Traditional Security Is Blind to the Agentic Endpoint

Modern endpoints are no longer defined only by executables. Increasingly, endpoint behavior is shaped by non-binary software, such as code packages, browser extensions, IDE plugins, scripts, local servers (including MCP), containers and model artifacts. They are installed directly by employees and developers without centralized oversight. Because these components are not classic binaries, they often fall outside the visibility and control of traditional endpoint security tooling.

AI agents compound this problem. They are legitimate tools that operate with the user’s credentials and permissions, enabling them to read, write, move data and take privileged actions across systems. When compromised or misused, agents become the “ultimate insider.” They can autonomously discover, invoke and even install additional components at machine speed, accelerating risk across an already expanding, largely unmanaged software layer.

Weaponizing Trusted Automation

This is not a future concern. The recent viral emergence of OpenClaw serves as a cautionary tale for the agentic era. Developed by a single individual in just one week, it rapidly secured millions of downloads while gaining broad permissions across users' emails, filesystems and shells. Within days, researchers identified 135,000 exposed instances and more than 800 malicious skills in its marketplace, underscoring how a single unvetted agent can create an immediate, global attack surface.

OpenClaw is not an outlier. Recent research highlights how quickly this risk is materializing:

• Vibe Coding Threats: An AI extension in VS Code was found leaking code from 1.5 million developers. This tool could read any open file and send it back to the developer, collect mass files without user interaction, and track users with commercial analytics SDKs.
• Malicious MCP Server: Koi documented the first malicious Model Context Protocol (MCP) server in the wild. When developers added a specific skill to tools like Claude Code or Cursor, it silently forwarded every email to the plugin creator. What’s more, this capability was added later, after developers had already started using it.

Compounding this risk is the fact that autonomous agent actions are often difficult to trace or reconstruct, leaving Security Operations Centers (SOCs) without the visibility they need when an incident occurs.

A New Category of Protection

Complete endpoint security for the rapidly expanding risk of agentic AI calls for a new category of protection: Agentic Endpoint Security. That’s why we announced our intent to acquire Koi, a pioneer in this space. Koi is designed to eliminate blind spots across the AI-native ecosystem and help organizations govern agentic tools safely.

Its technology rests on three core pillars:

1. See All AI Software – Gain complete visibility into the AI tools, agents and non-binary software running in your environment.
2. Understand Risks – Continuously analyze and understand the intent and risk level of all software and AI agents.
3. Control the AI Ecosystem – Enforce policy in real-time to remediate issues and block risky behaviors.

Securing the Agentic Enterprise

We are convinced that Agentic Endpoint Security will soon become a standard requirement for enterprise security. Upon closing the proposed acquisition, we intend to integrate Koi’s capabilities across our platforms to help our customers secure the AI-native workspace.

The wave of AI agents approaching the enterprise cannot be held back. Instead, we must offer secure tools that enable companies to confidently embrace agentic innovation.

Forward-Looking Statements

This blog post contains forward-looking statements that involve risks, uncertainties, and assumptions, including, but not limited to, statements regarding the anticipated benefits and impact of the proposed acquisition of Koi on Palo Alto Networks, Koi and their customers. There are a significant number of factors that could cause actual results to differ materially from statements made in this blog post, including, but not limited to: the effect of the announcement of the proposed acquisition on the parties’ commercial relationships and workforce; the ability to satisfy the conditions to the closing of the acquisition, including the receipt of required regulatory approvals; the ability to consummate the proposed acquisition on a timely basis or at all; significant and/or unanticipated difficulties, liabilities or expenditures relating to proposed transaction, risks related to disruption of management time from ongoing business operations due to the proposed acquisition and the ongoing integration of other recent acquisitions; our ability to effectively operate Koi’s operations and business following the closing, integrate Koi’s business and products into our products following the closing, and realize the anticipated synergies in the transaction in a timely manner or at all; changes in the fair value of our contingent consideration liability associated with acquisitions; developments and changes in general market, political, economic and business conditions; failure of our platformization product offerings; risks associated with managing our growth; risks associated with new product, subscription and support offerings; shifts in priorities or delays in the development or release of new product or subscription or other offerings or the failure to timely develop and achieve market acceptance of new products and subscriptions, as well as existing products, subscriptions and support offerings; failure of our product offerings or business strategies in general; defects, errors, or vulnerabilities in our products, subscriptions or support offerings; our customers’ purchasing decisions and the length of sales cycles; our ability to attract and retain new customers; developments and changes in general market, political, economic, and business conditions; our competition; our ability to acquire and integrate other companies, products, or technologies in a successful manner; our debt repayment obligations; and our share repurchase program, which may not be fully consummated or enhance shareholder value, and any share repurchases which could affect the price of our common stock.

Additional risks and uncertainties that could affect our financial results are included under the captions "Risk Factors" and "Management's Discussion and Analysis of Financial Condition and Results of Operations" in our Quarterly Report on Form 10-Q filed with the SEC on November 20, 2025, which is available on our website at investors.paloaltonetworks.com and on the SEC's website at www.sec.gov. Additional information will also be set forth in other filings that we make with the SEC from time to time. All forward-looking statements in this blog post are based on information available to us as of the date hereof, and we do not assume any obligation to update the forward-looking statements provided to reflect events that occur or circumstances that exist after the date on which they were made.

The post Securing the Agentic Endpoint appeared first on Palo Alto Networks Blog.

24/7 Managed SOC Built for Tomorrow's Threats

The window for defense has collapsed, and most SOCs weren’t built for the speed of today’s attacks. According to the 2026 Unit 42^® Global Incident Response Report, some end-to-end attacks now unfold in under an hour. Attacks that used to take days or weeks now happen in minutes.

Most traditional SOC models are trapped in a cycle of alert overload, fragmented tools and limited engineering capacity that slow investigations and delay response. Traditional SIEM and MDR models were designed to react to alerts. They were not designed to continuously improve detections, correlations and response with threats that move at machine speed. Over time, that gap between attacker speed and defender capability keeps widening, and it’s exactly why we built Unit 42 Managed XSIAM 2.0 (MSIAM).

Today marks the availability of the next evolution of our managed SOC offering – one that reflects how modern security operations must run in today’s threat landscape. MSIAM 2.0 is built on Cortex XSIAM^®, Palo Alto Networks SOC transformation platform, and operated by Unit 42 analysts, threat hunters, responders and SOC engineers who handle the most complex incidents in the world. With this solution, Unit 42 provides organizations with a 24/7 managed SOC that delivers continuous detection, investigation and full-cycle remediation across the entire attack surface while improving operations over time.

We don’t just manage alerts. Unit 42 continuously engineers detections, correlations and response playbooks within XSIAM, refining them as attacker behavior evolves. This ongoing engineering ensures defenses improve over time, driven by real-world incidents and frontline threat intelligence, not static rules that quickly fall behind.

Why Managed XSIAM 2.0 Is Different

Elite SOC on Day One

We want SOC teams up and running as fast as possible. Experts lead onboarding, data mapping and configuration, and then your managed SOC team takes responsibility for operating and optimizing XSIAM on a day-to-day basis. The result is a SOC that improves over time without adding operational burden.

Every Threat Exposed

Unit 42 goes beyond reactive monitoring with continuous, proactive threat hunting across the entire attack surface. When a new threat is found in the wild, we produce threat impact reports that show how those techniques apply to each customer’s environment. We then translate those insights into custom detections and automated response actions, while also monitoring and investigating the correlation rules your team creates. Both the global threat intelligence and your unique use cases are backed by our 24/7 analysis, closing gaps quickly and strengthening defenses over time.

We also now support both native and third-party EDR telemetry, so organizations can benefit from Unit 42 expertise and Cortex^® AI-driven analytics, regardless of the security technologies they use today. This enables customers to receive the strongest possible managed defense now, while creating a natural, low-friction path toward deeper platform consolidation as their environment evolves.

Machine-Speed Response

When incidents escalate, we don’t just hand you a ticket; we take ownership. Collaborating with your team, we establish pre-authorized workflows to execute immediate responses across your entire environment, from endpoints and firewalls to identity and cloud. We pair the platform’s native speed with expert oversight. By validating threat context and business impact, every response action is precise and safe, giving you the confidence to unleash full-cycle remediation. This allows MSIAM 2.0 to move seamlessly from detection to resolution with both velocity and precision.

And we stand behind our solution with a Breach Response Guarantee. If a complex incident strikes, you have the world’s best responders in your corner with up to 250 hours of Unit 42 Incident Response included. This built-in coverage removes the administrative hurdles of crisis response, enabling our experts to immediately transition from monitoring to deep forensic investigation and complete eradication, so you can focus on recovery. 

Proven in the Real World with the Green Bay Packers

Working with Unit 42 and the Cortex XSIAM platform, the Green Bay Packers modernized their security across a complex hybrid environment, demonstrating what Unit 42's managed services deliver in real-world operations. By consolidating telemetry and accelerating investigation and response, they reduced response times from hours to minutes, investigated 54% more alerts and saved over 120 hours of analyst time without adding headcount.

These outcomes reflect the key benefits of MSIAM: Unit 42 experts working to apply frontline intelligence as new attacker behavior emerges, translating it into reporting and tailored detections that improve response where it matters most. When a machine-speed platform is operated by experts handling real incidents every day, defenses continuously strengthen as threats evolve.

The Future of the SOC

Unit 42 MSIAM 2.0 helps your SOC operate as it should by combining AI-driven analytics and automation with expert-led operations and engineering. This combination provides teams with the confidence that their defenses are always on, always improving and ready when it matters most. That’s the SOC that security leaders need today, and the one we’re building for tomorrow.

MSIAM is now delivered through two service tiers, Pro and Premium. Organizations can start where they are and grow at their own pace. Pro provides AI-driven managed SOC operations with continuous detection, investigation and response. Premium extends into full-lifecycle SOC engineering, with designated experts and customized detections, automation and tailored response playbooks as your security maturity grows.

To learn more about Managed XSIAM 2.0, join us at Symphony 2026, a Palo Alto Networks premier virtual SOC event, where Unit 42 and Cortex^® experts will share frontline threat intelligence from the new 2026 Unit 42 Incident Response Report alongside real-world SOC transformation insights from organizations operating at machine speed.

The post Introducing Unit 42 Managed XSIAM 2.0 appeared first on Palo Alto Networks Blog.

AI-Accelerated Attacks, Identity-Enabled Breaches and Expanding Software Supply Chain Exposure Define the 2026 Cyberthreat Landscape

Each year, thousands of organizations experience a cyber incident. An incident can begin with a SOC alert, zero-day vulnerability, ransom demand or widespread business disruption. When the call comes, our global incident responders quickly mobilize to investigate, contain and eradicate the threat.

This year’s Unit 42^® 2026 Global Incident Response Report analyzed over 750 major cyber incidents across every major industry in over 50 countries to reveal emerging patterns and lessons for defenders.

The data shows a clear shift in how attacks unfold. Threat actors are moving faster, increasingly leveraging identity and trusted connections, and expanding attacks across multiple attack surfaces. The accelerating speed, scale and complexity of these intrusions mean the window between initial access and business impact is shrinking. Most breaches, however, still succeed due to preventable gaps in visibility and security controls.

Key Findings Show Attacks Are Faster, Broader and Harder to Contain

As adversaries adapt their playbooks, the report highlights several defining trends shaping the 2026 threat landscape:

• AI Is Compressing the Attack Timeline: In the fastest cases we investigated, attackers needed just 72 minutes to move from initial access to data exfiltration, 4X faster than last year. We’re seeing AI used in reconnaissance, phishing, scripting and operational execution, which enables machine-like speed at scale.
• Identity Is Now a Primary Attack Vehicle: Identity weaknesses played a material role in nearly 90% of our investigations. More often than not, attackers aren’t breaking in; they’re logging in with stolen credentials and tokens, and then exploiting fragmented identity estates to escalate privileges and move laterally without triggering traditional defenses.
• Supply Chain Risk Now Drives Operational Disruption: In 23% of incidents, attackers leveraged third-party SaaS applications. By abusing trusted integrations, vendor tools and application dependencies, they bypassed traditional perimeters and expanded the impact well beyond a single system.
• Attack Complexity Is Growing: We found that 87% of intrusions involved activity across multiple attack surfaces. Rarely does an attack stay in one environment. Instead, we see coordinated activity across endpoints, networks, cloud, SaaS and identity, forcing defenders to monitor across all of them at once.
• The Browser Is a Primary Battleground: Nearly 48% of incidents included browser-based activity. This reflects how often modern attacks intersect with routine workflows, like email, web access and day-to-day SaaS use, turning normal user behavior into an attack vector.
• Extortion Is Moving Beyond Encryption: Encryption-based extortion declined 15% from the year before, as more attackers skip encryption and move straight to data theft and disruption. From the attacker’s perspective, it’s faster, quieter and creates immediate pressure without the signals that defenders once relied on to detect ransomware attacks.

Attacks Succeed Because Exposure Still Beats Sophistication

Despite the speed and automation we’re seeing, most of the incidents we respond to don’t start with something radically new. They start with gaps that show up again and again. In many cases, attackers didn’t rely on a sophisticated exploit, but on an overlooked exposure.

• Environmental Complexity Undermining Defenses: In over 90% of the incidents we investigated, misconfigurations or gaps in security coverage materially enabled the attack. A big driver of that is tool sprawl. Many organizations are running 50 or more security products, making it extremely difficult to deploy controls consistently or clearly understand what their data is telling them.
• Visibility Gaps Delay Detection: In many engagements, the signals were there. When we look back forensically, the evidence is in the logs. But during the attack, teams had to stitch together data from multiple disconnected sources, slowing detection during the most critical early minutes.
• Excessive Trust Expands Impact: Once attackers gain a foothold, overly permissive access and unmanaged tokens frequently let them move farther than they should. We repeatedly see identity trust relationships turn a single compromised account into broad lateral movement and privilege escalation.

Attackers are evolving their tools and tactics, but they still win most often from exploited complexity, limited visibility and excessive trust inside modern enterprise environments.

Recommendations for Security Leaders and Defenders

Across more than 750 frontline investigations, three priorities come up again and again in conversations with CISOs and security teams.

• Reduce Exposure: Many of the attacks we see begin in places teams didn’t realize were exposed – third-party integrations, unmanaged SaaS connections or everyday browser activity. Reducing exposure means securing the full application ecosystem and treating trusted connections with the same scrutiny as core infrastructure.
• Reduce Area of Impact: Once attackers get in, the difference between a contained incident and a major disruption often comes down to identity. Tightening identity and access management while removing unnecessary trust limits how far an attacker can move and how much damage they can cause.
• Increase Response Speed: What happens in the first minutes after initial access can determine whether an incident becomes a breach. Security teams need the visibility to see what’s happening across environments and the ability to use AI to detect, identify and prioritize what matters, so the SOC can contain threats at machine speed, faster than the adversary can move.

Conclusion

Every investigation tells a story. How the attacker got in. How quickly they moved. What made the impact worse. Across hundreds of these cases, patterns emerge. Unit 42 operates 24 hours a day, 7 days a week on the frontlines of these incidents, and each year we distill what we learn into practical guidance. The goal of this report is to turn those frontline lessons into decisions that help you close the gaps that attackers still rely on and stop incidents before they become breaches.

Stay informed. Read the 2026 Unit 42 Global Incident Response Report and download the Executive Resource Kit.

The post 2026 Unit 42 Global Incident Response Report — Attacks Now 4x Faster appeared first on Palo Alto Networks Blog.