The enterprise security landscape has reached an inflection point. As organizations accelerate adoption of cloud, automation and artificial intelligence, identity has become the primary attack surface of the modern enterprise. Not because defenses have weakened, but because identities have multiplied and now operate continuously at machine speed, often with elevated access.

When attackers succeed today, it almost always starts with identity. Identity is now the number one attack vector. Eighty-seven percent of organizations experienced at least two successful, identity-centric breaches in the past 12 months. These breaches can lead to outages, regulatory exposure, financial loss and reputational damage.

This reality is why today marks such a pivotal moment. CyberArk is officially joining Palo Alto Networks. This step reflects a shared conviction that identity security is no longer a supporting function. To stay ahead of modern attackers, organizations need best-in-class identity security that is deeply integrated into their broader security strategy.

The Reality of the Modern Identity Attack Surface

For years, identity security focused on a relatively small population of human users, administrators and periodic access reviews. That model no longer matches reality.

Today’s enterprises depend on vast numbers of machine identities, including workloads, services, APIs and increasingly, autonomous AI agents. Machine identities now outnumber human identities by more than 80 to 1, while 75 percent of organizations acknowledge that their human identities are governed by outdated, overly permissive privileged models.

Attackers have adapted. Rather than breaking in through vulnerabilities, they increasingly log in using stolen credentials or by exploiting excessive, poorly governed access. Identity-based attacks have become the dominant breach vector because identity sprawl and standing privilege create opportunities that are difficult to detect with traditional tools.

Yet many identity programs remain fragmented. Access management, privileged access and governance often operate in silos, with delayed visibility and manual processes. Risk accumulates silently between reviews, leaving security teams reacting after the fact.

This is the problem CyberArk was built to solve.

Why Identity Security Must Be Continuous

Securing identities in this environment requires a fundamentally different approach. Identity risk changes constantly as new identities are created, permissions shift and systems scale dynamically. Controls must operate continuously, not episodically.

This means three things:

First, organizations need real-time visibility into who or what has access to critical systems across human, machine and AI identities.

Second, privilege must be applied dynamically. Access should be granted only when needed and removed automatically when it is no longer required. Standing privilege should be the exception, not the norm.

Third, governance must evolve from periodic compliance exercises to continuous enforcement that adapts as environments change.

This is the identity security vision that has guided CyberArk for decades and why joining Palo Alto Networks is such a natural next step.

Elevating Identity to a Core Platform

As part of Palo Alto Networks, CyberArk elevates identity security to a core platform pillar.

CyberArk’s Identity Security Platform is proven at enterprise scale and trusted to protect some of the world’s most critical environments. Our approach extends privileged access principles beyond a narrow set of administrators to every identity that matters.

By treating every identity as potentially privileged, organizations can dramatically reduce their attack surface. Excessive access is identified. Unnecessary privilege is removed. Attackers lose the ability to move laterally by using stolen credentials.

Elevating identity security to a platform level also enables tighter alignment with network security, cloud security and security operations. Identity becomes a powerful control plane that informs policy enforcement, detection and response across the enterprise, delivering a more complete and actionable view of risk.

Securing the AI-Driven Enterprise

This shift is especially critical as organizations deploy AI-driven systems and autonomous agents.

These systems often require persistent access to sensitive data and infrastructure, making them attractive targets for attackers and difficult to govern with legacy identity models. Most enterprises today lack effective identity security controls for machine and AI-driven systems, leaving these identities overprivileged and undergoverned.

Applying privileged access principles universally enables organizations to secure AI-driven environments without slowing innovation. Identity security becomes the trust layer that allows enterprises to scale AI responsibly, ensuring access is controlled, monitored and adjusted dynamically as systems evolve.

What This Means for Customers

For customers, elevating identity security to a core platform delivers tangible outcomes.

Organizations gain clearer insight into identity access and risk across human, machine and agentic identities. They gain stronger protection against credential-based attacks by limiting excessive privilege and reducing the paths that attackers rely on to move undetected. They also gain operational simplicity by replacing fragmented tools and manual governance with consistent, scalable controls.

Most importantly, customers gain confidence. Confidence to adopt cloud, automation and AI, knowing that identity risk is governed continuously. Confidence that security can keep pace with change rather than reacting after the fact.

Moving Forward

CyberArk’s Identity Security solutions will continue to be available as a standalone platform. Customers can rely on the solutions they trust today while benefiting from an accelerated roadmap focused on resilience, simplicity and improved security outcomes.

At the same time, integration is underway to bring CyberArk’s best-in-class identity security capabilities more deeply into the Palo Alto Networks security ecosystem. Our priority is to listen closely to customers, meet their immediate needs, and build the path forward together.

The AI era is redefining how enterprises operate and how attackers operate alongside them. Securing every identity, human, machine and AI agent is no longer optional. It is foundational.

By bringing CyberArk into Palo Alto Networks, we are taking a decisive step toward redefining identity security for the modern enterprise and helping our customers stay secure as they innovate at speed.

The post Securing Every Identity in the Age of AI appeared first on Palo Alto Networks Blog.

Microsoft today released updates to fix more than 50 security holes in its Windows operating systems and other software, including patches for a whopping six “zero-day” vulnerabilities that attackers are already exploiting in the wild.

Zero-day #1 this month is CVE-2026-21510, a security feature bypass vulnerability in Windows Shell wherein a single click on a malicious link can quietly bypass Windows protections and run attacker-controlled content without warning or consent dialogs. CVE-2026-21510 affects all currently supported versions of Windows.

The zero-day flaw CVE-2026-21513 is a security bypass bug targeting MSHTML, the proprietary engine of the default Web browser in Windows. CVE-2026-21514 is a related security feature bypass in Microsoft Word.

The zero-day CVE-2026-21533 allows local attackers to elevate their user privileges to “SYSTEM” level access in Windows Remote Desktop Services. CVE-2026-21519 is a zero-day elevation of privilege flaw in the Desktop Window Manager (DWM), a key component of Windows that organizes windows on a user’s screen. Microsoft fixed a different zero-day in DWM just last month.

The sixth zero-day is CVE-2026-21525, a potentially disruptive denial-of-service vulnerability in the Windows Remote Access Connection Manager, the service responsible for maintaining VPN connections to corporate networks.

Chris Goettl at Ivanti reminds us Microsoft has issued several out-of-band security updates since January’s Patch Tuesday. On January 17, Microsoft pushed a fix that resolved a credential prompt failure when attempting remote desktop or remote application connections. On January 26, Microsoft patched a zero-day security feature bypass vulnerability (CVE-2026-21509) in Microsoft Office.

Kev Breen at Immersive notes that this month’s Patch Tuesday includes several fixes for remote code execution vulnerabilities affecting GitHub Copilot and multiple integrated development environments (IDEs), including VS Code, Visual Studio, and JetBrains products. The relevant CVEs are CVE-2026-21516, CVE-2026-21523, and CVE-2026-21256.

Breen said the AI vulnerabilities Microsoft patched this month stem from a command injection flaw that can be triggered through prompt injection, or tricking the AI agent into doing something it shouldn’t — like executing malicious code or commands.

“Developers are high-value targets for threat actors, as they often have access to sensitive data such as API keys and secrets that function as keys to critical infrastructure, including privileged AWS or Azure API keys,” Breen said. “When organizations enable developers and automation pipelines to use LLMs and agentic AI, a malicious prompt can have significant impact. This does not mean organizations should stop using AI. It does mean developers should understand the risks, teams should clearly identify which systems and workflows have access to AI agents, and least-privilege principles should be applied to limit the blast radius if developer secrets are compromised.”

The SANS Internet Storm Center has a clickable breakdown of each individual fix this month from Microsoft, indexed by severity and CVSS score. Enterprise Windows admins involved in testing patches before rolling them out should keep an eye on askwoody.com, which often has the skinny on wonky updates. Please don’t neglect to back up your data if it has been a while since you’ve done that, and feel free to sound off in the comments if you experience problems installing any of these fixes.

Generative AI is transforming cyber defense. Technical expertise remains critical, but AI-driven threats demand more than individual skill – they require the collective intelligence of the organization’s SOC. To understand how businesses are adapting, Infinity Global Services analyzed training consumption trends from 2023 to 2025. The findings reveal a decisive shift from individual courses to team-based subscriptions, signaling a new approach to workforce development in the age of AI. The Data: A Shift in Mindset Infinity Global Services’ training data shows a clear change in procurement strategies. Individual course purchases have declined by 33%, while team-based subscription models have surged, […]

The post From Solo to Squad: The Evolution of Cyber Security Training in the AI Era appeared first on Check Point Blog.

Accelerating Secure AI Adoption

The rapid adoption of AI is transforming the enterprise, unlocking unprecedented productivity and accelerating workflows at a record pace. However, this velocity creates a new productivity paradox: The faster AI moves, the more it can expose the organization to entirely new categories of risk. Without specialized guardrails, unchecked AI can inadvertently bypass company policies, violate legal standards, or ignore ethical norms.

To bridge this gap, Glean, the Work AI platform, and Palo Alto Networks Prisma^® AIRS™ have integrated to provide an essential security layer that empowers organizations to adopt generative AI with confidence, helping ensure that massive productivity gains never come at the cost of trust, security or compliance.

Real-Time Defense Against the Modern AI Threat Surface

Generic filters often fail to catch the sophisticated nuances of AI-driven attacks. The integration of Glean and Prisma AIRS provides a purpose-built defense that acts in real time across three critical areas:

1. Neutralizing Prompt Injection

Prompt injections are malicious instructions designed to trick AI models into ignoring their safety protocols, potentially leading to the exposure of sensitive data or the execution of unauthorized actions.

For instance, an attacker could craft a prompt that causes the AI to leak its own system instructions leading to data loss. Glean and Prisma AIRS instantly detect these sophisticated manipulation attempts, blocking the request and notifying the user before the organization's integrity is compromised.

2. Safeguarding Against Harmful and Toxic Content

AI interactions must remain professional, ethical and safe.

By scanning both user prompts and AI-generated responses against organizational policy, Glean and Prisma AIRS automatically block requests that contain toxic, biased, or otherwise harmful content. This enables AI to remain a positive and productive asset for the entire workforce.

3. Preventing Malicious Code and Unsafe URLs

AI models can sometimes generate unsafe code snippets, get data from a poisoned source, or provide harmful links that lead to phishing sites or malware downloads.

For example, a developer might ask an AI assistant for a code library to process data, and the model could inadvertently suggest a malicious package that compromises the application. The Glean and Palo Alto Networks integration provides a crucial safety net, inspecting all generated content for malicious patterns and preventing employees from interacting with risky URLs, keeping the entire AI-driven development and research lifecycle secure.

Secure AI in Minutes with Out of the Box Integration

The true power of the Glean and Palo Alto Networks partnership lies in its simplicity. We’ve removed the friction of complex security configurations, enabling organizations to realize value immediately through a seamless, out of the box integration.

Onboarding is completed in three simple steps within the Glean admin console:

1. Navigate to AI Security and select Palo Alto Networks AI Runtime Security™.
2. Paste your Prisma AIRS Runtime Security API Key.
3. Click Save.

With these three clicks, the integration is live, providing an invisible but invincible layer of defense across your AI chats and agent interactions.

Partnering for a Secure AI Future

As enterprises scale their AI initiatives, specialized security becomes non-negotiable. Prisma AIRS provides the advanced, granular protection needed to catch threats that standard vendors can often miss, and its integration with Glean delivers that protection exactly where work happens.

Drive productivity, foster innovation, and secure your future with Glean and Palo Alto Networks.

Key Takeaways

• Real-Time Threat Mitigation: Instantly block prompt injections, toxic content, and malicious code, transforming AI from a risk factor into a secure asset.
• Frictionless Deployment: Achieve comprehensive AI security in minutes with a simple, three-click API integration within the Glean console.
• Time to value: Scale AI adoption across the enterprise by ensuring every interaction complies with internal policies and global safety standards.

Ready to Deploy Secure AI? To explore how this integration can protect your organization, sign up for the Glean and Palo Alto Networks upcoming webinar.

The post The Power of Glean and Prisma AIRS Integration appeared first on Palo Alto Networks Blog.

Our Reimagined Partner Program Is Here

The cybersecurity landscape continues to evolve at an extraordinary pace. AI-driven threats are expanding the attack surface, demanding faster, more precise responses and greater resilience. At the same time, customers want fewer vendors, deeper integrations and trusted advisers who can help them achieve positive, measurable outcomes and reduce unnecessary complexity.

Meeting these challenges and expectations requires a potent combination of world-class technology and world-class partnership. That’s why, in 2026, Palo Alto Networks is evolving our partner program and unifying it with our value exchange framework.

We are excited to share that we have rolled out new program features. The changes we’re introducing are designed to strengthen how we work with our ecosystem across every partner motion – from resale and cosell to delivery, support and managed services. The goal of this evolution is simple: Create clearer, more scalable paths for growth and mutual success.

Why We’re Evolving to Meet the Demands of a Changing Market

The same forces transforming the cybersecurity landscape are also changing what it means to be a successful partner. As customers reduce their reliance on disparate point solutions, choose to consolidate platforms and lean harder on AI-driven automation, they’re turning to partners for much more than technology procurement. They want design guidance, integration expertise and ongoing, outcome-focused support.

Our partners are also clear about what they need from us. They’ve asked Palo Alto Networks for a partner program that is simpler to engage with, more predictable in how it rewards impact, and more closely aligned with how they build and deliver value across resale, services and managed offerings. Our partners also seek less complexity and more room to differentiate through their own investments and innovation.

The evolution of our partner program is our response not only to feedback from our partners but also to extensive market research. It will bring greater structure where our partners seek consistency, greater flexibility in how and where they innovate, as well as greater transparency in how the value they deliver is recognized. These strategic changes will help ensure our mutual customers benefit the most when they work with our vast and diverse ecosystem in today’s platform-first, outcome-driven marketplace.

A Unified Growth Model = Partner Program + Value Exchange

Palo Alto Networks NextWave Partner Program and value exchange framework were designed to work together, not as separate tracks, but as one powerful engine for driving growth. This unified framework makes it easier for partners to engage with us and get the most from the partner program. It rewards impact, expertise and customer success rather than focusing narrowly on transactions.

This evolved model is built on the foundation of three guiding principles:

• Predictability – Consistent expectations and program structures that support long-term planning.
• Repeatability – Enablement and tools that help partners scale practices with confidence.
• Profitability – Incentives, rebates and routes to growth tied directly to customer value.

The new framework can help partners build sustainable businesses while accelerating the adoption of platformized AI-powered security. Let’s take a look at the many benefits our partner ecosystem may experience through this reimagined program.

What Our Partners Can Expect

Our redesigned partner program enables greater alignment between the investments you make and the outcomes you achieve. Across Palo Alto Networks NextWave Partner Program, we’re strengthening how partners can scale, differentiate and grow their business with improvements in three key areas.

1. Access That Accelerates Scale

We’re expanding access to the tools and resources that can help partners reach customers faster and deliver solutions with confidence:

• Broader on-demand learning and persona-based enablement.
• Labs and demos that make it easier to showcase platform value.
• Improved quoting tools and API-driven automation that can ease operational friction.
• Enhanced support resources that improve quality delivery and the customer experience.

These and other capabilities can help reduce complexity and accelerate your ability to propose, design and deploy high-quality, platform-based solutions for customers.

2. Commitment That Reflects Intentional Investment

As the cybersecurity market evolves, so does the definition of partnership. Our newly evolved program introduces clearer expectations and meaningful rewards for partners who invest in specialization and growth. We’re raising the bar on the program’s standards:

• Higher bookings and growth targets.
• Increased specialization depth across key areas.
• New targeted rebates aligned to value creation.
• A strengthened global distribution strategy to support scale.

These enhancements will recognize partners who lean into the platform approach and drive meaningful impact for customers.

3. Profitability That Helps Fuel Long-Term Growth

A top priority for our updated program is helping partners build predictable, repeatable and profitable business practices in 2026 and beyond. Here are some of the measures we’re introducing:

• Default service quoting (Authorized Support Center and Authorized Professional Services) to help strengthen delivery economics.
• Incentive model that drives higher partner profitability on AI-enabled security solutions.
• Programmatic discounts and improved quoting tools to speed sales cycles.
• A new Partner Development Fund (PDF) to help partners build capabilities and pipeline.

Our aim is to create a more consistent, performance-driven model that supports partner strategy today and creates room for expansion tomorrow.

What These Changes Mean for Customers

A more connected and enabled partner ecosystem doesn’t just benefit our partners. It elevates the entire customer experience.

Customers can expect smoother, simplified engagement with trusted cybersecurity advisers who speak the same language and share the same goals. And with greater consistency across sales, delivery and ongoing support, organizations won’t be saddled by complexity that slows transformation and makes it harder to adopt, build and deploy AI boldly yet safely.

Customers can also move forward with greater confidence in expanding their use of our Palo Alto Networks integrated, AI-driven cybersecurity platform, knowing their partners are equipped with the training, tools and know-how to help guide them every step of the way.

Driving Shared Success Through the Value Exchange

The value exchange in cybersecurity reinforces a principle that has long guided the approach of Palo Alto Networks to partnering: Growth follows value creation. It’s the foundation for how we work with our ecosystem, strengthening connections among partners, customers and our platform.

This is the power of a global ecosystem moving with purpose. When platform innovation, partner expertise and customer needs are aligned, everything moves faster and desired outcomes are more readily achieved. Deployments accelerate, architectures are simplified, and enterprises gain the resilient security postures needed to withstand the pressures of an AI-driven threat landscape.

What’s Next

We encourage you to review a set of short videos in The Learning Center for Partners, which provide more details about the planned changes to Palo Alto Networks NextWave Partner Program.

We believe the year ahead offers one of the most significant opportunities for innovation and growth our ecosystem has ever seen. By reimagining our partner program and value exchange framework, Palo Alto Networks is doubling down on the promise of our shared success, mutual growth and long-term value.

To our partners, thank you, as always, for your commitment, collaboration and belief in what we’re creating together. What’s ahead is more than an evolution of a long-standing and successful partner program. It’s a new era of partnering with precision to build the future of cybersecurity.

---

Key Takeaways

• A reimagined partner program accelerates sustainable growth. Beginning in early February, a single, scalable framework will guide every partner motion and reward meaningful impact.
• Partners have more ways to scale and differentiate. Expanded enablement, automation and incentives can help build stronger, more profitable practices.
• Customers will benefit from more consistent experiences. A more aligned ecosystem enables simpler engagement, smoother delivery and increased confidence in the platform.

Forward-Looking Statements

This blog contains forward-looking statements that involve risks, uncertainties and assumptions, including, without limitation, statements regarding the benefits, impact, or performance or potential benefits, impact or performance of our products and technologies or future products and technologies. These forward-looking statements are not guarantees of future performance, and there are a significant number of factors that could cause actual results to differ materially from statements made in this blog. We identify certain important risks and uncertainties that could affect our results and performance in our most recent Annual Report on Form 10-K, our most recent Quarterly Report on Form 10-Q, and our other filings with the U.S. Securities and Exchange Commission from time-to-time, each of which are available on our website at investors.paloaltonetworks.com and on the SEC's website at www.sec.gov. All forward-looking statements in this blog are based on information available to us as of the date hereof, and we do not assume any obligation to update the forward-looking statements provided to reflect events that occur or circumstances that exist after the date on which they were made.

The post New Year, New Program, New Opportunities appeared first on Palo Alto Networks Blog.