The early weeks of 2026 have already made one thing clear: Government cybersecurity is in a new phase, shaped not by incremental change, but by the rapid integration of AI into core public-sector missions. AI systems are now embedded in critical infrastructure, federal service delivery, research environments, as well as state and local operations. At the same time, nation-state adversaries are leveraging AI to accelerate intrusion, scale deception and manipulate trusted systems in ways not possible even a year ago.
As Senior Vice President of Public Sector at Palo Alto Networks, I see a decisive shift underway. Defending the public sector in 2026 means navigating a world where security depends on verifying identity, securing data and governing AI-driven systems that act without human intervention. Success now hinges on architectures that assume automation, operations that prioritize coordination, and governance frameworks capable of managing AI at mission scale.
Here are the developments that will define the year ahead.
1. AI-Native Security Must Become Integral to Federal Operations
AI in federal environments is no longer an experiment. Agencies are now designing workflows, SOC missions and cloud architectures around AI-driven detection and response. The emphasis is shifting from supplementing human analysts to building systems that maintain visibility, correlate threats, and respond autonomously when human capacity is limited. This builds on what we forecasted last year, when federal cybersecurity teams began using AI to replace manual workflows and drive down detection and response times.
The shift will be practical. Federal teams must plan to deploy AI systems that correlate logs, identify behavioral anomalies, prioritize threats, and suppress noise before analysts ever see an alert. Manual, ticket-based workflows will no longer meet federal timelines for investigation or reporting, particularly as adversaries automate more phases of attack.
2. Identity Emerges as the Central Federal Security Challenge
The biggest shift in 2026 will be the collapse between “identity” and “attack surface.” Deepfake technologies now operate in real time. AI-generated voices and video can impersonate senior leaders at a level undetectable by traditional controls. Machine identities continue to proliferate; they will outnumber human identities this year. And autonomous agents can initiate high-impact actions without human oversight. This reflects a broader crisis of authenticity now reshaping how enterprises defend identity itself.
Identity abuse will no longer be limited to credential theft. This turns identity into a systemic risk. One compromised identity (human, machine or agent) can cascade through automated systems with little friction. Federal programs will need to prioritize continuous identity verification, stronger proofing and governance frameworks that validate the legitimacy of both human and AI-driven activity.
3. AI Systems Must Be Secure-by-Design
Stemming from the clear mandate in the AI Action Plan (and subsequent work by NIST to develop an AI/Cyber Profile on top of the existing Cybersecurity Framework) agencies will steadily integrate AI security into their deployment of AI technologies.
This imperative is critical as AI systems are susceptible to novel threats. Data poisoning of training sets, manipulated inputs and hidden instructions in untrusted datasets compromise the intelligence that agencies rely on for analysis, planning and mission support. To support the security of this AI-first moment, Palo Alto Networks was proud to make its AI security platform, Prisma® AIRS™, available through the GSA OneGov initiative.
4. Nation-State Operations Expand Through AI Automation
Adversaries will use AI to compress the time between reconnaissance, exploitation and lateral movement. We expect rapidly increasing the use of AI to chain vulnerabilities, tailor social engineering campaigns, and generated malware variants that adapt in real time.
The focus will broaden beyond IT networks. AI will be used to disrupt OT systems and target sensitive research environments. Foreign intelligence services will weaponize AI to blur the line between intrusion and information operations, producing hybrid campaigns that attack both systems and the legitimacy of institutions.
5. Autonomous SOC Capabilities Become Essential
Federal SOCs will evolve from human-centered command centers to hybrid operations where autonomous agents run major components of the detection and response mission. These agents will triage alerts, enforce containment, and initiate predefined responses.
This evolution comes with risk. AI agents with broad authority can be misused or manipulated if not properly governed. Agencies will need safeguards to track agent behavior, enforce least privilege on agents, and prevent misuse through runtime monitoring and “AI firewall” controls designed to stop malicious prompts and unauthorized actions. The same pressures are shaping enterprise security, where controls like AI firewalls and circuit breaker mechanisms are becoming standard practice. Automation will only strengthen federal security if paired with rigorous oversight and continuous validation of agent activity.
6. Shared and Federated SOC Structures Gain Momentum
As threats scale, agencies will increasingly operate through shared or federated security structures. Instead of isolated SOCs, agencies will adopt analytics layers capable of correlating activity across departments and exchanging findings in real time.
This shift will reduce redundancy and provide faster insight into nation-state campaigns that cross federal boundaries. Early adopters will establish shared analytic and response frameworks that allow agencies to coordinate without sacrificing mission-specific control. Civilian agencies will lead early adoption with broader participation across defense and national security stakeholders expected later in the year.
7. The Post-Quantum Deadline Becomes Immediate
In 2026, post-quantum cryptography planning will move to implementation. Accelerated advances in quantum computing and AI-based cryptanalysis will push agencies to transition from pilot efforts to mandated modernization.
Agencies will focus on discovering where vulnerable algorithms are used, replacing outdated libraries, and implementing crypto-agility so systems can evolve without major redesigns. Systems with unpatchable cryptographic components will be flagged for full replacement, forcing agencies to reconcile years of accumulated “crypto debt.”
8. Data Trust and Cloud Workload Protection Become Priority Missions
The rise of AI workloads will force agencies to rethink how they protect data. Infrastructure controls alone cannot detect when training data has been manipulated or when model outputs no longer reflect real-world conditions.
Agencies will unify developer and security workflows and use tools like Data Security Posture Management and AI security posture management (AI-SPM) to track data lineage and enforce protections at runtime. Enterprises are addressing the same issue by bringing development and security teams together under shared data governance models. Ensuring model trustworthiness will become a mission-support requirement, not just a security objective.
9. Platform Consolidation Becomes Necessary
Fragmented tools cannot support the visibility and oversight required for AI governance. Executives will push for platform consolidation to unify network, identity, cloud, endpoint and AI security. Integrated platforms will gain favor because they enable consistent policy enforcement and a single operational picture across increasingly automated environments.
1. AI Adoption Splits SLED into Distinct Tiers
In 2026, disparities in funding and technical capacity will widen. Some states will deploy AI across security operations, citizen services and identity verification. Others will struggle to maintain legacy systems.
Well-resourced jurisdictions will reduce response times and improve resilience. Underfunded ones will remain exposed to ransomware and disruption. Without targeted modernization efforts, a national divide in SLED cybersecurity maturity will deepen.
2. Regional Models Become the Practical Path Forward
Silos are no longer sustainable. SLED organizations will rely on shared SOCs, regional threat intelligence hubs and coordinated incident response agreements. States will formalize partnerships to share expertise, reduce costs and defend interconnected systems. This evolution represents the maturation of the “team sport” mentality we predicted in 2025. These models reflect operational reality: Compromised data or infrastructure in one jurisdiction often creates immediate risk for its neighbors.
3. Higher Education Redesigns Its Security Baseline
Universities will classify cybersecurity alongside energy, research infrastructure and physical security as essential institutional functions. Secure browser adoption, stronger vendor oversight and centralized identity governance will become the norm.
AI research environments will receive increased scrutiny, and universities participating in federally funded research will face stricter compliance requirements to prevent data poisoning and model manipulation. Institutions with large research portfolios will prioritize securing lab environments where AI models are trained and evaluated.
4. K–12 Systems Enter a New Phase of Security Oversight
States will introduce new security mandates for K–12 environments, covering MFA, network segmentation, secure browsers, identity verification and foundational zero trust principles. AI-enabled ransomware will remain a threat. Smaller districts will adopt managed services or regional support structures as they confront growing operational and compliance demands. Districts that modernize identity controls and browser security will significantly reduce their exposure compared to those reliant on legacy tools. Building on the regulatory momentum we predicted in 2025, K–12 institutions will continue moving from defensive posture to proactive security adoption.
5. Local Governments Face Escalating AI-Driven Ransomware
Municipal governments remain high-value targets due to limited staffing and aging infrastructure. AI gives threat actors the ability to automate reconnaissance, craft targeted phishing messages, and identify vulnerabilities with little effort.
Attacks timed to public safety incidents or weather emergencies will increase, meaning local governments will need stronger identity controls, automated endpoint protection and access to managed detection and response. Operational continuity will depend on reducing time-to-detect and time-to-contain, capabilities that smaller municipalities cannot achieve without external support.
6. Managed Services and Platform Consolidation Become Standard
As technical demands grow, SLED organizations will move toward managed SOC models and consolidated vendor ecosystems. Platforms that integrate data protection, threat detection, identity governance and AI oversight will gain traction. Point tools without interoperability will decline. Budget-constrained environments will favor comprehensive platforms that reduce operational burden and simplify compliance.
7. Identity and Data Trust Become Central SLED Priorities
SLED organizations manage sensitive student records, election data and social services information. These environments are increasingly strained by the rapid growth of machine identities and AI-driven applications.
Synthetic identities and AI-generated credentials will be used to infiltrate systems with limited oversight. Continuous identity verification, data lineage tracking and posture management will become essential to prevent fraud, service disruption and data manipulation. Identity assurance and data integrity will become the foundation of public trust at the state and local level.
The post 2026 Public Sector Cyber Outlook: Identity, AI and the Fight for Trust appeared first on Palo Alto Networks Blog.
The mission to modernize government IT is accelerating at lightning speed, largely thanks to the transformative power of artificial intelligence (AI). Federal agencies are strategically leveraging AI to boost efficiency, enhance citizen services, and strengthen national security – a vision fully supported by the administration’s AI Action Plan.
At Palo Alto Networks, we are all-in on helping agencies deploy AI bravely and securely. Because the challenge isn't just about using AI for cyberdefense, but also about defending AI itself. We appreciate the U.S. General Services Administration (GSA) recognizing the critical need for scalable, efficient solutions.
That is precisely why the GSA OneGov Initiative is a massive, game-changing step forward. We are proud to be the first pure-play cybersecurity vendor to secure a OneGov agreement with the GSA. This strategic alliance simplifies and standardizes the process for agencies to access our world-class, AI-powered security platform, ensuring security is foundational to this crucial modernization mission.
If you needed a clear sign that AI has fundamentally shifted the cybersecurity landscape, our own Unit 42 research provides it. The new reality isn't just about hackers using AI in their attacks; it’s also about how internal AI provides another attack surface for threat actors.
The most insidious new threat we've observed is AI Agent Smuggling, where malicious attackers use AI agents to exploit other agents. Our Unit 42 research highlights two major vectors:
This confirms our core belief as stated in a recent secure AI by Design blog: The AI ecosystem (the models, data and infrastructure) is now a complex, expanding attack surface that traditional perimeter defenses were simply not designed to protect.
As I’ve said before, “If you’re deploying AI, you must deploy AI security.”
The GSA’s OneGov Initiative aims to streamline procurement and drive down costs by leveraging the purchasing power of the entire federal government. This is more than an agreement; it’s a direct response to the call for a "secure-by-design" approach to federal AI adoption. This agreement simplifies and standardizes the process for agencies to access our world-class, AI-powered security platform, ensuring that security is foundational, not an afterthought. It provides industry leading AI security tools into the hands of our cyber defenders today.
To counter the autonomous threats we’re seeing, we provide a platform that protects the entire AI lifecycle, from the developer's keyboard to the data center.
Securing the AI supply chain requires visibility across every stage, especially during runtime when models are processing sensitive data.
delivers comprehensive security for the entire AI lifecycle, in one unified platform. It allows organizations to deploy traditional apps as well as AI applications, models and agents with confidence by reducing risk from misuse, data loss and sophisticated AI-driven threats. Prisma AIRS provides a clear, connected view of assets in multicloud environments, so teams can eliminate silos, accelerate responses, as well as scale cloud and AI apps securely. solution to secure the entire application lifecycle from development to runtime. Our industry-leading CNAPP eliminates silos to deliver comprehensive visibility and best-in-class protection across multicloud environments.Even the most advanced AI defenses are undermined if users accessing applications and data are left vulnerable outside corporate security boundaries. The explosive growth of generative AI tools and the unseen behavior of AI agents are amplifying data exposure risks.
(FedRAMP-Moderate Authorized) integrate security capabilities, like zero trust network access (ZTNA), secure web gateway (SWG) and cloud access security broker (CASB), to provide a unified policy framework and a consistent user experience.The GSA OneGov agreement is a pivotal moment that provides federal agencies with the cost-effective, streamlined access they need to deploy AI with confidence. By leveraging our unified, AI-powered platform, government organizations can stop reacting to threats and start building secure-by-design AI environments. We are committed to remaining a key partner in this strategic initiative and helping the government achieve its mission outcomes safely.
For more information and access to promotional offers for new contracts signed on or before January 31, 2028, federal agencies can visit the GSA OneGov website.
The post Securing the AI Frontier appeared first on Palo Alto Networks Blog.
In cybersecurity, vulnerability information sharing frameworks have long assumed that conventional threats exploit flaws in software or systems, and they can be resolved with patches or configuration updates. AI and machine learning (ML) models upend that premise as adversarial attacks, like poisoning and evasion, target the unique way AI models process information. Consequently, the risks for AI systems include tactics like model poisoning (from evasion attacks) in datasets and training, which are not conventional software vulnerabilities. These new vulnerabilities fall outside the scope of traditional cybersecurity taxonomies like the Common Vulnerabilities and Exposures (CVE) Program.
There is a need to bridge the gap between the existing cybersecurity vulnerability sharing structure and burgeoning efforts to catalog security risks to AI systems. Provisions in the White House AI Action Plan, which Palo Alto Networks supports, call for the creation of an AI Information Sharing and Analysis Center (AI-ISAC), reinforcing the importance of addressing that disconnect. This integration is essential, as leveraging the existing, widely adopted cybersecurity infrastructure will be the fastest path to ensuring these new standards are accepted and operationalized.
The global cybersecurity community relies on a mature infrastructure for sharing standardized vulnerability intelligence. Central to this ecosystem is the CVE List, established in 1999 as the authoritative catalog of cybersecurity vulnerabilities. Through CVE IDs and a network of CVE Numbering Authorities (CNAs), this framework enables consistent vulnerability documentation and disclosure.
Similarly, the Common Vulnerability Scoring System (CVSS) provides standardized severity assessments, allowing security teams to prioritize responses. Together with resources like the National Vulnerability Database (NVD) and CISA’s KEV Catalog catalog, these tools form the backbone of global vulnerability management, information sharing and coordinated disclosure.
While this infrastructure has served the cybersecurity community effectively for over two decades, it was designed around traditional threat models that AI systems substantially upend. Attacks on AI systems represent a critical departure from traditional cybersecurity threats as they operate insidiously, subtly corrupting core reasoning processes, causing persistent, systemic failures, some of which only become evident over time. Most traditional cybersecurity tools are not equipped to recognize those breakdowns because they assume deterministic behavior and rules-based logic. AI systems defy those assumptions because AI is probabilistic, not deterministic. Consequently, attacks on AI models may remain hidden for extended periods.
Unlike traditional cybersecurity threats that target code, adversarial AI attacks target the underlying data and algorithms that govern how AI systems learn, reason and make decisions. Consider the following predominant adversarial attack methodologies on machine learning:
The expansion of existing security frameworks and programs is necessary to cover the enumeration, disclosure and downstream management of security risks to AI systems.
In July, the Administration unveiled the AI Action Plan, an innovation-first framework balancing AI advancement with security imperatives. The Plan prioritizes Secure-by-Design AI technologies and applications, strengthened critical infrastructure cybersecurity and protection of commercial and government AI innovations.
Notably, it recommends establishing an AI Information Sharing and Analysis Center (AI-ISAC) to facilitate threat intelligence sharing across U.S. critical infrastructure sectors and encourages sharing known AI vulnerabilities, “tak[ing] advantage of existing cyber vulnerability sharing mechanisms.” These provisions affirm that AI security underpins American leadership in the field and, where possible, should be built upon existing frameworks.
To position the CVE Program for the AI-driven future, Palo Alto Networks is engaging directly with industry and program stakeholders to chart the path forward. Traditionally, the CVE Program serves as an ecosystem-wide central warning system. It provides a unified source of truths for security risks. A security risk catalog and identification system are needed for AI systems, as they currently fall outside the traditional scope of the CVE Program that has focused exclusively on vulnerabilities rather than on malicious components. The historical aperture of the current CVE Program excludes harmful artifacts, such as backdoored AI models or poisoned datasets, which represent fundamentally different attack vectors, in turn creating security blind spots.
The United States leads in AI innovation and must equally lead in securing it. As momentum builds behind the AI Action Plan and the establishment of the AI-ISAC, we have a critical window to shape information sharing frameworks of the future. The goal is to ensure that cybersecurity and AI security infrastructure advance in unison with the technology itself. Integrating new AI vulnerability standards into trusted frameworks like the CVE Program aligns with industry focus and needs. Through proactive, coordinated action, we can unlock AI’s full promise while safeguarding the models that are embedded in the critical systems on which our nation depends.
The post Bridging Cybersecurity and AI appeared first on Palo Alto Networks Blog.
Artificial intelligence has shifted to being the primary engine for market leadership. To compete, enterprises are shifting from general-purpose computing to AI factories, specialized infrastructures designed to manage the entire lifecycle of AI. However, this transition requires robust security without sacrificing performance and efficiency.
We are proud to announce that Palo Alto Networks Prisma® AIRS™, accelerated on the NVIDIA BlueField data processing unit (DPU), is now part of the NVIDIA Enterprise AI Factory validated design.
The integrated solution embeds zero trust security directly into the AI infrastructure, providing comprehensive protection without impacting AI performance. By deploying Palo Alto Networks Prisma® AIRS™ Network Intercept directly onto the NVIDIA BlueField and extending to the cloud, Prisma AIRS establishes an essential zero trust governance fabric for the AI factory, enabling enterprises to accelerate innovation while maintaining control.
This critical architectural shift enables optimal AI performance and infrastructure efficiency by offloading security processing to an isolated domain, while leveraging the DPU's hardware acceleration via NVIDIA DOCA to enforce security policies at line speed. The implementation also leverages real-time workload information captured using DOCA Argus, which is then passed to Cortex XSIAM® where it is used for AI-driven responses using the Cortex XSOAR® orchestration platform.
Rich Campagna, SVP Product Management, Palo Alto Networks said:
The AI Factory is the new engine for value creation, and securing it is a board-level imperative. The validation of Palo Alto Networks Prisma AIRS accelerated with NVIDIA BlueField within the NVIDIA Enterprise AI Factory enables a new security architecture for the AI era. We are embedding trust directly into the infrastructure, giving leaders the confidence to safeguard their proprietary intelligence and deploy AI bravely.
Kevin Deierling, senior vice president of Networking at NVIDIA said:
AI is transforming every industry and security must evolve to protect AI factories. To be scalable, security must be distributed and embedded within the AI infrastructure. This is achieved with NVIDIA BlueField running Palo Alto Networks Prisma AIRS to deliver robust, runtime security for the AI factory, with optimal AI performance and efficiency.
The Future of Secure AI Factories
In addition to deploying Palo Alto Networks Prisma AIRS on NVIDIA BlueField in a distributed model, it’s essential to maintain a centralized Hyperscale Security Firewall (HSF) cluster at the ingress and egress points of the AI factory to enforce a defense-in-depth strategy. Beyond network segmentation, individual workloads can selectively route traffic through hyperscale clusters to detect advanced application-layer threats and prevent lateral movement. These hyperscale firewall clusters scale elastically with demand, delivering session resiliency and the high availability required for critical AI operations.
This architecture fundamentally improves the Total Cost of Ownership (TCO) for AI infrastructure. By isolating security functions on BlueField, enterprises enable 100% of host computing resources to be dedicated to AI applications. This elimination of resource contention allows the AI Factory to maximize token throughput and capital efficiency.
This validated design is the blueprint for immediate efficiency. It provides a seamless path for enterprises to shift from general-purpose clusters to secure AI factory infrastructure without costly overhauls. More importantly, this collaboration establishes an unparalleled roadmap for future-proofing your investment. By securing operations with the high-performance NVIDIA BlueField-3 today, the architecture is inherently ready for the next generation, NVIDIA BlueField-4. This forward compatibility helps AI factories immediately handle gigascale demands, scaling up to 6X the compute power and doubling the bandwidth when BlueField-4 becomes available.
The inclusion of the Palo Alto Networks Prisma AIRS platform in the NVIDIA Enterprise AI Factory Validated Design bolsters enterprise AI security. By establishing the zero trust governance fabric of Prisma AIRS runtime security on NVIDIA BlueField, organizations gain a comprehensive defense. Proprietary and sensitive data is secured throughout the entire stack, and models are protected from adversarial threats, such as prompt injection attacks. With Prisma AIRS, the world's most comprehensive AI security platform, leaders gain the confidence to innovate and deploy AI bravely. This validated design is the essential blueprint for securely accelerating your market leadership without compromising security.
The post Palo Alto Networks Announces Support for NVIDIA Enterprise AI Factory appeared first on Palo Alto Networks Blog.
Every year, the cloud is becoming more distributed, automated and tightly wired into the business. Every day, adversaries compress the timeline between compromise and data exfiltration. What once took them 44 days now takes minutes. For the fifth year in a row, Palo Alto Networks State of Cloud Security Report 2025 captures the changes both big and small that security leaders are navigating in the market today. Our report reveals that the rapid adoption of enterprise AI is fueling an unprecedented surge in cloud security risks, driving a massive expansion of the attack surface. We found that 99% of organizations experienced at least one attack on their AI systems within the past year, and the acceleration of GenAI-assisted coding is outstripping security teams' capacity to keep pace. What’s missing isn't just visibility, it’s alignment.
Our research, drawing on insights from more than 2,800 security leaders, surfaces the critical cost of misalignment across teams, tools and workflows. This report provides key benchmarks to help inform the decisions that shape your cloud strategy as we track where teams gain ground, where they struggle, and how the threat landscape, now accelerated by AI, is evolving.
The biggest shift in the cloud landscape is the acceleration of risk driven by AI adoption. As cloud infrastructure expands to host the growing number of AI workloads, it has become a critical target. The introduction of GenAI into development pipelines is also compounding the problem by increasing the volume of insecure code going into production.
Of those surveyed in the 2025 report, 75% of organizations stated that they are running AI in their production environments today. That level is significant, as it points to the growing adoption and use of AI as businesses are locked in what looks like a modern arms race to bring the latest capabilities and benefits to their organizations and customers. In addition, as stated earlier, our findings confirm that 99% of organizations reported at least one attack on their AI systems within the past year. This number proves that AI needs human guardrails, as well as to be secured to contain the risk of critical data exposure by adversaries.
As AI expands the cloud attack surface and has been proven to be a significant target, we can see that code development pipelines are also being stressed by the same forces. An important trend from the 2025 report is the rise of GenAI-assisted coding (vibe coding), used by 99% of respondents. The use of vibe coding is generating insecure code faster than security teams can review it. The acceleration creates a massive risk gap: 52% of teams are shipping code weekly, but only 18% are able to fix vulnerabilities at that same pace. This confirms that traditional, human-led approaches to application security are inadequate, leaving security teams to fight threats with fragmented tools and slow, manual fix cycles.
As the pace of development increases, the disconnect between security assessment and remediation is becoming more apparent too. While teams are making progress by shifting away from outdated vulnerability prioritization methods, they still struggle to integrate security effectively into the development workflow. This introduces a large number of vulnerabilities into production, where 20% of organizations report that an average of 37% of their high or critical issues reach their production environments. Once in production those vulnerabilities linger, as 82% of organizations report it taking longer than a week to deploy code fixes. What is slowing teams down?
The traditional refrain toward implementing prevention that blocks risks from reaching production during rapid code development is still true today. The barriers are clear: 31% cite poor CI/CD integration and another 31% worry about slowing down development. On the positive note, only 17% rely on CVSS scores to prioritize their fixes as teams are now moving more toward context-rich decisions based on exploitability-based triage (32%) and business impact (33%).
Attackers are rapidly pivoting to exploit the foundational layers of the cloud, with a clear focus on ungoverned interfaces and overprivileged access. The volume and autonomy introduced by AI agents further accelerates this exploitation, turning minor gaps into major incidents.
APIs are the new primary entry point. Attacks on APIs increased for 41% of organizations in the last year, marking the sharpest rise of any threat category measured. As agentic AI relies heavily on APIs to operate, this explosion in usage has greatly expanded the attack surface. Furthermore, nearly every AI-related threat, including model supply chain tampering, token theft and prompt injection, involves an API boundary. This reinforces the role of ungoverned interfaces in scalable AI compromise, with 47% of AI system breaches involving data exfiltration through assistants or plugins.
Insufficient access controls remain a leading vector for credential theft and data exfiltration. 53% of organizations cite lenient identity and access management (IAM) practices as a top data security challenge. This problem is compounded by complexity. The number climbs to 57% among organizations running more than six AppSec tools, proving that the discipline required to maintain least privilege is failing to scale with tool sprawl. Data leaves through both legitimate business systems and breach events, making it fundamentally an identity problem.
The top three exfiltration vectors confirm this focus:
Once an attacker gains a foothold, they can move freely. Twenty-eight percent point to unrestricted network access between cloud workloads as a growing threat, allowing attackers to pivot across environments and turn minor compromises into major incidents.
The gap between detection and resolution is where breaches succeed. Today the cloud and SOC divide is proving too slow in the face of machine-speed threats. Structural fragmentation is clearly visible in response times, while 74% of organizations detect threats within 24 hours, 30% take more than a full day to resolve them. A delay like this is caused by disjointed workflows and isolated data sources between cloud and SOC teams, which stall incident response (IR) for 50% of organizations.
The demand for consolidation shows up across the board:
The model that worked for lift-and-shift can't contain threats that move at machine speed. Organizations are ready to collapse the distance between teams and tools.
The State of Cloud Security Report 2025 draws from over 2,800 security leaders and practitioners across 10 countries and includes breakouts by region, industry and cloud maturity, along with the full incident data and strategic insights we’ve touched on here.
To stay ahead of adversaries who use AI to launch attacks at machine speed, human-led defense is no longer sufficient. The report emphasizes that organizations must counter with an equivalent evolution: Agentic security, leveraging autonomous agents to deliver cloud security from code to cloud to SOC.
Download the full State of Cloud Security report to see how today’s leaders are closing the gap and what we recommend.
The post Where Cloud Security Stands Today and Where AI Breaks It appeared first on Palo Alto Networks Blog.
The attack surface for today’s enterprises is incredibly heterogeneous and dynamic. Applications and data are in constant motion, spanning public clouds, private data centers and edge locations. Users connect from anywhere.
For security leaders, this environment has led to an explosion in not only operational complexity, but in many cases, uncertainty. Together, Nutanix and Palo Alto Networks enable security to finally match the speed and scale of these dynamic hybrid cloud environments.
The security ecosystem has become vast and complex. Point solutions accumulate to address specific gaps, yet each adds another interface, another policy language and another integration to manage. However well intentioned, this sprawl can lead directly to fractured visibility, overlapping tools and operational fatigue.
Enterprises today face unprecedented security complexity as hybrid and multicloud environments become the new normal. Currently, 94% of enterprises use some form of cloud service, while 89% report having a multicloud strategy in place. This distributed reality means security is paramount: while managing cloud spending is the number one operational challenge (82% overall), security remains a major concern, affecting 79% of all organizations.
Hybrid cloud adoption offers agility, but it also introduces distinct security challenges that strain traditional approaches. Adversaries have taken notice. Hybrid and multicloud environments are prime targets because they connect sensitive data, privileged accounts and critical systems across public, and on-premises infrastructure. Perimeter-based security models, built for static networks and centralized data centers, cannot keep pace in a world where apps and data continuously move between platforms.
Defense-in-depth has become essential for addressing the inherent dynamism of today’s environments. Network visibility is required to monitor and contain east-west traffic and lateral movement of threats inside cloud environments. Identity controls must verify every user, device and interaction across a distributed workforce. Data protection must follow sensitive information as it traverses multiple clouds, data centers and edge locations.
Yet managing these protections as distinct layers is no longer viable. Each cloud provider introduces its own native security controls. Each additional tool adds another interface and another policy set to maintain. Defense-in-depth only achieves its purpose when its layers are fully unified, providing consistent control enforcement from the edge to the core, comprehensive visibility across traffic, and essential data protections for all workloads, wherever they reside.
Hybrid environments span public clouds, private infrastructure, SaaS ecosystems and legacy on-premises systems. No single vendor can realistically cover that entire landscape, and forcing security into a single closed ecosystem risks creating gaps where those environments meet.
The answer lies in an open ecosystem approach that allows organizations to assemble best-of-breed capabilities rather than being locked into a single provider’s stack.
This flexibility empowers security teams to adapt to the unique requirements of each environment while still operating through a unified security model. Policies can be applied consistently, intelligence can be shared across layers, and protections can move in step with workloads, regardless of platform. In short, this model can effectively support freedom of choice while relieving the operational burden of managing hybrid and multicloud security.
Open ecosystems solve the problem of choice. What remains is the challenge of bringing those best-of-breed capabilities together into a solution that is coherent and scalable.
To transform defense-in-depth from a conceptual framework into a practical system aligned to the realities of hybrid and multicloud deployments, this unified layer should be built on core capabilities:
With these core capabilities, security can finally catch up to the fluidity promised by hybrid cloud operating models.
Explore how Palo Alto Networks and Nutanix, work together to make this unified vision a reality, including joint offerings, like Palo Alto Networks secured Nutanix clusters with VM-Series Firewalls for AWS® and Microsoft® Azure.
The post Untangling Hybrid Cloud Security appeared first on Palo Alto Networks Blog.
We are proud to announce that Frost & Sullivan has recognized Palo Alto Networks Prisma® Browser as the best-positioned market leader in the Frost Radar: Zero Trust Browser Security (ZTBS), 2025 report, securing the premier position for innovation and a leadership position on growth.
This recognition comes at a pivotal moment. For the modern enterprise, the browser is no longer just an application; it is your new OS. With 85% of the work happening in browsers, it has become the focal point where revenue is generated and sensitive data is accessed. However, this shift has transformed your primary workspace into the primary attack vector, with 95% of organizations having reported a security incident originating in the browser, placing it on the frontline against sophisticated AI® threats and critical vulnerabilities. The risk of evasive, AI-driven phishing attempts is compounded by the widespread use of managed and unmanaged devices, creating blind spots that allow sensitive data to be exfiltrated faster than ever.
To combat this, enterprises need a browser that doesn't just display the web but actively defends it with its users, apps, data and devices. This is a necessity that drives our latest industry recognition.
Prisma Browser’s recognition as the best-positioned leader, securing the premier position for innovation and a leadership position on growth, is a testament to our commitment to deliver best-in-class security that is both easy to deploy and that IT and users love to use. By integrating Palo Alto Networks Precision AI® technology, Cloud-Delivered Security Services (CDSS) and Enterprise DLP, we ensure our customers benefit from the power of our security engines. And because they are natively integrated in the browser, we are mitigating threats hiding in encrypted traffic, blind spot web channels, AI-powered spear phishing and other evasive web threats that legacy security tools simply cannot identify.
Our leadership is driven by continuous strategic innovation in the secure browser space. Prisma Browser delivers critical "last-mile" protection through the native integration of CDSS, including Advanced WildFire® for zero-day malware analysis and Advanced URL Filtering instantly at the point of user interaction. Building on this foundation, our latest innovations extend secure work to all applications, including those beyond SSO, providing full visibility and last-mile protection for unmanaged applications, such as GenAI apps, closing gaps left by incomplete identity coverage. We further solidify this best-in-class security through additional cutting-edge innovations: Advanced Web Protection for real-time evasive threat protection, Advanced Browser Protection for zero-day browser exploitation defense, and Advanced Extension Security for runtime extension security.
At the core of this defense is Precision AI, our proprietary engine that combines machine learning, deep learning and generative AI to automate detection, prevention and remediation with industry-leading accuracy. Unlike standard security tools that rely on static signatures, Prisma Browser, powered by Precision AI, inspects live, fully rendered content. It detects evasive phishing attempts (such as AI-generated cloaking) and malicious reassembly attacks that legacy tools miss, effectively fighting AI with AI. Fueled by intelligence from over 70 thousand customers, Prisma Browser delivers unmatched threat detection, identifying and blocking up to 8.95 million new and unique attacks every single day.
The Frost Report says this about Palo Alto Networks Innovation:
Key differentiating capabilities include last-mile data leakage protection with browser-level visibility; AI-powered web attack detection and prevention with full page runtime visibility; detection and disabling of malicious extensions using behavioral monitoring; an advanced AI-powered DLP engine; in-browser anti-exploit protection; and a rich library of AI applications and agents.
Crucially, Enterprise DLP capabilities are embedded directly into the rendering engine, granting granular control over sensitive data that traditional network-level tools effectively miss. This helps ensure that data on both managed and unmanaged devices remains secure against exfiltration via clipboard restrictions, screenshot blocking, real-time redaction and more, without disrupting the user experience.
Central to the widespread adoption of Prisma Browser is our proven ability to secure the managed workforce at scale without disrupting daily workflows. One of our key differentiators is our 100% license portability, which allows organizations to deploy Prisma Browser across their entire fleet of devices, whether as full browsers, extensions, mobile solutions and firewall connectors with complete flexibility. This frictionless deployment model enables IT teams to instantly layer enterprise-grade security and unified policies onto the same native browser UX employees already know and use.
For CISOs and CIOs focused on streamlining operations, Prisma Browser is also offered as a fully integrated solution within the Prisma® SASE platform, enabling unified policies across all Palo Alto Networks solutions.
While we are proud of our position on the Frost Radar: Zero Trust Browser Security (ZTBS) report, we are just getting started. By accelerating initiatives in GenAI security, complete web protection, modern data protection and VDI reduction, we are redefining the browser. We don't just want the browser to be where you work; we are transforming it from the primary attack vector into one of the organization's most robust lines of defense and the single point where they can identify AI driven attacks and fight AI with AI.
Read the full Frost Radar: Zero Trust Browser Security (ZTBS), 2025 report to explore the details behind our market leadership. Then, schedule a demo to witness how Prisma Browser transforms your primary workspace into your strongest line of defense.
The post Redefining Workspace: Prisma Browser Secures Leadership in Frost Radar appeared first on Palo Alto Networks Blog.
Every CIO and CISO we speak with describes the same paradox: AI is now central to their transformation agenda, yet the fastest way to derail that agenda is to lose control of AI. As generative AI, agentic systems and embedded AI features spread across the enterprise, leaders are no longer asking if they need AI security; they’re asking what kind of AI security strategy will actually scale.
Gartner® has published two recent reports that validate this reality and outline the strategic direction enterprises must take to secure their AI:
Point products can plug individual gaps, but they can’t keep up with the speed, complexity and interconnected nature of AI adoption. And more importantly, they struggle to deliver the trust, consistency or scale AI transformation requires.
Many organizations are already experiencing AI adoption outpacing traditional security tools. Security teams are under pressure on three fronts:
From a CIO or CISO’s perspective, this isn’t just a technical concern but the fault line beneath their entire AI agenda. CIOs are under pressure to deliver productivity gains, cost efficiencies and new AI-powered capabilities faster than ever before.
CISOs, on the other hand, see a parallel reality: custom-built AI applications that may be insecure by default, agents that can act unpredictably, and a constant risk that company secrets or customer data could leak into third-party GenAI tools.
If AI moves forward without security, the enterprise is exposed. If AI slows down because security can’t keep up, the business misses its transformation goals. This is why AI security isn’t a feature; it’s the determining factor in whether AI becomes a competitive advantage or a strategic setback.
Gartner recommends the path forward as “an integrated modular AI security platform (AISP) with a common UI, data model, content inspection engine and consistent policy enforcement.”
Gartner further recommends prioritizing investments in two phases.
Start with AI usage control to secure the consumption of third-party AI services.
Expand into AI application protection to securely develop and run AI applications.
Before enterprises can secure how AI is developed, they must first understand how it is already being used across the organization. The earliest risks often emerge not from the AI-enabled apps built in-house, but from the external generative AI tools and copilots employees adopt, and often without the IT teams’ knowledge.
That’s why we think the report identifies AI usage control as phase one and why we recommend IT leaders start with these immediate questions to assess their organization’s AI usage.
Once public generative AI use is understood, the harder challenge emerges: Securing the AI apps and tools that your organization creates for itself. As models, agents and pipelines move into production, the questions shift from visibility to integrity, safety and scale.
Key questions that organizations must answer in phase two include:
Although organizations can separate the work around securing AI usage and AI development, they are not two separate problems. The same organization that needs visibility into employees using public GenAI apps also needs to protect the AI applications and agents they’ve built as they move into production. A platform approach is what allows shared policies, shared guardrails and shared context across both sides of the AI usage and development equation.
That is exactly the philosophy behind our Secure AI by Design approach:
and Prisma SASE to discover AI tools in use, govern access and prevent sensitive data from flowing into public models, all while keeping users productive with GenAI and enterprise copilots., such as model and agent security, AI security posture management, runtime protection, automated testing with AI Red Teaming, as well as coverage for agentic protocols, like MCP, securing custom AI applications, agents and pipelines.Gartner identifies Palo Alto Networks as “the company to beat” in their newly released report as of December 8, 2025: “AI Vendor Race: Palo Alto Networks Is the Company to Beat in AI Security Platforms.”
We believe we are the AI Security Platform to beat because:
We also believe that underneath the technical requirements is a deeper truth: CIOs and CISOs want to move fast on AI, but they only feel safe doing so with a partner who has the scale, signal and staying power. This is where our breadth, research depth and ecosystem matter.
Being early is an advantage, but staying ahead requires humility and continuous learning. Leading means seeing what comes next, and Gartner’s insights accelerate our own roadmap as we continue to evolve.
Cloud Manager as the single entry point.For us, being “the company to beat” is not a finish line. It’s a responsibility to listen carefully to customers, adapt as AI evolves, and keep delivering practical, integrated outcomes rather than isolated features.
If you are a GM, CIO, CISO or AI leader trying to make sense of a rapidly crowding AI security landscape, we believe “GMs: Win the AI Security Battle With an AI Security Platform” is essential reading.
In the end, the real race isn’t about features; it’s about who helps enterprises accelerate transformation safely, reduce risk and compete better with AI they can trust.
Disclaimer: Gartner does not endorse any company, vendor, product or service depicted in its publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner publications consist of the opinions of Gartner’s business and technology insights organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this publication, including any warranties of merchantability or fitness for a particular purpose.
Gartner, AI Vendor Race: Palo Alto Networks is the Company to Beat in AI Security Platforms, By Mark Wah, Neil MacDonald, Marissa Schmidt, Dennis Xu, Evan Zeng, 8 December 2025.
Gartner, GMs: Win the AI Security Battle With an AI Security Platform, By Neil MacDonald, Tarun Rohilla, 6 October 2025.
GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved.
The post Winning the AI Race Starts with the Right Security Platform appeared first on Palo Alto Networks Blog.
At Palo Alto Networks, we believe that the true measure of our technology isn’t just in how it performs in the lab, but how it empowers our partners to solve critical security challenges for their customers. That is why we are incredibly proud to announce that Palo Alto Networks has been recognized by CRN with the 2025 Products of the Year Award for Cortex XSIAM® and 2025 Tech Innovator Award for Prisma® SASE.
This recognition is particularly meaningful because it is not decided by a small panel of judges. The CRN Awards are determined solely by ratings from solution providers – the people who are out in the field every day, deploying these tools to secure the modern enterprise.
Here is a look at why partners are betting on our platform.
Solution providers validated the shift to AI-driven operations by voting Cortex XSIAM the definitive choice for the modern SOC. We secured the Overall Category Winner title in the CRN 2025 Products of the Year Awards for Security Operations Platform/SIEM. Ranking #1 in technology, revenue and customer need, this verdict comes directly from the experts who deploy security architectures every day.
Cortex XSIAM swept the board. We secured the top ranking across all three evaluation criteria:
This trifecta proves the platform excels in practice, not just theory. The legacy SIEM era is giving way to something fundamentally different.
For our partners, XSIAM represents a shift from "managing tools" to "delivering outcomes." By unifying SOC capabilities into a single, AI-driven platform, we are enabling solution providers to offer faster detection and remediation services without the operational overhead of legacy SIEMs.
As Dave Kennedy, Co-Founder & Chief Hacking Officer at Binary Defense, notes:
Effective security operations depend on actionable intelligence. Cortex XSIAM delivers the depth and precision our analysts need to connect the dots and act decisively. This award-winning platform, now recognized as CRN’s 2025 Product of the Year, strengthens our shared mission to protect organizations from evolving threats.
To dive deeper into how Cortex XSIAM continues to lead with AI-driven innovation, watch the on-demand webinar introducing the revolutionary Cortex AgentiX.
While XSIAM is transforming security operations, another Palo Alto Networks solution is reimagining network security entirely.
We believe being recognized as a Tech Innovator is a powerful validation of our commitment to delivering a best-in-class security that empowers our customers.
As per the CRN 2025 Tech Innovator Awards:
Prisma SASE from Palo Alto Networks is a comprehensive SASE solution converging networking and security for the entire hybrid workforce. Prisma SASE secures users, apps, data and devices everywhere. It delivers best-in-class security, exceptional user experiences and simplified operations through a unique multicloud architecture, single console, unified policies and AI copilot.
We secured this award primarily due to our deep understanding of customer needs. At Palo Alto Networks, understanding customer needs isn't just about listening to feedback on existing features; it's about anticipating where the future of work is heading. We don't just build security; we build solutions that adapt to our customer’s reality. Listening to over 70 thousand of our customers, we continue to push the boundaries of security, culminating in our latest Prisma SASE 4.0 launch.
Winning 2025 Product of the Year and 2025 Tech Innovator in both SecOps and Network Security underscores the reality that today’s partners and customers are looking for unified, best-in-class solutions.
Whether it is revolutionizing the SOC with Cortex XSIAM or securing the hybrid workforce with SASE, these awards reflect the trust our solution providers place in us. We are committed to continuing this momentum, equipping our partner community with the innovation they need to stay ahead of tomorrow’s threats.
Thank you to all our partners who voted and continue to trust Palo Alto Networks as your cybersecurity platform of choice.
The post Partners Are Fueling Innovation with Cortex XSIAM and Prisma SASE appeared first on Palo Alto Networks Blog.
Here is an overview of content I published in November:
Blog posts:
SANS ISC Diary entries:
Login