Reading view

How AI and Evasion Demand a Radical Shift in Network Threat Prevention

The Future of Threat Defense Resides at the IP Layer

For years, network security operated on a relatively predictable premise: inspect traffic, identify malicious content, and block it. Because deep content inspection created a seemingly robust defense in depth, relatively static legacy approaches—like reliance on threat intelligence feeds—were allowed to simply persist in the background.

The weaponization of agentic AI and highly evasive techniques has fundamentally shattered that model. Attackers are no longer just iterating on old threats. They are launching attacks at staggering velocity, completely outpacing threat feeds, and employing evasion tactics that actively starve legacy prevention solutions of the content they rely on to inspect.

Our new research report from Unit 42, Attackers Are Evading Threat Prevention at the Internet Edge, reveals how adversaries are actively exploiting the contextual vacuum at the IP layer to bypass standard security controls. For security leaders, understanding this shift is no longer optional. As the nature of the threat fundamentally changes, our strategic approach to network security must definitively change with it.

The AI-Accelerated, Evasive Attack Lifecycle

To understand why legacy defenses are failing, we must look at how adversaries are accelerating and obfuscating every stage of the attack lifecycle. As these threats progress, the commonly used network indicators we have long relied upon are vanishing, collapsing traditional defenses and leaving defenders with little to act on.

Powered by frontier AI, adversaries now automate reconnaissance and exploitation at huge scale and speed, while using anonymizers to mask their intent. Once an intrusion is launched, orchestration shifts to highly evasive command and control (C2). Attackers hide communications using advanced encryption and AI-built malware-less techniques. They’re also bypassing traditional web and DNS inspection entirely by routing traffic directly to IP addresses—a tactic Unit 42 found in 23% of modern malware

Ultimately, the takeaway is clear: network threat prevention can no longer rely solely on detecting malicious payloads. As AI-driven attacks continue to minimize their footprint, security strategies must augment content inspection with real-time IP layer monitoring to left-shift threat detection and counter these rapid, machine-speed threats at the network foundation.

Existing Approaches Aren’t Working

Where content-based detection falls short, many security vendors and organizations still rely on IP threat intelligence feeds to pick up the slack in an attempt to filter out malicious connections on the network layer. However, after years of operating under this model, the results are in—the traditional feed is showing its age.

Attackers have long relied on proxies, anonymizers, residential routers and public cloud providers as a tactic to evade detection. However, agentic AI morphs this process, enabling rapid infrastructure rotation and stealth at an unprecedented scale. As this autonomous evasion accelerates, experienced network defenders continue to run into the well-known limitations of classic IP blocklists:

  • Too slow to keep pace: Unit 42 found an average 20-day lag time before new threats hit popular feeds. Because agentic AI enables adversaries to autonomously rotate proxy IPs in hours, these lists are obsolete at the moment of delivery.
  • Fundamentally incomplete: IP feeds are unable to see a massive portion of the modern attack surface. Unit 42 research indicates that 52% of malicious IPs used for direct-to-IP connections are completely absent from these lists.
  • Unactionable on shared infrastructure: Even known threats are often impossible to block. The Unit 42 team reports that 37% of direct-to-IP traffic uses reputable CDNs and cloud providers. IP feeds cannot distinguish malicious connections from legitimate ones, making blocking too risky for business continuity.
  • A management nightmare: Among the security teams that Unit 42 polled, 30% indicate resource-intensive vetting and false-positive triage as their top pain point. To avoid breaking legitimate traffic, feeds are frequently relegated to an alert-only mode, defeating the entire purpose of prevention.

If modern and agentic AI-enabled attacks can outrun traditional network payload-based detections, we need a new weapon in the network defender’s arsenal. We can no longer depend on yesterday’s IP feeds to secure such an extremely agile threat environment.

The Blueprint for Modernizing the Internet Edge

To outpace the impact of agentic AI and advanced evasion on network threat prevention, security leaders must redefine their defense strategy and shift-left to track the attacker infrastructure itself—monitoring the exact IP layer locations where adversaries build and control their campaigns. Deep content inspection remains essential, but securing the modern edge requires establishing the context and intent of a connection before a session is established.

To achieve this goal, organizations must move beyond the limitations of static defense and adopt a modern security blueprint:

  • Proactive protection against attacker infrastructure: While high-quality threat feeds remain essential for SOC investigations and incident response, relying on them for frontline, real-time prevention creates major blind spots. Instead, security teams must use real-world, global telemetry to proactively identify and block connections to attacker-controlled hosts before requesting a URL or file.
  • Zero trust principles applied to the network layer: An IP address without a negative reputation does not equal a safe connection. Continuous verification requires extending zero trust down to the network foundation. It validates the real-time behavior and intent of every single session to ensure attackers cannot hide in the contextual vacuum of the IP layer.  
  • Reducing the attack surface with rich contextual attributes: Traditional IP blocking is like a blunt instrument that creates unacceptable false positives and alert fatigue. To modernize the edge, security teams need deep, attribute-based visibility across the entire Internet address space to reduce noise and replace legacy IP feeds entirely.  

By moving away from point-in-time assumptions and embracing real-time, inline protection, security leaders can reclaim the advantage at the network foundation.

To see how these evasion tactics operate in the wild, read the latest Unit 42 report, Attackers Are Evading Threat Prevention at the Internet Edge. You’ll find this report valuable in understanding the systemic gaps in legacy risk models and learning why continuous verification must be our new mandate.

The post How AI and Evasion Demand a Radical Shift in Network Threat Prevention appeared first on Palo Alto Networks Blog.

  •  

2026 Unit 42 Global Incident Response Report — Attacks Now 4x Faster

AI-Accelerated Attacks, Identity-Enabled Breaches and Expanding Software Supply Chain Exposure Define the 2026 Cyberthreat Landscape

Each year, thousands of organizations experience a cyber incident. An incident can begin with a SOC alert, zero-day vulnerability, ransom demand or widespread business disruption. When the call comes, our global incident responders quickly mobilize to investigate, contain and eradicate the threat.

This year’s Unit 42® 2026 Global Incident Response Report analyzed over 750 major cyber incidents across every major industry in over 50 countries to reveal emerging patterns and lessons for defenders.

The data shows a clear shift in how attacks unfold. Threat actors are moving faster, increasingly leveraging identity and trusted connections, and expanding attacks across multiple attack surfaces. The accelerating speed, scale and complexity of these intrusions mean the window between initial access and business impact is shrinking. Most breaches, however, still succeed due to preventable gaps in visibility and security controls.

Key Findings Show Attacks Are Faster, Broader and Harder to Contain

As adversaries adapt their playbooks, the report highlights several defining trends shaping the 2026 threat landscape:

  • AI Is Compressing the Attack Timeline: In the fastest cases we investigated, attackers needed just 72 minutes to move from initial access to data exfiltration, 4X faster than last year. We’re seeing AI used in reconnaissance, phishing, scripting and operational execution, which enables machine-like speed at scale.
  • Identity Is Now a Primary Attack Vehicle: Identity weaknesses played a material role in nearly 90% of our investigations. More often than not, attackers aren’t breaking in; they’re logging in with stolen credentials and tokens, and then exploiting fragmented identity estates to escalate privileges and move laterally without triggering traditional defenses.
  • Supply Chain Risk Now Drives Operational Disruption: In 23% of incidents, attackers leveraged third-party SaaS applications. By abusing trusted integrations, vendor tools and application dependencies, they bypassed traditional perimeters and expanded the impact well beyond a single system.
  • Attack Complexity Is Growing: We found that 87% of intrusions involved activity across multiple attack surfaces. Rarely does an attack stay in one environment. Instead, we see coordinated activity across endpoints, networks, cloud, SaaS and identity, forcing defenders to monitor across all of them at once.
  • The Browser Is a Primary Battleground: Nearly 48% of incidents included browser-based activity. This reflects how often modern attacks intersect with routine workflows, like email, web access and day-to-day SaaS use, turning normal user behavior into an attack vector.
  • Extortion Is Moving Beyond Encryption: Encryption-based extortion declined 15% from the year before, as more attackers skip encryption and move straight to data theft and disruption. From the attacker’s perspective, it’s faster, quieter and creates immediate pressure without the signals that defenders once relied on to detect ransomware attacks.

Attacks Succeed Because Exposure Still Beats Sophistication

Despite the speed and automation we’re seeing, most of the incidents we respond to don’t start with something radically new. They start with gaps that show up again and again. In many cases, attackers didn’t rely on a sophisticated exploit, but on an overlooked exposure.

  • Environmental Complexity Undermining Defenses: In over 90% of the incidents we investigated, misconfigurations or gaps in security coverage materially enabled the attack. A big driver of that is tool sprawl. Many organizations are running 50 or more security products, making it extremely difficult to deploy controls consistently or clearly understand what their data is telling them.
  • Visibility Gaps Delay Detection: In many engagements, the signals were there. When we look back forensically, the evidence is in the logs. But during the attack, teams had to stitch together data from multiple disconnected sources, slowing detection during the most critical early minutes.
  • Excessive Trust Expands Impact: Once attackers gain a foothold, overly permissive access and unmanaged tokens frequently let them move farther than they should. We repeatedly see identity trust relationships turn a single compromised account into broad lateral movement and privilege escalation.

Attackers are evolving their tools and tactics, but they still win most often from exploited complexity, limited visibility and excessive trust inside modern enterprise environments.

Recommendations for Security Leaders and Defenders

Across more than 750 frontline investigations, three priorities come up again and again in conversations with CISOs and security teams.

  • Reduce Exposure: Many of the attacks we see begin in places teams didn’t realize were exposed – third-party integrations, unmanaged SaaS connections or everyday browser activity. Reducing exposure means securing the full application ecosystem and treating trusted connections with the same scrutiny as core infrastructure.
  • Reduce Area of Impact: Once attackers get in, the difference between a contained incident and a major disruption often comes down to identity. Tightening identity and access management while removing unnecessary trust limits how far an attacker can move and how much damage they can cause.
  • Increase Response Speed: What happens in the first minutes after initial access can determine whether an incident becomes a breach. Security teams need the visibility to see what’s happening across environments and the ability to use AI to detect, identify and prioritize what matters, so the SOC can contain threats at machine speed, faster than the adversary can move.

Conclusion

Every investigation tells a story. How the attacker got in. How quickly they moved. What made the impact worse. Across hundreds of these cases, patterns emerge. Unit 42 operates 24 hours a day, 7 days a week on the frontlines of these incidents, and each year we distill what we learn into practical guidance. The goal of this report is to turn those frontline lessons into decisions that help you close the gaps that attackers still rely on and stop incidents before they become breaches.

Stay informed. Read the 2026 Unit 42 Global Incident Response Report and download the Executive Resource Kit.

The post 2026 Unit 42 Global Incident Response Report — Attacks Now 4x Faster appeared first on Palo Alto Networks Blog.

  •  

Where Cloud Security Stands Today and Where AI Breaks It

Every year, the cloud is becoming more distributed, automated and tightly wired into the business. Every day, adversaries compress the timeline between compromise and data exfiltration. What once took them 44 days now takes minutes. For the fifth year in a row, Palo Alto Networks State of Cloud Security Report 2025 captures the changes both big and small that security leaders are navigating in the market today. Our report reveals that the rapid adoption of enterprise AI is fueling an unprecedented surge in cloud security risks, driving a massive expansion of the attack surface. We found that 99% of organizations experienced at least one attack on their AI systems within the past year, and the acceleration of GenAI-assisted coding is outstripping security teams' capacity to keep pace. What’s missing isn't just visibility, it’s alignment.

Our research, drawing on insights from more than 2,800 security leaders, surfaces the critical cost of misalignment across teams, tools and workflows. This report provides key benchmarks to help inform the decisions that shape your cloud strategy as we track where teams gain ground, where they struggle, and how the threat landscape, now accelerated by AI, is evolving.

The Cloud Attack Surface Is Expanding with AI

The biggest shift in the cloud landscape is the acceleration of risk driven by AI adoption. As cloud infrastructure expands to host the growing number of AI workloads, it has become a critical target. The introduction of GenAI into development pipelines is also compounding the problem by increasing the volume of insecure code going into production.

Of those surveyed in the 2025 report, 75% of organizations stated that they are running AI in their production environments today. That level is significant, as it points to the growing adoption and use of AI as businesses are locked in what looks like a modern arms race to bring the latest capabilities and benefits to their organizations and customers. In addition, as stated earlier, our findings confirm that 99% of organizations reported at least one attack on their AI systems within the past year. This number proves that AI needs human guardrails, as well as to be secured to contain the risk of critical data exposure by adversaries.

AI is no longer a theoretical risk – percentages of organizations running AI production and those who've experienced an AI attack.
The prevalence of AI use and attacks on AI.

The AppSec Pipeline Is Not Secure Enough Yet

As AI expands the cloud attack surface and has been proven to be a significant target, we can see that code development pipelines are also being stressed by the same forces. An important trend from the 2025 report is the rise of GenAI-assisted coding (vibe coding), used by 99% of respondents. The use of vibe coding is generating insecure code faster than security teams can review it. The acceleration creates a massive risk gap: 52% of teams are shipping code weekly, but only 18% are able to fix vulnerabilities at that same pace. This confirms that traditional, human-led approaches to application security are inadequate, leaving security teams to fight threats with fragmented tools and slow, manual fix cycles.

Speed to production percentages.
The Speed of development across survey respondents.

As the pace of development increases, the disconnect between security assessment and remediation is becoming more apparent too. While teams are making progress by shifting away from outdated vulnerability prioritization methods, they still struggle to integrate security effectively into the development workflow. This introduces a large number of vulnerabilities into production, where 20% of organizations report that an average of 37% of their high or critical issues reach their production environments. Once in production those vulnerabilities linger, as 82% of organizations report it taking longer than a week to deploy code fixes. What is slowing teams down?

The traditional refrain toward implementing prevention that blocks risks from reaching production during rapid code development is still true today. The barriers are clear: 31% cite poor CI/CD integration and another 31% worry about slowing down development. On the positive note, only 17% rely on CVSS scores to prioritize their fixes as teams are now moving more toward context-rich decisions based on exploitability-based triage (32%) and business impact (33%).

The New Frontiers of Cloud Risk

Attackers are rapidly pivoting to exploit the foundational layers of the cloud, with a clear focus on ungoverned interfaces and overprivileged access. The volume and autonomy introduced by AI agents further accelerates this exploitation, turning minor gaps into major incidents.

Attacks on APIs Jump for 41%

APIs are the new primary entry point. Attacks on APIs increased for 41% of organizations in the last year, marking the sharpest rise of any threat category measured. As agentic AI relies heavily on APIs to operate, this explosion in usage has greatly expanded the attack surface. Furthermore, nearly every AI-related threat, including model supply chain tampering, token theft and prompt injection, involves an API boundary. This reinforces the role of ungoverned interfaces in scalable AI compromise, with 47% of AI system breaches involving data exfiltration through assistants or plugins.

Identity Still Remains the Weakest Link

Insufficient access controls remain a leading vector for credential theft and data exfiltration. 53% of organizations cite lenient identity and access management (IAM) practices as a top data security challenge. This problem is compounded by complexity. The number climbs to 57% among organizations running more than six AppSec tools, proving that the discipline required to maintain least privilege is failing to scale with tool sprawl. Data leaves through both legitimate business systems and breach events, making it fundamentally an identity problem.

The top three exfiltration vectors confirm this focus:

  • SaaS sync or export misuse: 63%
  • Overpermissive external sharing: 59%
  • Compromised credentials or tokens: 58%

Lateral Movement Risks Persist

Once an attacker gains a foothold, they can move freely. Twenty-eight percent point to unrestricted network access between cloud workloads as a growing threat, allowing attackers to pivot across environments and turn minor compromises into major incidents.

The Growing Imperative of Cloud & SOC Must Merge

The gap between detection and resolution is where breaches succeed. Today the cloud and SOC divide is proving too slow in the face of machine-speed threats. Structural fragmentation is clearly visible in response times, while 74% of organizations detect threats within 24 hours, 30% take more than a full day to resolve them. A delay like this is caused by disjointed workflows and isolated data sources between cloud and SOC teams, which stall incident response (IR) for 50% of organizations.

Analysts spend 51% of time with incident responses and 49% with data correlation.
How SOC analysts spend their time after an incident.
89% of organizations say cloud and application security should integrate with SOC in a shift that marks the end of siloed control and the rise of unified operations.
Respondents calling for cloud and security operations to merge.

The demand for consolidation shows up across the board:

  • 89% of organizations believe cloud security and security operations must fully merge, not just integrate.
  • Organizations currently manage an average of 17 tools from five vendors, creating fragmented data and context gaps.
  • Consequently, 97% of respondents prioritized consolidating their security footprint to address the chaos of tool sprawl.

The model that worked for lift-and-shift can't contain threats that move at machine speed. Organizations are ready to collapse the distance between teams and tools.

About the Report

The State of Cloud Security Report 2025 draws from over 2,800 security leaders and practitioners across 10 countries and includes breakouts by region, industry and cloud maturity, along with the full incident data and strategic insights we’ve touched on here.

Wakefield research gathered data from more than 2,800 respondents in 10 countries.
2,8000 survey respondents by country.

Learn More and Transform to an Agentic-First Platform

To stay ahead of adversaries who use AI to launch attacks at machine speed, human-led defense is no longer sufficient. The report emphasizes that organizations must counter with an equivalent evolution: Agentic security, leveraging autonomous agents to deliver cloud security from code to cloud to SOC.

Download the full State of Cloud Security report to see how today’s leaders are closing the gap and what we recommend.

The post Where Cloud Security Stands Today and Where AI Breaks It appeared first on Palo Alto Networks Blog.

  •  

Redefining Workspace: Prisma Browser Secures Leadership in Frost Radar

We are proud to announce that Frost & Sullivan has recognized Palo Alto Networks Prisma® Browser™ as the best-positioned market leader in the Frost Radar™: Zero Trust Browser Security (ZTBS), 2025 report, securing the premier position for innovation and a leadership position on growth.

This recognition comes at a pivotal moment. For the modern enterprise, the browser is no longer just an application; it is your new OS. With 85% of the work happening in browsers, it has become the focal point where revenue is generated and sensitive data is accessed. However, this shift has transformed your primary workspace into the primary attack vector, with 95% of organizations having reported a security incident originating in the browser, placing it on the frontline against sophisticated AI® threats and critical vulnerabilities. The risk of evasive, AI-driven phishing attempts is compounded by the widespread use of managed and unmanaged devices, creating blind spots that allow sensitive data to be exfiltrated faster than ever.

To combat this, enterprises need a browser that doesn't just display the web but actively defends it with its users, apps, data and devices. This is a necessity that drives our latest industry recognition.

Proven Leadership Validated by the Market

Frost Radar growth index and innovation index.

Prisma Browser’s recognition as the best-positioned leader, securing the premier position for innovation and a leadership position on growth, is a testament to our commitment to deliver best-in-class security that is both easy to deploy and that IT and users love to use. By integrating Palo Alto Networks Precision AI® technology, Cloud-Delivered Security Services (CDSS) and Enterprise DLP, we ensure our customers benefit from the power of our security engines. And because they are natively integrated in the browser, we are mitigating threats hiding in encrypted traffic, blind spot web channels, AI-powered spear phishing and other evasive web threats that legacy security tools simply cannot identify.

Prisma Browser’s Innovation Advantage

Our leadership is driven by continuous strategic innovation in the secure browser space. Prisma Browser delivers critical "last-mile" protection through the native integration of CDSS, including Advanced WildFire® for zero-day malware analysis and Advanced URL Filtering instantly at the point of user interaction. Building on this foundation, our latest innovations extend secure work to all applications, including those beyond SSO, providing full visibility and last-mile protection for unmanaged applications, such as GenAI apps, closing gaps left by incomplete identity coverage. We further solidify this best-in-class security through additional cutting-edge innovations: Advanced Web Protection for real-time evasive threat protection, Advanced Browser Protection for zero-day browser exploitation defense, and Advanced Extension Security for runtime extension security.

At the core of this defense is Precision AI, our proprietary engine that combines machine learning, deep learning and generative AI to automate detection, prevention and remediation with industry-leading accuracy. Unlike standard security tools that rely on static signatures, Prisma Browser, powered by Precision AI, inspects live, fully rendered content. It detects evasive phishing attempts (such as AI-generated cloaking) and malicious reassembly attacks that legacy tools miss, effectively fighting AI with AI. Fueled by intelligence from over 70 thousand customers, Prisma Browser delivers unmatched threat detection, identifying and blocking up to 8.95 million new and unique attacks every single day.

The Frost Report says this about Palo Alto Networks Innovation:

Key differentiating capabilities include last-mile data leakage protection with browser-level visibility; AI-powered web attack detection and prevention with full page runtime visibility; detection and disabling of malicious extensions using behavioral monitoring; an advanced AI-powered DLP engine; in-browser anti-exploit protection; and a rich library of AI applications and agents.

Crucially, Enterprise DLP capabilities are embedded directly into the rendering engine, granting granular control over sensitive data that traditional network-level tools effectively miss. This helps ensure that data on both managed and unmanaged devices remains secure against exfiltration via clipboard restrictions, screenshot blocking, real-time redaction and more, without disrupting the user experience.

Prisma Browser’s Growth Advantage

Central to the widespread adoption of Prisma Browser is our proven ability to secure the managed workforce at scale without disrupting daily workflows. One of our key differentiators is our 100% license portability, which allows organizations to deploy Prisma Browser across their entire fleet of devices, whether as full browsers, extensions, mobile solutions and firewall connectors with complete flexibility. This frictionless deployment model enables IT teams to instantly layer enterprise-grade security and unified policies onto the same native browser UX employees already know and use.

For CISOs and CIOs focused on streamlining operations, Prisma Browser is also offered as a fully integrated solution within the Prisma® SASE platform, enabling unified policies across all Palo Alto Networks solutions.

Looking Ahead

While we are proud of our position on the Frost Radar: Zero Trust Browser Security (ZTBS) report, we are just getting started. By accelerating initiatives in GenAI security, complete web protection, modern data protection and VDI reduction, we are redefining the browser. We don't just want the browser to be where you work; we are transforming it from the primary attack vector into one of the organization's most robust lines of defense and the single point where they can identify AI driven attacks and fight AI with AI.

Read the full Frost Radar: Zero Trust Browser Security (ZTBS), 2025 report to explore the details behind our market leadership. Then, schedule a demo to witness how Prisma Browser transforms your primary workspace into your strongest line of defense.

The post Redefining Workspace: Prisma Browser Secures Leadership in Frost Radar appeared first on Palo Alto Networks Blog.

  •  
❌