Artificial intelligence has shifted to being the primary engine for market leadership. To compete, enterprises are shifting from general-purpose computing to AI factories, specialized infrastructures designed to manage the entire lifecycle of AI. However, this transition requires robust security without sacrificing performance and efficiency.

We are proud to announce that Palo Alto Networks Prisma^® AIRS™, accelerated on the NVIDIA BlueField data processing unit (DPU), is now part of the NVIDIA Enterprise AI Factory validated design.

The integrated solution embeds zero trust security directly into the AI infrastructure, providing comprehensive protection without impacting AI performance. By deploying Palo Alto Networks Prisma^® AIRS™ Network Intercept directly onto the NVIDIA BlueField and extending to the cloud, Prisma AIRS establishes an essential zero trust governance fabric for the AI factory, enabling enterprises to accelerate innovation while maintaining control.

This critical architectural shift enables optimal AI performance and infrastructure efficiency by offloading security processing to an isolated domain, while leveraging the DPU's hardware acceleration via NVIDIA DOCA to enforce security policies at line speed. The implementation also leverages real-time workload information captured using DOCA Argus, which is then passed to Cortex XSIAM^® where it is used for AI-driven responses using the Cortex XSOAR^® orchestration platform.

Rich Campagna, SVP Product Management, Palo Alto Networks said:

The AI Factory is the new engine for value creation, and securing it is a board-level imperative. The validation of Palo Alto Networks Prisma AIRS accelerated with NVIDIA BlueField within the NVIDIA Enterprise AI Factory enables a new security architecture for the AI era. We are embedding trust directly into the infrastructure, giving leaders the confidence to safeguard their proprietary intelligence and deploy AI bravely.

Kevin Deierling, senior vice president of Networking at NVIDIA said:

AI is transforming every industry and security must evolve to protect AI factories. To be scalable, security must be distributed and embedded within the AI infrastructure. This is achieved with NVIDIA BlueField running Palo Alto Networks Prisma AIRS to deliver robust, runtime security for the AI factory, with optimal AI performance and efficiency.

Deploy AI Bravely with a Future-Proof Foundation

The Future of Secure AI Factories

In addition to deploying Palo Alto Networks Prisma AIRS on NVIDIA BlueField in a distributed model, it’s essential to maintain a centralized Hyperscale Security Firewall (HSF) cluster at the ingress and egress points of the AI factory to enforce a defense-in-depth strategy. Beyond network segmentation, individual workloads can selectively route traffic through hyperscale clusters to detect advanced application-layer threats and prevent lateral movement. These hyperscale firewall clusters scale elastically with demand, delivering session resiliency and the high availability required for critical AI operations.

This architecture fundamentally improves the Total Cost of Ownership (TCO) for AI infrastructure. By isolating security functions on BlueField, enterprises enable 100% of host computing resources to be dedicated to AI applications. This elimination of resource contention allows the AI Factory to maximize token throughput and capital efficiency.

This validated design is the blueprint for immediate efficiency. It provides a seamless path for enterprises to shift from general-purpose clusters to secure AI factory infrastructure without costly overhauls. More importantly, this collaboration establishes an unparalleled roadmap for future-proofing your investment. By securing operations with the high-performance NVIDIA BlueField-3 today, the architecture is inherently ready for the next generation, NVIDIA BlueField-4. This forward compatibility helps AI factories immediately handle gigascale demands, scaling up to 6X the compute power and doubling the bandwidth when BlueField-4 becomes available.

The inclusion of the Palo Alto Networks Prisma AIRS platform in the NVIDIA Enterprise AI Factory Validated Design bolsters enterprise AI security. By establishing the zero trust governance fabric of Prisma AIRS runtime security on NVIDIA BlueField, organizations gain a comprehensive defense. Proprietary and sensitive data is secured throughout the entire stack, and models are protected from adversarial threats, such as prompt injection attacks. With Prisma AIRS, the world's most comprehensive AI security platform, leaders gain the confidence to innovate and deploy AI bravely. This validated design is the essential blueprint for securely accelerating your market leadership without compromising security.

Join our "How to Secure the AI Factory" breakout session at NVIDIA GTC 2026, March 16-19, in San Jose, CA to hear more about this transformative solution and accelerate your AI innovation securely.

The post Palo Alto Networks Announces Support for NVIDIA Enterprise AI Factory appeared first on Palo Alto Networks Blog.

Here is an overview of content I published in 2025:

Blog posts:

• Update: strings.py Version 0.0.11
• Quickpost: Electrical Power & Mining
• Update: Python Templates Version 0.0.12
• Update: cs-decrypt-metadata.py Version?0.0.5
• Update: zoneidentifier.exe Version 0.0.2
• Update: oledump.py Version 0.0.79
• Update: 1768.py Version 0.0.23
• Update: pdfid.py Version 0.2.10
• Update: pdf-parser.py Version 0.7.11
• Update: xmldump.py Version 0.0.10
• Update: zipdump.py Version 0.0.31
• Quickpost: Electrical Power & Mining: Dissipated Heat
• Update: xorsearch.py Version 0.0.2
• Update: xorsearch.py Version 0.0.3
• Quickpost: Testing The Capacity Of My New Power Bank
• Update: xorsearch.py Version 0.0.4
• Update: basedump64.py Version 0.0.28
• Update: emldump.py Version 0.0.15
• Update: pecheck.py Version 0.7.17
• Update: rtfdump.py Version 0.0.13
• Update: zipdump.py Version 0.0.32
• Update: oledump.py Version 0.0.80
• Update: pdf-parser.py Version 0.7.2
• Update: re-search.py Version 0.0.23
• Update: xorsearch.py Version 0.0.5
• Update: myjson-filter.py Version 0.0.7
• Update: oledump.py Version 0.0.81
• Update: process-binary-file.py Version 0.0.11
• Quickpost: Airplanes & Radiation
• Update: oledump.py Version 0.0.82
• Update: myjson-filter.py Version 0.0.8
• Update: myjson-transform.py Version 0.0.2
• Update: search-for-compression.py Version 0.0.4
• Quickpost: Firefox Profiles and Multiple Instances
• Quickpost: emldump Bulk Extraction
• DSS_DEFAULT_HASH_ALGORITHMS
• Python Requirements for Didier Stevens Suite
• Quickpost: USB-C Couplers
• Update: pngdump.py Version 0.0.7
• My Fridge & My Portable Power Station
• Update: pecheck.py Version 0.7.18
• Update: search-for-compression.py 0.0.5
• Update: myjson-filter.py Version 0.0.9
• Update: virustotal-search.py Version 0.1.9
• New Tool: myipaddress.py
• Update: teeplus.py Version 0.0.2
• Quickpost: Doorbell & Condensation
• Quickpost: 12V Portable Power Station
• Update: pdf-parser.py Version 0.7.13
• Quickpost: PEP 515 ? Underscores in Numeric Literals
• Update: dnsresolver.py Version 0.0.4
• Bytes over DNS Tools
• Update: cs-parse-traffic.py Version 0.0.6
• Update: numbers-to-hex.py Version 0.0.4
• Quickpost: Power Requirements Of A Keylogger
• Quickpost: CR1225 vs CR1220
• Copy/Paste Delays In Excel Because Of Default Printer
• Quickpost: USB Electric Razor
• Quickpost: USB-C Rechargeable Batteries
• USB Trigger Boards
• Update: pecheck.py Version 0.7.19
• Using a USB-C Trigger Cable To Power An FM Radio

SANS ISC Diary entries:

• Wireshark 4.4.3 Released
• Multi-OLE
• Partial ZIP File Downloads
• Crypto Wallet Scam
• Crypto Wallet Scam: Not For Free
• Reminder: 7-Zip & MoW
• Wireshark 4.4.4 Released
• Wireshark 4.4.5 Released
• Mark of the Web: Some Technical Details
• Static Analysis of GUID Encoded Shellcode
• XORsearch: Searching With Regexes
• xorsearch.py: Searching With Regexes
• Wireshark 4.4.6 Released
• xorsearch.py: “Ad Hoc YARA Rules”
• Steganography Analysis With pngdump.py
• Steganography Analysis With pngdump.py: Bitstreams
• Steganography Challenge
• Steganography Challenge: My Solution
• xorsearch.py: Python Functions
• YARA 4.5.3 Release
• Wireshark 4.4.7 Released
• Extracting With pngdump.py
• A JPEG With A Payload
• ADS & Python Tools
• Wireshark 4.4.8 Released
• WinRAR MoTW Propagation Privacy
• Wireshark 4.4.9 Released
• pdf-parser: All Streams
• BASE64 Over DNS
• Web Searches For Archives
• Wireshark 4.4.10 and 4.6.0 Released
• Kaitai Struct WebIDE
• Bytes over DNS
• Honeypot: Requests for (Code) Repositories
• Honeypot: FortiWeb CVE-2025-64446 Exploits
• SANS Holiday Hack Challenge 2025
• Finger.exe & ClickFix
• Decoding Binary Numeric Expressions
• Wireshark 4.4.1 Released
• YARA-X 1.10.0 Release: Fix Warnings
• Wireshark 4.6.2 Released
• DLLs & TLS Callbacks

Here is an overview of content I published in December: Blog posts:

• Quickpost: USB Electric Razor
• Quickpost: USB-C Rechargeable Batteries
• USB Trigger Boards
• Update: pecheck.py Version 0.7.19
• Using a USB-C Trigger Cable To Power An FM Radio

SANS ISC Diary entries:

• Wireshark 4.6.2 Released
• DLLs & TLS Callbacks

Every year, the cloud is becoming more distributed, automated and tightly wired into the business. Every day, adversaries compress the timeline between compromise and data exfiltration. What once took them 44 days now takes minutes. For the fifth year in a row, Palo Alto Networks State of Cloud Security Report 2025 captures the changes both big and small that security leaders are navigating in the market today. Our report reveals that the rapid adoption of enterprise AI is fueling an unprecedented surge in cloud security risks, driving a massive expansion of the attack surface. We found that 99% of organizations experienced at least one attack on their AI systems within the past year, and the acceleration of GenAI-assisted coding is outstripping security teams' capacity to keep pace. What’s missing isn't just visibility, it’s alignment.

Our research, drawing on insights from more than 2,800 security leaders, surfaces the critical cost of misalignment across teams, tools and workflows. This report provides key benchmarks to help inform the decisions that shape your cloud strategy as we track where teams gain ground, where they struggle, and how the threat landscape, now accelerated by AI, is evolving.

The Cloud Attack Surface Is Expanding with AI

The biggest shift in the cloud landscape is the acceleration of risk driven by AI adoption. As cloud infrastructure expands to host the growing number of AI workloads, it has become a critical target. The introduction of GenAI into development pipelines is also compounding the problem by increasing the volume of insecure code going into production.

Of those surveyed in the 2025 report, 75% of organizations stated that they are running AI in their production environments today. That level is significant, as it points to the growing adoption and use of AI as businesses are locked in what looks like a modern arms race to bring the latest capabilities and benefits to their organizations and customers. In addition, as stated earlier, our findings confirm that 99% of organizations reported at least one attack on their AI systems within the past year. This number proves that AI needs human guardrails, as well as to be secured to contain the risk of critical data exposure by adversaries.

The AppSec Pipeline Is Not Secure Enough Yet

As AI expands the cloud attack surface and has been proven to be a significant target, we can see that code development pipelines are also being stressed by the same forces. An important trend from the 2025 report is the rise of GenAI-assisted coding (vibe coding), used by 99% of respondents. The use of vibe coding is generating insecure code faster than security teams can review it. The acceleration creates a massive risk gap: 52% of teams are shipping code weekly, but only 18% are able to fix vulnerabilities at that same pace. This confirms that traditional, human-led approaches to application security are inadequate, leaving security teams to fight threats with fragmented tools and slow, manual fix cycles.

As the pace of development increases, the disconnect between security assessment and remediation is becoming more apparent too. While teams are making progress by shifting away from outdated vulnerability prioritization methods, they still struggle to integrate security effectively into the development workflow. This introduces a large number of vulnerabilities into production, where 20% of organizations report that an average of 37% of their high or critical issues reach their production environments. Once in production those vulnerabilities linger, as 82% of organizations report it taking longer than a week to deploy code fixes. What is slowing teams down?

The traditional refrain toward implementing prevention that blocks risks from reaching production during rapid code development is still true today. The barriers are clear: 31% cite poor CI/CD integration and another 31% worry about slowing down development. On the positive note, only 17% rely on CVSS scores to prioritize their fixes as teams are now moving more toward context-rich decisions based on exploitability-based triage (32%) and business impact (33%).

The New Frontiers of Cloud Risk

Attackers are rapidly pivoting to exploit the foundational layers of the cloud, with a clear focus on ungoverned interfaces and overprivileged access. The volume and autonomy introduced by AI agents further accelerates this exploitation, turning minor gaps into major incidents.

Attacks on APIs Jump for 41%

APIs are the new primary entry point. Attacks on APIs increased for 41% of organizations in the last year, marking the sharpest rise of any threat category measured. As agentic AI relies heavily on APIs to operate, this explosion in usage has greatly expanded the attack surface. Furthermore, nearly every AI-related threat, including model supply chain tampering, token theft and prompt injection, involves an API boundary. This reinforces the role of ungoverned interfaces in scalable AI compromise, with 47% of AI system breaches involving data exfiltration through assistants or plugins.

Identity Still Remains the Weakest Link

Insufficient access controls remain a leading vector for credential theft and data exfiltration. 53% of organizations cite lenient identity and access management (IAM) practices as a top data security challenge. This problem is compounded by complexity. The number climbs to 57% among organizations running more than six AppSec tools, proving that the discipline required to maintain least privilege is failing to scale with tool sprawl. Data leaves through both legitimate business systems and breach events, making it fundamentally an identity problem.

The top three exfiltration vectors confirm this focus:

• SaaS sync or export misuse: 63%
• Overpermissive external sharing: 59%
• Compromised credentials or tokens: 58%

Lateral Movement Risks Persist

Once an attacker gains a foothold, they can move freely. Twenty-eight percent point to unrestricted network access between cloud workloads as a growing threat, allowing attackers to pivot across environments and turn minor compromises into major incidents.

The Growing Imperative of Cloud & SOC Must Merge

The gap between detection and resolution is where breaches succeed. Today the cloud and SOC divide is proving too slow in the face of machine-speed threats. Structural fragmentation is clearly visible in response times, while 74% of organizations detect threats within 24 hours, 30% take more than a full day to resolve them. A delay like this is caused by disjointed workflows and isolated data sources between cloud and SOC teams, which stall incident response (IR) for 50% of organizations.

The demand for consolidation shows up across the board:

• 89% of organizations believe cloud security and security operations must fully merge, not just integrate.
• Organizations currently manage an average of 17 tools from five vendors, creating fragmented data and context gaps.
• Consequently, 97% of respondents prioritized consolidating their security footprint to address the chaos of tool sprawl.

The model that worked for lift-and-shift can't contain threats that move at machine speed. Organizations are ready to collapse the distance between teams and tools.

About the Report

The State of Cloud Security Report 2025 draws from over 2,800 security leaders and practitioners across 10 countries and includes breakouts by region, industry and cloud maturity, along with the full incident data and strategic insights we’ve touched on here.

Learn More and Transform to an Agentic-First Platform

To stay ahead of adversaries who use AI to launch attacks at machine speed, human-led defense is no longer sufficient. The report emphasizes that organizations must counter with an equivalent evolution: Agentic security, leveraging autonomous agents to deliver cloud security from code to cloud to SOC.

Download the full State of Cloud Security report to see how today’s leaders are closing the gap and what we recommend.

The post Where Cloud Security Stands Today and Where AI Breaks It appeared first on Palo Alto Networks Blog.

From Fragmented Fences to Cohesive Control

The attack surface for today’s enterprises is incredibly heterogeneous and dynamic. Applications and data are in constant motion, spanning public clouds, private data centers and edge locations. Users connect from anywhere.

For security leaders, this environment has led to an explosion in not only operational complexity, but in many cases, uncertainty. ​​Together, Nutanix and Palo Alto Networks enable security to finally match the speed and scale of these dynamic hybrid cloud environments.

The security ecosystem has become vast and complex. Point solutions accumulate to address specific gaps, yet each adds another interface, another policy language and another integration to manage. However well intentioned, this sprawl can lead directly to fractured visibility, overlapping tools and operational fatigue.

Elevate Perimeter Protection to Defense-in-Depth

Enterprises today face unprecedented security complexity as hybrid and multicloud environments become the new normal. Currently, 94% of enterprises use some form of cloud service, while 89% report having a multicloud strategy in place. This distributed reality means security is paramount: while managing cloud spending is the number one operational challenge (82% overall), security remains a major concern, affecting 79% of all organizations.

Hybrid cloud adoption offers agility, but it also introduces distinct security challenges that strain traditional approaches. Adversaries have taken notice. Hybrid and multicloud environments are prime targets because they connect sensitive data, privileged accounts and critical systems across public, and on-premises infrastructure. Perimeter-based security models, built for static networks and centralized data centers, cannot keep pace in a world where apps and data continuously move between platforms.

Defense-in-depth has become essential for addressing the inherent dynamism of today’s environments. Network visibility is required to monitor and contain east-west traffic and lateral movement of threats inside cloud environments. Identity controls must verify every user, device and interaction across a distributed workforce. Data protection must follow sensitive information as it traverses multiple clouds, data centers and edge locations.

Yet managing these protections as distinct layers is no longer viable. Each cloud provider introduces its own native security controls. Each additional tool adds another interface and another policy set to maintain. Defense-in-depth only achieves its purpose when its layers are fully unified, providing consistent control enforcement from the edge to the core, comprehensive visibility across traffic, and essential data protections for all workloads, wherever they reside.

Freedom of Choice Without Fragmentation

Hybrid environments span public clouds, private infrastructure, SaaS ecosystems and legacy on-premises systems. No single vendor can realistically cover that entire landscape, and forcing security into a single closed ecosystem risks creating gaps where those environments meet.

The answer lies in an open ecosystem approach that allows organizations to assemble best-of-breed capabilities rather than being locked into a single provider’s stack.

This flexibility empowers security teams to adapt to the unique requirements of each environment while still operating through a unified security model. Policies can be applied consistently, intelligence can be shared across layers, and protections can move in step with workloads, regardless of platform. In short, this model can effectively support freedom of choice while relieving the operational burden of managing hybrid and multicloud security.

A Unified Security Layer Across Every Environment

Open ecosystems solve the problem of choice. What remains is the challenge of bringing those best-of-breed capabilities together into a solution that is coherent and scalable.

To transform defense-in-depth from a conceptual framework into a practical system aligned to the realities of hybrid and multicloud deployments, this unified layer should be built on core capabilities:

• Inline visibility for east-west traffic within virtualized and cloud environments, enabled by deploying next-generation firewalls directly inside virtual private networks:
  This approach inspects workload-to-workload traffic, identifies anomalous behavior and stops lateral movement before it spreads.
• Consistent policy enforcement across public cloud, private data centers and edge locations through a centralized management plane:
  A single set of policies should be authored once and pushed everywhere, assuring a consistent security posture across all clouds and environments.
• Abstraction of security intent from network coordinates through tag-driven automation, an approach that allows security policies to be expressed in terms of workload attributes (rather than IPs or locations):
  These protections follow workloads automatically as they move. Through integration with orchestration pipelines, this approach aligns controls with rapid application rollouts in CI/CD workflows, all without manual reconfiguration.

With these core capabilities, security can finally catch up to the fluidity promised by hybrid cloud operating models.

Explore how Palo Alto Networks and Nutanix, work together to make this unified vision a reality, including joint offerings, like Palo Alto Networks secured Nutanix clusters with VM-Series Firewalls for AWS^® and Microsoft^® Azure.

The post Untangling Hybrid Cloud Security appeared first on Palo Alto Networks Blog.

We are proud to announce that Frost & Sullivan has recognized Palo Alto Networks Prisma^® Browser as the best-positioned market leader in the Frost Radar: Zero Trust Browser Security (ZTBS), 2025 report, securing the premier position for innovation and a leadership position on growth.

This recognition comes at a pivotal moment. For the modern enterprise, the browser is no longer just an application; it is your new OS. With 85% of the work happening in browsers, it has become the focal point where revenue is generated and sensitive data is accessed. However, this shift has transformed your primary workspace into the primary attack vector, with 95% of organizations having reported a security incident originating in the browser, placing it on the frontline against sophisticated AI^® threats and critical vulnerabilities. The risk of evasive, AI-driven phishing attempts is compounded by the widespread use of managed and unmanaged devices, creating blind spots that allow sensitive data to be exfiltrated faster than ever.

To combat this, enterprises need a browser that doesn't just display the web but actively defends it with its users, apps, data and devices. This is a necessity that drives our latest industry recognition.

Proven Leadership Validated by the Market

Prisma Browser’s recognition as the best-positioned leader, securing the premier position for innovation and a leadership position on growth, is a testament to our commitment to deliver best-in-class security that is both easy to deploy and that IT and users love to use. By integrating Palo Alto Networks Precision AI^® technology, Cloud-Delivered Security Services (CDSS) and Enterprise DLP, we ensure our customers benefit from the power of our security engines. And because they are natively integrated in the browser, we are mitigating threats hiding in encrypted traffic, blind spot web channels, AI-powered spear phishing and other evasive web threats that legacy security tools simply cannot identify.

Prisma Browser’s Innovation Advantage

Our leadership is driven by continuous strategic innovation in the secure browser space. Prisma Browser delivers critical "last-mile" protection through the native integration of CDSS, including Advanced WildFire^® for zero-day malware analysis and Advanced URL Filtering instantly at the point of user interaction. Building on this foundation, our latest innovations extend secure work to all applications, including those beyond SSO, providing full visibility and last-mile protection for unmanaged applications, such as GenAI apps, closing gaps left by incomplete identity coverage. We further solidify this best-in-class security through additional cutting-edge innovations: Advanced Web Protection for real-time evasive threat protection, Advanced Browser Protection for zero-day browser exploitation defense, and Advanced Extension Security for runtime extension security.

At the core of this defense is Precision AI, our proprietary engine that combines machine learning, deep learning and generative AI to automate detection, prevention and remediation with industry-leading accuracy. Unlike standard security tools that rely on static signatures, Prisma Browser, powered by Precision AI, inspects live, fully rendered content. It detects evasive phishing attempts (such as AI-generated cloaking) and malicious reassembly attacks that legacy tools miss, effectively fighting AI with AI. Fueled by intelligence from over 70 thousand customers, Prisma Browser delivers unmatched threat detection, identifying and blocking up to 8.95 million new and unique attacks every single day.

The Frost Report says this about Palo Alto Networks Innovation:

Key differentiating capabilities include last-mile data leakage protection with browser-level visibility; AI-powered web attack detection and prevention with full page runtime visibility; detection and disabling of malicious extensions using behavioral monitoring; an advanced AI-powered DLP engine; in-browser anti-exploit protection; and a rich library of AI applications and agents.

Crucially, Enterprise DLP capabilities are embedded directly into the rendering engine, granting granular control over sensitive data that traditional network-level tools effectively miss. This helps ensure that data on both managed and unmanaged devices remains secure against exfiltration via clipboard restrictions, screenshot blocking, real-time redaction and more, without disrupting the user experience.

Prisma Browser’s Growth Advantage

Central to the widespread adoption of Prisma Browser is our proven ability to secure the managed workforce at scale without disrupting daily workflows. One of our key differentiators is our 100% license portability, which allows organizations to deploy Prisma Browser across their entire fleet of devices, whether as full browsers, extensions, mobile solutions and firewall connectors with complete flexibility. This frictionless deployment model enables IT teams to instantly layer enterprise-grade security and unified policies onto the same native browser UX employees already know and use.

For CISOs and CIOs focused on streamlining operations, Prisma Browser is also offered as a fully integrated solution within the Prisma^® SASE platform, enabling unified policies across all Palo Alto Networks solutions.

Looking Ahead

While we are proud of our position on the Frost Radar: Zero Trust Browser Security (ZTBS) report, we are just getting started. By accelerating initiatives in GenAI security, complete web protection, modern data protection and VDI reduction, we are redefining the browser. We don't just want the browser to be where you work; we are transforming it from the primary attack vector into one of the organization's most robust lines of defense and the single point where they can identify AI driven attacks and fight AI with AI.

Read the full Frost Radar: Zero Trust Browser Security (ZTBS), 2025 report to explore the details behind our market leadership. Then, schedule a demo to witness how Prisma Browser transforms your primary workspace into your strongest line of defense.

The post Redefining Workspace: Prisma Browser Secures Leadership in Frost Radar appeared first on Palo Alto Networks Blog.

Every CIO and CISO we speak with describes the same paradox: AI is now central to their transformation agenda, yet the fastest way to derail that agenda is to lose control of AI. As generative AI, agentic systems and embedded AI features spread across the enterprise, leaders are no longer asking if they need AI security; they’re asking what kind of AI security strategy will actually scale.

Gartner^® has published two recent reports that validate this reality and outline the strategic direction enterprises must take to secure their AI:

• GMs: Win the AI Security Battle With an AI Security Platform (available as a complimentary reprint from Palo Alto Networks).
• AI Vendor Race: Palo Alto Networks Is the Company to Beat in AI Security Platforms, published December 8, 2025.

Why AI Security Is a Platform Game

Point products can plug individual gaps, but they can’t keep up with the speed, complexity and interconnected nature of AI adoption. And more importantly, they struggle to deliver the trust, consistency or scale AI transformation requires.

Many organizations are already experiencing AI adoption outpacing traditional security tools. Security teams are under pressure on three fronts:

• Risk – Shadow AI, unmanaged agents and custom LLMs create new pathways for data loss, intellectual property exposure and model misuse.
• Cost – Each new AI use case brings yet another tool, driving up license, integration and operations costs.
• Complexity – Fragmented controls across network, data, identity and application stacks create blind spots exactly where AI is moving fastest.

From a CIO or CISO’s perspective, this isn’t just a technical concern but the fault line beneath their entire AI agenda. CIOs are under pressure to deliver productivity gains, cost efficiencies and new AI-powered capabilities faster than ever before.

CISOs, on the other hand, see a parallel reality: custom-built AI applications that may be insecure by default, agents that can act unpredictably, and a constant risk that company secrets or customer data could leak into third-party GenAI tools.

If AI moves forward without security, the enterprise is exposed. If AI slows down because security can’t keep up, the business misses its transformation goals. This is why AI security isn’t a feature; it’s the determining factor in whether AI becomes a competitive advantage or a strategic setback.

Gartner recommends the path forward as “an integrated modular AI security platform (AISP) with a common UI, data model, content inspection engine and consistent policy enforcement.”

Gartner further recommends prioritizing investments in two phases.

Phase 1

Start with AI usage control to secure the consumption of third-party AI services.

Phase 2

Expand into AI application protection to securely develop and run AI applications.

Phase 1: Securing Generative AI Usage Is the “Right Now” Challenge

Before enterprises can secure how AI is developed, they must first understand how it is already being used across the organization. The earliest risks often emerge not from the AI-enabled apps built in-house, but from the external generative AI tools and copilots employees adopt, and often without the IT teams’ knowledge.

That’s why we think the report identifies AI usage control as phase one and why we recommend IT leaders start with these immediate questions to assess their organization’s AI usage.

• Where is AI actually being used in my organization?
• Which tools, copilots and agents are in play, and on what data?
• How do I enable productivity without losing control?

Phase 2: Securing AI Development Early Into the AI Lifecycle

Once public generative AI use is understood, the harder challenge emerges: Securing the AI apps and tools that your organization creates for itself. As models, agents and pipelines move into production, the questions shift from visibility to integrity, safety and scale.

Key questions that organizations must answer in phase two include:

• What AI applications, models and agents are my teams building, and where do they live?
• How do I manage the integrity, safety and compliance of AI apps before they reach production?
• How do I protect models and AI applications from prompt injection, misuse or agentic threats?
• How do I scale AI innovation without creating security bottlenecks for developers?

Palo Alto Networks Delivers the AI Security Platform

Although organizations can separate the work around securing AI usage and AI development, they are not two separate problems. The same organization that needs visibility into employees using public GenAI apps also needs to protect the AI applications and agents they’ve built as they move into production. A platform approach is what allows shared policies, shared guardrails and shared context across both sides of the AI usage and development equation.

That is exactly the philosophy behind our Secure AI by Design approach:

• Secure how GenAI is used with Prisma^® Browser and Prisma SASE to discover AI tools in use, govern access and prevent sensitive data from flowing into public models, all while keeping users productive with GenAI and enterprise copilots.
• Secure how AI is built with capabilities of Prisma AIRS, such as model and agent security, AI security posture management, runtime protection, automated testing with AI Red Teaming, as well as coverage for agentic protocols, like MCP, securing custom AI applications, agents and pipelines.

Gartner identifies Palo Alto Networks as “the company to beat” in their newly released report as of December 8, 2025: “AI Vendor Race: Palo Alto Networks Is the Company to Beat in AI Security Platforms.”

We believe we are the AI Security Platform to beat because:

• Palo Alto Networks product portfolio across network, edge, cloud and data provides a strong foundation for AI usage visibility and control.
• The acquisition of Protect AI integrated industry-leading AI talent and products resulting in the recently announced Prisma AIRS 2.0, which delivers comprehensive end-to-end AI security, seamlessly connecting deep AI agent and model inspection in development with real-time agent defense at production runtime. The platform, continuously validated by autonomous AI red teaming, secures all interactions between AI models, agents, data and users. This gives enterprises the confidence to discover, assess and protect their entire AI ecosystem, accelerating secure innovation.
• Complementing the platform, Unit 42^®’s deep expertise and Huntr’s bug bounty program, provide security thought leadership that directly improves product effectiveness and threat intelligence. These programs help us continuously uncover new attack patterns, misconfigurations and supply chain risks unique to AI systems, as well as feed those insights directly back into the product roadmap.
• Our large installed base and distribution channels create a flywheel for AI security platform adoption and learning from our customers and partners.

We also believe that underneath the technical requirements is a deeper truth: CIOs and CISOs want to move fast on AI, but they only feel safe doing so with a partner who has the scale, signal and staying power. This is where our breadth, research depth and ecosystem matter.

Leading Responsibly Means Listening, Innovating and Evolving

Being early is an advantage, but staying ahead requires humility and continuous learning. Leading means seeing what comes next, and Gartner’s insights accelerate our own roadmap as we continue to evolve.

• Simplifying the Experience: We are integrating capabilities across Prisma AIRS, Prisma SASE and Prisma Browser to make AI security easier to adopt, operate and scale through Strata Cloud Manager as the single entry point.
• Going Deeper into the AI Engineering Pipeline: We recognize that securing AI must start early in the developing environment and ML pipeline, not just at runtime. Our integrations with AI development tools and code repositories will continue to expand.
• Keeping Pace with a Fast-Moving Market: We are investing in open standards, partnerships and research, so our customers don’t have to chase every point solution that appears. Palo Alto Networks is also a contributing member to OWASP Standards and Threat analysis to help create an industry standard on AI security.
• Working Along Native AI Controls: Cloud providers and AI platforms are adding their own security features. We aim to complement, not replace, those controls, providing unified visibility, advanced protection and consistent policies across a fragmented AI landscape.

For us, being “the company to beat” is not a finish line. It’s a responsibility to listen carefully to customers, adapt as AI evolves, and keep delivering practical, integrated outcomes rather than isolated features.

If you are a GM, CIO, CISO or AI leader trying to make sense of a rapidly crowding AI security landscape, we believe “GMs: Win the AI Security Battle With an AI Security Platform”​​ is essential reading.

In the end, the real race isn’t about features; it’s about who helps enterprises accelerate transformation safely, reduce risk and compete better with AI they can trust.

 

Disclaimer: Gartner does not endorse any company, vendor, product or service depicted in its publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner publications consist of the opinions of Gartner’s business and technology insights organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this publication, including any warranties of merchantability or fitness for a particular purpose.

Gartner, AI Vendor Race: Palo Alto Networks is the Company to Beat in AI Security Platforms, By Mark Wah, Neil MacDonald, Marissa Schmidt, Dennis Xu, Evan Zeng, 8 December 2025. 

Gartner, GMs: Win the AI Security Battle With an AI Security Platform, By Neil MacDonald, Tarun Rohilla, 6 October 2025.

GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved.

The post Winning the AI Race Starts with the Right Security Platform appeared first on Palo Alto Networks Blog.

At Palo Alto Networks, we believe that the true measure of our technology isn’t just in how it performs in the lab, but how it empowers our partners to solve critical security challenges for their customers. That is why we are incredibly proud to announce that Palo Alto Networks has been recognized by CRN with the 2025 Products of the Year Award for Cortex XSIAM^® and 2025 Tech Innovator Award for Prisma^® SASE.

This recognition is particularly meaningful because it is not decided by a small panel of judges. The CRN Awards are determined solely by ratings from solution providers – the people who are out in the field every day, deploying these tools to secure the modern enterprise.

Here is a look at why partners are betting on our platform.

Cortex XSIAM Outperforms Legacy SIEM by Sweeping Award Subcategories

Solution providers validated the shift to AI-driven operations by voting Cortex XSIAM the definitive choice for the modern SOC. We secured the Overall Category Winner title in the CRN 2025 Products of the Year Awards for Security Operations Platform/SIEM. Ranking #1 in technology, revenue and customer need, this verdict comes directly from the experts who deploy security architectures every day.

The Clean Sweep

Cortex XSIAM swept the board. We secured the top ranking across all three evaluation criteria:

• Technology: Best-in-class innovation
• Revenue and Profit: Proven business value
• Customer Need: Solves critical operational challenges

This trifecta proves the platform excels in practice, not just theory. The legacy SIEM era is giving way to something fundamentally different.

For our partners, XSIAM represents a shift from "managing tools" to "delivering outcomes." By unifying SOC capabilities into a single, AI-driven platform, we are enabling solution providers to offer faster detection and remediation services without the operational overhead of legacy SIEMs.

As Dave Kennedy, Co-Founder & Chief Hacking Officer at Binary Defense, notes:

Effective security operations depend on actionable intelligence. Cortex XSIAM delivers the depth and precision our analysts need to connect the dots and act decisively. This award-winning platform, now recognized as CRN’s 2025 Product of the Year, strengthens our shared mission to protect organizations from evolving threats.

​​To dive deeper into how Cortex XSIAM continues to lead with AI-driven innovation, watch the on-demand webinar introducing the revolutionary Cortex AgentiX.

​​While XSIAM is transforming security operations, another Palo Alto Networks solution is reimagining network security entirely.

Prisma SASE Is Redefining Network Security

We believe being recognized as a Tech Innovator is a powerful validation of our commitment to delivering a best-in-class security that empowers our customers.

As per the CRN 2025 Tech Innovator Awards:

Prisma SASE from Palo Alto Networks is a comprehensive SASE solution converging networking and security for the entire hybrid workforce. Prisma SASE secures users, apps, data and devices everywhere. It delivers best-in-class security, exceptional user experiences and simplified operations through a unique multicloud architecture, single console, unified policies and AI copilot.

We secured this award primarily due to our deep understanding of customer needs. At Palo Alto Networks, understanding customer needs isn't just about listening to feedback on existing features; it's about anticipating where the future of work is heading. We don't just build security; we build solutions that adapt to our customer’s reality. Listening to over 70 thousand of our customers, we continue to push the boundaries of security, culminating in our latest Prisma SASE 4.0 launch.

The Power of the Platform

Winning 2025 Product of the Year and 2025 Tech Innovator in both SecOps and Network Security underscores the reality that today’s partners and customers are looking for unified, best-in-class solutions.

Whether it is revolutionizing the SOC with Cortex XSIAM or securing the hybrid workforce with SASE, these awards reflect the trust our solution providers place in us. We are committed to continuing this momentum, equipping our partner community with the innovation they need to stay ahead of tomorrow’s threats.

Thank you to all our partners who voted and continue to trust Palo Alto Networks as your cybersecurity platform of choice.

The post Partners Are Fueling Innovation with Cortex XSIAM and Prisma SASE appeared first on Palo Alto Networks Blog.

Here is an overview of content I published in November:

Blog posts:

• Update: cs-parse-traffic.py Version 0.0.6
• Update: numbers-to-hex.py Version 0.0.4
• Quickpost: Power Requirements Of A Keylogger
• Quickpost: CR1225 vs CR1220
• Copy/Paste Delays In Excel Because Of Default Printer

SANS ISC Diary entries:

• Honeypot: Requests for (Code) Repositories
• Honeypot: FortiWeb CVE-2025-64446 Exploits
• SANS Holiday Hack Challenge 2025
• Finger.exe & ClickFix
• Decoding Binary Numeric Expressions
• Wireshark 4.4.1 Released
• YARA-X 1.10.0 Release: Fix Warnings