are unable to protect. As the pioneer of XDR, we are committed to defining the next generation of cybersecurity by securing this new frontier.

Cortex® XDR is helping customers:

  • Secure Agentic AI with Koi: Gain unprecedented visibility, guardrails, and control over AI agents and agentic tools before they become a liability.
  • Stop the Unseen: Leverage battle-tested prevention powered by behavioral analytics, and industry-leading automation and response.
  • Unify Your Defense: Consolidate your endpoint and workspace security with a proven, four-time industry Leader.

We are incredibly proud to be recognized as a Leader once again, an acknowledgement that belongs just as much to our customers and partners as it does to us. Your trust, feedback, and real-world challenges keep us sharp and dictate our roadmap. At the end of the day, our continued leadership is built on one core promise: make each day more secure than the day before.

To get the full story and a comprehensive analysis of the endpoint security market, I invite you to read the 2026 Gartner Magic Quadrant report.

Get Your Complimentary Copy of the Report

Gartner, Magic Quadrant for Endpoint Protection Platforms, By Deepak Mishra, Evgeny Mirolyubov, Nikul Patel, May 29, 2026

Gartner and Magic Quadrant are trademarks of Gartner, Inc. and/or its affiliates. Gartner does not endorse any company, vendor, product or service depicted in its publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner publications consist of the opinions of Gartner’s business and technology insights organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this publication, including any warranties of merchantability or fitness for a particular purpose.

The post A 4X Gartner Magic Quadrant for EPP Leader. Built for the Agentic Era. appeared first on Palo Alto Networks Blog.

❌