We have moved past the era of incremental AI improvements into a threat landscape shift. Our testing has revealed a step-change in capability that demonstrates an intuitive understanding of software vulnerabilities. This is more than faster code generation, it is a shift from AI as an assistant to AI as an autonomous agent capable of discovering and chaining flaws at a scale that most defenders aren’t prepared for.

These capabilities will not stay confined to controlled environments for long. When Mythos first launched, we predicted a six-month window before attackers gained access. We now believe that timeline has accelerated significantly.

To meet this inflection point, defense must operate at the speed of the adversary. That is why Palo Alto Networks has introduced Frontier AI Defense. This initiative unites our AI-native security platforms with Unit 42^® consulting and threat expertise with strategic partners to deliver continuous protection, prioritized risk mitigation and autonomous remediation.

What the Threat Looks Like Now

The latest frontier models, including OpenAI’s GPT-5.5-Cyber, Anthropic’s Mythos and Claude Opus 4.7, and the specialized variants emerging across major labs, represent roughly a 50% improvement in coding efficiency over their predecessors. That number sounds incremental, but in practice, it’s the threshold at which AI crosses from a helpful assistant into an autonomous operator.

Based on our testing and review, we found four key developments that, taken together, redefine the modern threat landscape:

• Vulnerability Discovery at Scale: Frontier AI is exceptionally effective at identifying vulnerabilities across massive, complex codebases. In our testing, three weeks of model-assisted analysis matched a full year of manual penetration testing, with broader coverage.
• Exploit Chaining & Synthesis: What is more consequential than individual discovery is the models’ ability to think like an attacker. They link multiple lower-severity issues into single, critical exploit paths, seeing full-stack logic, including SaaS and public-facing surfaces, in ways traditional scanners cannot.
• Attack Cycle Compression: In AI-assisted scenarios, the time from initial access to exfiltration has collapsed to as little as 25 minutes. Detection and response measured in hours is no longer a viable standard; single-digit MTTR (Mean Time to Respond) is the new floor.
• The Unsupervised Attack Surface: Rapid AI development and decentralized innovation are creating a massive, unsupervised attack surface in real-time. As local AI agents become commonplace, every desktop is now effectively a server, yet most organizations lack visibility into the code their own employees are generating and deploying.

Our Approach

These emerging threats form the foundation of how we have architected our platform response for the agentic era – Frontier AI Defense. Our approach moves beyond traditional, reactive defense to provide a comprehensive framework built to outpace frontier-AI-enabled attackers. This initiative is defined by:

• Advanced Access: We leverage early access to frontier AI models to harden defenses and simulate attacks before they reach the mainstream.
• Intelligence-Led Resilience: Unit 42 experts leverage frontier AI to fast-track discovery and remediation of exposures at machine speed through our Unit 42 Frontier AI Defense service.
• Unified Global Ecosystem: We provide the scale required for global protection through our Frontier AI Alliance of elite partners, including Accenture, Armadin, Deloitte, IBM, NTT DATA, and PwC.
• Machine Speed Security: By natively integrating Frontier AI across our platforms, we deliver the automated, real-time defense necessary to counter autonomous threats.

The Window Is Open. It Won’t Be for Long.

The capabilities we tested under early-access conditions are expected to become widely available over the next several months. Success in this new environment requires adapting your cybersecurity stack before these tools are in the hands of every adversary.

The threat has never been more sophisticated. The window to prepare for this shift is closing. And we're here to help secure your future at the edge of the frontier.

Visit Palo Alto Networks Frontier AI Defense to learn more.

The post A New Era of Security: Frontier AI Defense appeared first on Palo Alto Networks Blog.

Every AI system you deploy is a potential attack surface. Models and agents can carry embedded backdoors, malicious operators or compromised dependencies. Once running, these artifacts can exfiltrate sensitive data or execute unauthorized code, creating persistent vulnerabilities within the enterprise perimeter. Organizations running AI workloads on Nutanix need security that catches these threats before they reach production.

Nutanix and Palo Alto Networks are excited to announce a purpose-built integration between the Nutanix Enterprise AI and Palo Alto Networks Prisma AIRS^® advanced security capabilities, specifically focusing on AI Model Security and AI Red Teaming. This partnership directly addresses the critical need for a secure-by-design approach to AI development, giving customers the confidence to accelerate their AI journey.

Seamless Security Integration on the Nutanix Enterprise AI Platform

The Nutanix Enterprise AI platform provides a unified, scalable and secure foundation for the entire AI lifecycle: from data preparation and model fine-tuning to deployment and management. By integrating cutting-edge AI security tools by Palo Alto Networks directly into this workflow, we enable security checks to become an intrinsic part of the AIOps pipeline.

Scanning AI Models for Comprehensive Vulnerability Detection

The Prisma AIRS AI Model Security solution introduces sophisticated model scanning capabilities that are essential for preemptively identifying and mitigating risks.

• Prisma AIRS Model Security Integration: Automatically scans AI models (e.g., during check-in to a model registry on the Nutanix Enterprise AI platform) for inherent vulnerabilities, policy violations and malicious code. This provides Proactive Risk Mitigation by detecting malicious or vulnerable model artifacts before deployment, helping prevent zero-day exploits and potential data leakage caused by compromised models.
• Dependency Analysis: Examines all open-source libraries and dependencies used in the model environment for known vulnerabilities and license compliance issues. This enables Supply Chain Security, eliminating risks introduced by third-party components throughout the entire AI deployment lifecycle.
• Model Supply Chain Threats: The system addresses malicious model artifacts, including deserialization exploits, embedded backdoors, unsafe file formats, unauthorized code execution, untrusted sources and noncompliant licenses. This enables Model Integrity and Governance by validating model safety, provenance, approved formats, license compliance and detecting hidden execution paths before deployment.

AI Red Teaming Your AI Systems for Adversarial Resilience

AI Model Security addresses known issues, but the malicious actors of tomorrow are developing new ways to exploit AI systems. This is where the power of Prisma AIRS AI Red Teaming by Palo Alto Networks comes into play, creating a crucial layer of proactive testing against adversarial attempts. AI Red Teaming involves simulating sophisticated attacks against the AI application’s behavior to test its resilience under attack.

• Continuous AI assessment: Onboard an LLM model, application and agent, then start scanning in less than 10 minutes. Use documented APIs to integrate into CI/CD pipelines to trigger automated red teaming whenever versions are updated. Connect AI endpoints securely via an outbound web socket channel to eliminate the need for routing changes, while maintaining the option for IP allowlisting, if preferred. Your team controls access. This reduces technical setup overheads and empowers you to keep your assessment current.
• Contextual Vulnerability Insights: Prisma AIRS profiles your LLM model, application or agent and informs the Red Teaming Agent to design relevant attack objectives. The Red Teaming Agent is trained on over 50 techniques and simulates attack prompts to achieve those objectives. This reduces noise and lets you focus on actual business relevant risk.
• Comprehensive Threat Coverage: Prisma AIRS uses a library of over 750 attacks to evaluate your defensibility. Both the library and the red teaming agent are updated and trained on a constant basis to keep up with the AI threat landscape. This stress tests your AI system thoroughly, so your system is defensible to known and unknown threats.

Securing the Future of Enterprise AI — The Nutanix and Palo Alto Networks Integration

This integration between the scalable, high-performing Nutanix Enterprise AI platform and the advanced security intelligence of Palo Alto Networks offers measurable value to AI-driven organizations:

1. Accelerated Time-to-Trust – By automating critical security checks as part of the MLOps process on the Nutanix Enterprise AI platform, teams can deploy models faster, knowing they have been rigorously vetted by a leading security partner.
2. Simplified Compliance and Governance – The joint solution provides a verifiable record of security testing (scanning and red teaming), making it simpler to demonstrate adherence to internal governance standards and external regulatory mandates.
3. End-to-End AI Security Posture – Customers gain a holistic view of security, from the unified AI infrastructure layer managed by Nutanix, to the network security enforced by Palo Alto Networks. This visibility now extends critically into the AI models themselves, completing the security posture by unlocking controlled access to vendor models, so protection is enforced seamlessly.
4. Cost and Resource Efficiency – Integrating security tools within the existing AI platform streamlines workflows. Data Scientists and ML Engineers can trigger red teaming simulations and scanning directly within their familiar Nutanix environments, reducing the need for dedicated, siloed security teams to manually test every model.

The partnership between Nutanix and Palo Alto Networks is a commitment to building a more secure future for enterprise AI. With this integration, you can bring LLM models into your environment without fear. Malicious code and hidden backdoors are blocked before they ever reach you. Your endpoints stay continuously protected, with coverage across over 50 attack techniques and the contextual risks that come with agentic AI. When you're evaluating a model or an endpoint, the risk picture is right there inside NAI – no context-switching, no guesswork. And a custom security dashboard gives you a single place to see where you stand. The result is AI you can actually trust at the core of your lifecycle, so your teams can build faster without trading off security for speed.

Key Takeaways

A "Secure-by-Design" AI Pipeline: The partnership between Nutanix and Palo Alto Networks is a commitment to building a more secure future for enterprise AI. The integration enables advanced level AI security in AIOps workflow. By embedding Prisma AIRS directly into the Nutanix Enterprise AI platform, organizations can automate model scanning and vulnerability detection during the initial check-in phase, authorizing only validated, secure models to reach production.

Proactive Defense via AI Model Security and AI Red Teaming: The solution provides a dual-layer defense: AI Model Security preemptively blocks hidden backdoors, malicious code and supply chain threats in third-party artifacts, while AI Red Teaming uses autonomous agents for contextual discovery to generate new attack scenarios and have over 750 sophisticated adversarial attack scenarios. This enables resilience against both known vulnerabilities and emerging zero-day AI exploits.

Unified Governance and Operational Efficiency: The partnership consolidates security and visibility into a single custom dashboard within the Nutanix environment. This unified view allows Security and AI teams to manage risk while having continuous assessments and compliance records significantly accelerating the time to trust.

Next Steps

For more information, visit the Palo Alto Networks partner directory or contact your local sales representatives to learn more about a trial run.

The post Nutanix and Palo Alto Networks Integrate for Robust Model Trust appeared first on Palo Alto Networks Blog.

That stat, pulled from Unit 42^® research, isn't hypothetical. It's what defenders are up against right now, while most organizations are still building security teams around manual detection and response workflows that were never designed to operate at machine speed.

Wendi Whitmore, Chief Security Intelligence Officer at Palo Alto Networks, put it plainly in a recent conversation on the Threat Vector podcast, recorded live at RSA this year:

If you're applying a manual detection and response capability, you are going to be beat by the attacker every day.

It's the kind of sentence that should make security budgets move faster.

The Threat Landscape Doesn't Wait for Organizational Consensus

Whitmore has spent nearly 25 years tracking nation-state actors, and she's unequivocal about what's changed. The adversaries today aren't just better funded and more sophisticated. They're faster, and increasingly AI-powered.

Consider what's converging right now:

Chinese nation-state groups like Volt Typhoon and Salt Typhoon have been operating with near-surgical patience inside critical infrastructure, leveraging existing administrative tools to avoid detection. Volt Typhoon is focused on military prepositioning in power grids, water systems and telecommunications. Salt Typhoon has been systematically collecting intelligence from those same networks. Neither group announces itself with novel malware. They disappear into environments using the tools already there.

Meanwhile, threat actors tied to Iran are operating with entirely different objectives: tactical disruption and destruction. And financially motivated cybercriminal groups are automating ransomware campaigns at a pace that has compressed attack timelines from weeks to minutes.

Every CISO is being asked to defend against all of them simultaneously, while also managing their organization's AI expansion, and doing it without adding headcount.

Speed Is the New Perimeter

When Whitmore references the 39-second exfiltration window, she's pointing at something structural, not just alarming. It reflects how completely the attacker's operational tempo has shifted.

The 72-minute data breach figure from Unit 42 Incident Response data is equally striking: From initial access to full data theft in the time it takes to sit through a decent movie. A 400-times year-over-year increase in exfiltration speed isn't a trend. It's a fundamental change in the physics of an attack.

"There is no way that we are going to defeat these adversaries if we are working at manual speed," Whitmore explained. The answer isn't just more analysts. It's fighting AI with AI, letting machines handle the volume and velocity, so humans can focus on the problems that actually require human judgment.

Two Sides of the Same AI Problem

Here's where the conversation gets more nuanced and more important.

Most of the AI-in-security conversation focuses on the offensive side: adversaries using generative AI to craft convincing phishing lures, accelerate reconnaissance and automate attack sequences. That's real, and it's accelerating.

But Whitmore raised the other half of the problem, one that gets far less attention: The attack surface that organizations are creating by deploying AI without securing it.

Innovation of AI doesn't so far outpace the security of AI.

This is the outcome she wants to see. Right now, that's not what's happening. Business pressure to deploy AI quickly is outrunning the security architecture required to protect it. Every new AI deployment touching production data, cloud APIs and enterprise systems expands the attack surface. Shadow AI, prompt injection, model poisoning: These are not future threat vectors. They're present tense.

The distinction Whitmore draws is useful: AI for cybersecurity (faster detection, automated response, reduced analyst burden) needs to advance in parallel with cybersecurity for AI (securing the models, prompts and data pipelines that organizations are building on). One without the other creates exactly the kind of asymmetry attackers will exploit.

Visibility Is Where It Starts

Whether the conversation is about defending against nation-state actors or securing AI deployments, Whitmore keeps returning to the same foundation of visibility.

Not complexity. Not more tools. Visibility is a single, unified view of what's happening across endpoints, networks, cloud and AI systems, that’s fast enough to matter when the window is measured in seconds, not days.

For SOC teams, that means being able to detect and contain a threat before a compromise of one system becomes an enterprise-wide event. For CISOs thinking about AI governance, it means understanding what's being deployed, what's being prompted, and where the data is going before an incident surfaces for them.

The organizations Whitmore sees succeeding aren't the ones with the largest security budgets. They're the ones with the clearest picture of their environment, and the architecture to act on it in real time.

The Win Looks Different Now

Perhaps the most important reframe in the conversation is that the objective is no longer to prevent every attack. That goal is not achievable against adversaries operating at AI speed with nation-state resources.

The win is resilience. Detecting fast and containing fast. Keeping one compromised endpoint from becoming an enterprise-wide breach.

That shift in framing, from prevention to rapid recovery, has significant implications for how security teams are built, how AI is integrated into workflows, and how CISOs make the case for investment to leadership that still thinks in terms of keeping attackers out.

The adversaries already know the perimeter is gone. The question is whether your defense strategy has caught up.

Want to Dig in More?

Listen to the full interview here.

The Unit 42 2026 Global Incident Response Report goes deep on the threat trends shaping how modern attacks unfold. If you want the data behind the headlines, start here. Download the Report →

The post 39 Seconds — That's How Long It Takes to Lose Your Data appeared first on Palo Alto Networks Blog.

Detecting when these legitimate SaaS auto-download features are being weaponized is an immense challenge for traditional defenses. This is exactly where Cortex^® Email Security steps in. By combining deep static analysis with advanced behavioral intelligence, the module can distinguish in this attack between a benign file share and a malicious, forced-momentum trigger.

This technical detection is vital because while the autodownload method is the primary cause of infection, its effectiveness relies on a clever strategy, using a wide range of changing social engineering lures. By alternating between lures like 'Invoices' or 'Quotes,' attackers rotate their themes to catch a wider variety of victims. This strategy allows attackers to convert trusted email links into rapid, dangerous file executions that effectively evade standard security measures.

How Forced Momentum Drives Auto-Downloads

The core of this attack leverages the infrastructure of real SaaS providers to eliminate the user's preview buffer. Typically, cloud sharing directs users to a webpage for file examination. In this campaign, however, forced-download parameters (such as ?dl=1 on Dropbox) are used instead. To ensure the victim executes the file once it lands on their machine, attackers hide the danger behind "visual anchors." By using double extensions like PDF and .EXE, the threat actor exploits default settings in certain operating systems that hide known extensions. The user's eyes stop at the familiar ".PDF" or ".ZIP," leading them to believe the file is a harmless document rather than a malicious executable.

When the targeted victim clicks the link in the email, it triggers an immediate file download in the browser, effectively bypassing any intermediary steps.

Attack Flow: From Email to Execution

• The Bait: A highly personalized email arrives, using a trusted cloud link (like Dropbox) to lower the victim's guard.
• The Trap: Clicking the link skips the usual "preview" screen and instantly drops a file onto the victim's computer.
• The Disguise: The file is cleverly named to look like a safe PDF or document, hiding its true identity as a harmful program.
• The Lock: In many cases, the attacker ensures only the intended victim can open the file, preventing security tools from scanning it first.
• The Takeover: Once the victim opens the file, the attacker gains remote access to the system.

The Library of Lures Strategy

To fuel the autodownload machine, attackers employ a flexible strategy by switching between various social engineering themes. This spear phishing campaign targets specific inboxes, such as "Orders," to exploit professional routines. Some common lures found in this campaign include:

• Financial Urgency – Fake "Invoices" or "Receipts" that induce anxiety. These often set close-day payment deadlines, pressuring recipients to click quickly.
• Business Operations – "Quote Requests" or "Purchase Orders" that exploit professional habits.
• Deceptive Naming – Concealing the download as a safe document, using display text like "invoice.pdf" in the email body to hide the underlying Dropbox URL.

Government Domain Impersonation

Attackers often leverage high-authority lures designed to paralyze a user's critical thinking. In one sophisticated wave, we observed threats impersonating a government entity by exploiting the high-reputation, official government domain. By borrowing the reputational authority associated with official infrastructure, the attacker successfully maneuvered an "Unidentified Payment Notice" past standard "Untrusted Sender" filters. To the recipient, the email carries the weight of a sanctioned document. Fearing legal or financial ramifications, they feel a heightened sense of urgency to click "View Invoice" to resolve the issue immediately.

Employee Impersonation

When government authority isn’t the angle, attackers shift to impersonating internal staff. In one case, the sender’s display name was spoofed to match a real employee in the target organization. Attackers rely on a “Momentum of Trust” tied to familiar names to overwhelm user judgment. Even when a generic Gmail address is used, users, especially those on mobile devices, rarely pause to check the underlying headers.

Internal Trust Amplification ("Human Relay")

The most effective aspect of this campaign occurs through Internal Laundering, where the threat shifts from external suspicion to a trusted internal message. This was observed when a Finance Department employee received a "Quote Analysis" file and, believing it to be a valid inquiry, mistakenly forwarded the link to the Procurement department.

At that stage, the attack no longer depended on deception, it propagated through trusted human workflows. These various tactics illustrate the sophistication and adaptability of phishing campaigns and highlight the importance of vigilance in email security.

How We Uncovered a Single Threat Actor

Although the lures appeared diverse, a deeper technical analysis revealed that they were all orchestrated by a single, coordinated threat actor.

By mapping the campaign, we uncovered a significant pattern: Each autodownload link pointed to a different file hash to evade signature detection, but all unique executables were ultimately associated with the same parent installer hash.

The file was identified as a specific Remote Monitoring and Management (RMM) executable, an administrative software used to manage computers remotely. Because RMM tools are legitimate, they often trigger fewer alerts than traditional Trojans. This allows the attacker to maintain persistent access under the guise of “authorized” system activity.

How Cortex Email Security Addresses the Threat

To defend against a campaign that emphasizes speed and rotation, behavioral analysis is essential.

The Cortex^® Email Security Module addresses this threat:

• Advanced URL Analysis – Detection of forced-download parameters, combined with delivery of high-risk files via URLs.
• Deep Metadata Correlation – Correlating sender identity with behavioral anomalies to flag threats that traditional scanners might overlook.
• LLM-Based Intent Analysis – Classifying phishing themes (invoice, payment, quote) despite variation.

The security engine triggers an alert by synthesizing LLM analysis with real-time email telemetry, global threat intelligence and behavioral signals.

Securing the Click

The combination of autodownload links and rotating lures is crafted to exploit user momentum and the "psychology of trust."

This campaign represents a shift from deception to acceleration. Attackers no longer need perfect lures, they only need to remove friction. Defenders must evolve accordingly, focusing not only on what a link is, but on what it forces a user to do.

Palo Alto Networks Cortex Advanced Email Security was built for this evolution. By moving beyond static file analysis to identify the behavioral "red flags" of autodownloads and forced-momentum URLs, we provide the visibility needed to stop these attacks before they reach the device.

The module examines email metadata, content, and behavior to uncover hidden malicious intent and sophisticated impersonation, including AI-crafted threats. By assigning precise risk scores to every detection, the system filters out the noise, allowing analysts to move past alert fatigue and focus on the most critical threats first.

Indicators of compromise discovered during this research are detailed on Unit 42’s GitHib instance.

FAQs

1. Why is the "Auto-Download" parameter so effective? It removes the "moment of doubt." By bypassing the preview page, the attacker forces the file onto the computer instantly, prompting the user to "Open" it out of habit.
2. How does the use of rotating lures benefit the attacker? It maximizes both psychological and technical success. People have different "blind spots" (e.g., finance professionals are likely to click on invoices), and variety increases the chances of finding a template that can bypass specific customers' security filters.
3. Why might a sandbox fail to catch the malicious file? Because the link was "Identity-Bound." To the scanner, the link appeared to lead to a harmless error page (cloaking), resulting in a false negative.

Cloaking involves showing different content to security scanners than what is presented to the victim. By using Identity-Bound access, the file only reveals itself to the intended target.

The post The Dangerous Momentum of Autodownload Phishing appeared first on Palo Alto Networks Blog.

To deliver this critical edge, our Unit 42 Frontier AI Defense will now leverage Anthropic’s Claude Security, powered by Opus 4.7. By integrating one of the world’s most advanced AI models, we are empowering our customers to outpace automated threats. Through Frontier AI Defense, organizations can rapidly assess their security posture, remediate vulnerabilities and harden their infrastructure against next-generation, AI-driven attacks.

We are utilizing Claude Security’s deep technical reasoning to enable our customers to find and fix vulnerabilities with unprecedented speed. This includes:

1. AI-Driven Exposure Analysis – Identifying complex exploit chains that turn minor findings into critical risks.
2. Scalable Application Analysis – Performing deep-stack code reviews at a scale and depth previously unavailable.
3. Agentic Defense – Powering autonomous workflows that detect and remediate threats at machine speed, backed by human oversight.

Palo Alto Networks is also participating in Anthropic's Cyber Verification Program, which credentials security teams for legitimate defensive use of frontier models.

The threat timeline is accelerating. Within months, AI-driven attack capabilities will become a standard fixture of the threat landscape. Palo Alto Networks is dedicated to ensuring our global customers are equipped with the modern frontier AI models necessary to stay secure both today and tomorrow.

The post Enhancing AI-Driven Defense with Anthropic’s Claude Opus 4.7 appeared first on Palo Alto Networks Blog.

Over the past few weeks, we’ve spoken with hundreds of CISOs who universally feel the urgency on the frontlines. Security leaders need to know exactly where they stand against the AI-driven attacks happening right now, and the ones coming in the next six months.

Expanding Frontier AI Defense — The External AI Hyperattack Assessment

For organizations seeking to actively pressure-test their perimeter, this partnership introduces an autonomous, AI-driven offensive assessment of your external attack surface.

This added layer identifies real attack paths and proves exploitability across internet-facing assets. The platform begins with passive discovery, validating publicly exposed assets, cloud resources and secrets. Next, Armadin deploys a coordinated swarm of autonomous AI attack agents, operating at machine speed across your external footprint.

These agents execute active reconnaissance, launch attacks and exploit vulnerabilities in parallel, using over 50,000 templates. Upon initial access, the swarm simulates post-exploitation behavior to demonstrate impact, logging every attack chain as decision-grade evidence of exploitable risk.

Decision-Grade Proof of Exploitable Risk

With this added layer of autonomous simulation, Unit 42 Frontier AI Defense provides an even more rigorous, pressure-tested view of an organization's external attack surface. This allows our experts to accurately simulate the tradecraft of the most capable, AI-equipped threat actors, compressing complex attack lifecycles from days into minutes.

AI may change what is possible for attackers, but in the hands of defenders, it becomes a decisive advantage. This partnership is another important step in making sure that advantage stays with the defenders.

A member of Project Glasswing and OpenAI’s Trusted Access for Cyber (TAC) program, Palo Alto Networks remains the only company equipped to deliver this strategic level of partnership through Unit 42 Frontier AI Defense and the Frontier AI Alliance, driven to integrate cutting-edge technologies into our products and services.

Get started with Unit 42 Frontier AI Defense today.

The post Unit 42 Expands Frontier AI Defense with Armadin Partnership appeared first on Palo Alto Networks Blog.

The era of the AI Enterprise has arrived. Today, 81% of enterprises are piloting the use of AI agents or have fully implemented AI agent solutions. We aren't just talking about smart chatbots. We are talking about autonomous agents that execute.

By leveraging APIs and MCP servers, these agents navigate complex workflows, access sensitive data and make real-time, business-critical decisions. The question is no longer if companies will adopt AI agents, but how to securely operationalize them without putting the brakes on innovation. 

The Challenge: Expanding Attack Surfaces

AI agents are creating a new and largely invisible attack surface. The risk is not just their independence, but the lack of visibility and accountability. Without a centralized enforcement layer for operational and security controls, every team that deploys an agent may unintentionally expose the enterprise to unauthorized data access and heightened security risks.

To solve this, Palo Alto Networks is redefining security for the agentic era. We recently introduced Prisma AIRS 3.0, the industry’s first platform to secure the entire agentic AI lifecycle. Today, we are accelerating that momentum by announcing our intent to acquire Portkey, a pioneer in AI Gateways. 

The Prisma AIRS AI Gateway: From Chaos to Control 

Upon closing, we will integrate Portkey’s full-feature AI Gateway into Prisma AIRS as the single unified control plane enterprises need to operationalize and secure AI apps and agents at scale. 

Moving from “chaos to control” requires a centralized approach to governance. Currently, many AI initiatives are hindered by fragmented security and a lack of oversight. The AI Gateway solves this by providing a unified vantage point where organizations can enforce consistent policies across all models and agents, ensuring every interaction is identified, authenticated and authorized in real time within a single governing framework.

The Prisma AIRS AI Gateway will establish a mission-critical control plane for the agentic enterprise, enabling teams to move autonomous workloads from development into at-scale production with confidence. With operational features like a unified API to LLMs, an agent registry, semantic routing and caching, the AI Gateway equips enterprises with complete control in one platform. By serving as a centralized enforcement point at the center of Prisma AIRS for all agent traffic, the AI Gateway will provide critical security functions, including Agent Artifact scanning, automated Red Teaming and Runtime Security needed to monitor behavior, route requests and mitigate risks in real time. Crucially, the AI Gateway will reinforce Agent Identity Security via CyberArk, applying strict protocols to ensure every autonomous action is authenticated and governed by least-privilege controls.

Our vision is for the Prisma AIRS AI Gateway to serve as the industry blueprint for enterprises in the agentic era. By making security a foundational component of the operational lifecycle, we are empowering enterprises to build and govern an AI ecosystem that is secure by design.

Why Portkey? The Pioneer in AI Gateways

• Battle-Tested: Portkey’s AI Gateway is already supporting the demands of the modern enterprise, at scale, with several Fortune 500 customers, processing trillions of tokens per month with the low latency that is required for agent-to-agent communication. This ensures that agentic security does not come at the cost of developer speed or application performance. 
• Architectural Simplicity: Portkey offers plug-and-play capabilities with just three lines of code required to implement the AI Gateway. The AI Gateway, powered by unified APIs, also provides secure access to over 3,000 LLMs, MCP servers and agents, giving enterprises a flying start to building and executing with AI agents.
• Better Together: Palo Alto Networks and Portkey’s joint vision is to make Prisma AIRS the most ubiquitous platform for AI security. With exceptional AI security by Palo Alto Networks combined with Portkey’s AI Gateway, we will offer a comprehensive AI Security platform.

What’s Next?

The era of AI Enterprises is here. We’re making sure it is secure by design. The complexity of managing agents and securing them has long created friction in enterprises. Following the close of the acquisition, and with the integration of Portkey into Prisma AIRS, we will remove the trade-off between agent autonomy and authority. We are ensuring that as businesses accelerate into the era of autonomous agents, the security architecture isn’t just keeping up, it is setting the pace. 

See a demo of the new standard in AI Security – Prisma AIRS 

Forward-Looking Statements

This blog contains forward-looking statements that involve risks, uncertainties, and assumptions, including, but not limited to, statements regarding the anticipated benefits and impact of the proposed acquisition of Portkey on Palo Alto Networks, Portkey and their customers. There are a significant number of factors that could cause actual results to differ materially from statements made in this blog, including, but not limited to: the effect of the announcement of the proposed acquisition on the parties’ commercial relationships and workforce; the ability to satisfy the conditions to the closing of the acquisition; the ability to consummate the proposed acquisition on a timely basis or at all; significant and/or unanticipated difficulties, liabilities or expenditures relating to proposed transaction, risks related to disruption of management time from ongoing business operations due to the proposed acquisition and the ongoing integration of other recent acquisitions; our ability to effectively operate Portkey's operations and business following the closing, integrate Portkey’s business and products into our products following the closing, and realize the anticipated synergies in the transaction in a timely manner or at all; changes in the fair value of our contingent consideration liability associated with acquisitions; developments and changes in general market, political, economic and business conditions; failure of our platformization product offerings; risks associated with managing our growth; risks associated with new product, subscription and support offerings; shifts in priorities or delays in the development or release of new product or subscription or other offerings or the failure to timely develop and achieve market acceptance of new products and subscriptions, as well as existing products, subscriptions and support offerings; failure of our product offerings or business strategies in general; defects, errors, or vulnerabilities in our products, subscriptions or support offerings; our customers’ purchasing decisions and the length of sales cycles; our ability to attract and retain new customers; developments and changes in general market, political, economic, and business conditions; our competition; our ability to acquire and integrate other companies, products, or technologies in a successful manner; our debt repayment obligations; and our share repurchase program, which may not be fully consummated or enhance shareholder value, and any share repurchases which could affect the price of our common stock.

Additional risks and uncertainties that could affect our financial results are included under the captions "Risk Factors" and "Management's Discussion and Analysis of Financial Condition and Results of Operations" in our Quarterly Report on Form 10-Q filed with the SEC on February 18, 2026, which is available on our website at investors.paloaltonetworks.com and on the SEC's website at www.sec.gov. Additional information will also be set forth in other filings that we make with the SEC from time to time. All forward-looking statements in this blog are based on information available to us as of the date hereof, and we do not assume any obligation to update the forward-looking statements provided to reflect events that occur or circumstances that exist after the date on which they were made.

The post Securing and Governing AI Agents At Scale Through A Unified AI Gateway appeared first on Palo Alto Networks Blog.

The transition from generative AI to agentic AI represents one of the most significant shifts in the history of enterprise technology. As organizations move from simple chatbots to autonomous agents that can execute business processes, the attack surface isn't just changing, it's exploding.

At Google Cloud Next 2026 in Las Vegas, Palo Alto Networks is proud to announce a series of groundbreaking integrations with Google Cloud. These innovations are designed to do more than just monitor the new AI-driven landscape; they are built to secure it by design. AI deployment is currently outpacing AI governance. By embedding our security platform into Google Cloud’s infrastructure, we are giving today’s enterprises the foundation to become the autonomous organizations of tomorrow.

Here is a look at the four major milestones of our partnership being unveiled this week.

Secure AI Agents with Google Cloud + Prisma AIRS

As autonomous AI agents become the new enterprise standard, security can no longer be an afterthought; it must be architectural. By integrating Prisma AIRS natively with Google Cloud Gemini Enterprise Agent Platform, we provide the proactive defenses required to govern complex agentic workflows. This integration ensures that as you scale your autonomous workforce, your security scales with it, providing comprehensive operational integrity without hindering the speed of innovation.

We are delivering capabilities across three critical pillars:

• Protecting Agent-Specific Runtime Risks: In an agentic ecosystem, the primary risk is unauthorized or a destructive action taken by the AI agents themselves. Prisma AIRS secures the "agent-to-tool" interface, preventing poisoned context from triggering malicious scripts or destructive actions. The solution monitors agent execution in real-time, so agents cannot leak sensitive credentials or tool schemas, maintaining the boundary between agents and their access to enterprise data.
• Securing the GenAI Application Surface: Modern AI applications and agents require a secure-by-design approach. Prisma AIRS AI Runtime Security provides prevention of more than 30 adversarial prompt injection and jailbreak techniques, as well as malicious code and URLs within LLM outputs. Prisma AIRS utilizes over 1,000 predefined patterns out of the box and ML-powered Enterprise DLP to stop sensitive data leakage.
• Enforcing Enterprise AI Safety and Grounding: Trust in AI is built on the consistency and safety of its output. Prisma AIRS allows organizations to define safety policies in natural language and filter toxic content across eight distinct categories to protect brand reputation. Using contextual grounding, Prisma AIRS can prevent misleading outputs that contradict internal RAG data, keeping agents tied to real facts.

This integration ensures that as you scale your autonomous workforce, your security posture scales with it, providing operational integrity without hindering the speed of innovation.

Security-as-Code for Prisma AIRS Integration with Application Design Center (ADC)

The traditional bolt-on approach to security is no longer viable in a cloud-first world. Google Cloud’s Application Design Center (ADC) is revolutionizing how applications are built, using an intuitive canvas and natural language via Gemini Code Assist.

Palo Alto Networks is announcing that it will be published as a template within the Application Design Center, providing more capabilities to engineering teams:

• Drag-and-Drop Security – Visually "snap" VM-Series firewalls and Prisma AIRS AI protections directly into network flows.
• AI-Driven Architecture – Use natural language prompts to generate secure-by-default, multiregion architectures.
• Simultaneous Deployment – Deploy entire application stacks and security services in a single, unified workflow, ensuring protection is present from the very first minute of deployment.

Zero-Day Protection at Scale with Advanced Malware Sandboxing for Google Cloud NGFW Enterprise

The battle against malware has shifted to the cloud. Modern attacks are faster, more evasive and capable of bypassing traditional defenses.

That is why we are excited to announce Advanced WildFire^®, powered by Palo Alto Networks, natively integrated into Google Cloud NGFW Enterprise, delivering AI-driven malware prevention directly within Google Cloud environments.

This integration embeds inline sandboxing and real-time threat intelligence directly into Google Cloud’s distributed firewall to stop advanced and unknown threats before they impact workloads, enabling:

• Secure Detonation – Suspicious files are safely executed in a controlled sandbox environment to uncover hidden and unknown threats.
• Inline Traffic Inspection – Inbound and outbound traffic is analyzed in real time to prevent lateral movement of malicious payloads across cloud environments.
• AI-Driven Threat Prevention – Leverages global threat intelligence by Palo Alto Networks to block zero-day threats before they compromise workloads.

With Advanced WildFire embedded directly into Google Cloud NGFW Enterprise, organizations can extend consistent protection across their cloud infrastructure while maintaining operational simplicity.

Cloud NGFW Enterprise Advanced Malware Sandboxing will be available in Public Preview soon.

Defining the Future with the Google Cloud Marketplace

Palo Alto Networks has joined the Google Cloud Marketplace Agent-as-a-Service as a launch partner to introduce the Prisma AIRS Model Security agent. Operating as an Agent-as-a-Service, this solution scans AI models for vulnerabilities and policy noncompliance before they reach production.

Available in the Agent Gallery inside Gemini Enterprise, this marketplace offering runs entirely within the customer’s own Google Cloud environment, providing both new and existing Prisma AIRS users a seamless and simple deployment experience inside Gemini Enterprise.

Securing AI Innovation at Scale

The collaboration between Palo Alto Networks and Google Cloud is built on a shared vision: Security should be an accelerator for innovation, not a bottleneck. As we look toward the future of the AI-powered enterprise, our commitment remains to provide the most robust, platform-driven security for every workload, every agent and every interaction.

Want to see these integrations in action? Contact your Palo Alto Networks representative to learn more about how we are securing the future of the cloud together. If you’re attending Google Cloud Next 2026, join us at these sponsored sessions:

• Wednesday, April 22 @ 12:30 PM - 1:15 PM
  The AI-Ready Enterprise: Securing Access and Data in an AI-first World
• Thursday, April 23 @ 9:15 AM - 10:00 AM
  Securing and managing Agentic AI at scale: What Google and Palo Alto Networks are building together
  Munish Khetrapal, vice president of Cloud Engagement, GCP - Palo Alto Networks
  Mike Buratowski, deputy chief information security officer - The Home Depot
  
• Thursday, April 23 @ 9:15 AM - 10:00 AM
  The agentic era: Governing an invisible AI workforce
• Thursday, April 23 @ 12:00 PM - 12:45 PM
  The AI Attack Surface: Strategizing Defense for the modern AI-Powered Enterprise

The post Palo Alto Networks and Google Cloud appeared first on Palo Alto Networks Blog.

As AI agents move into business-critical environments, they are transforming everything from security operations to internal workflows. However, scaling these AI applications introduces unprecedented hurdles for security executives, from detecting "shadow AI" and unsanctioned usage to governing complex nonhuman identities across multimodel environments.

To overcome these challenges, organizations need more than just tools; they need a layered architecture built on a foundation of platformization. The long-standing partnership between Palo Alto Networks and Google Cloud provides this essential framework, offering customers:

• Integrated Security Ecosystems: Seamlessly manage the full agent lifecycle with visibility and observability across your entire AI infrastructure.
• Jointly Engineered Solutions: Leverage over 80 co-engineered integrations designed to eliminate the tradeoff between a cloud-native experience and best-in-class security.
• Proven Scale and Performance: Benefit from a partnership that has already delivered impactful, AI-driven solutions to protect joint customers from evolving threats.

Google Cloud Marketplace enables customers to discover, try, buy and use industry-leading applications that have been validated to run on Google Cloud. Palo Alto Networks has closed $2.4 billion in GCP bookings, helping address evolving customer needs, such as simplified procurement and seamless deployment.

Kevin Ichhpurani, President, Global Partner Ecosystem at Google Cloud:

We’re pleased to celebrate Palo Alto Networks as our Global Technology Partner of the Year… Palo Alto Networks has consistently delivered impactful, AI-driven security solutions that help Google Cloud customers better protect their organizations from evolving threats.

The extensive, long-standing collaboration between Palo Alto Networks and Google Cloud includes jointly engineered offerings, built on 80 solution integrations that help customers build, run and secure AI-enhanced cloud infrastructure and applications with end-to-end protection.

Palo Alto Networks Wins 2026 Global Technology Google Cloud Partner of the Year Award

At Google Cloud Next, Palo Alto Networks has been recognized with four 2026 Google Cloud Partner of the Year awards. By partnering with Google Cloud, we help customers securely leverage the power of the cloud and AI-driven growth with comprehensive cloud-native security offerings. Wins included the following:

• Global Technology
• Marketplace: Technology
• Marketplace: Security
• Security: Artificial Intelligence

These Partner of the Year Awards underscore our expanding partnership with Google Cloud. We share a mutual dedication to improve cloud, network security and AI observability, as well as the progress we’ve made in protecting our joint customers from today’s and tomorrow’s cyberthreats.

By combining our industry-leading security engineering with Google Cloud’s industry-leading cloud infrastructure and services, we’re providing advanced protection for every stage of a customer’s digital journey. We want customers to feel secure from the formative steps of lifting workloads into the cloud, to expanding digital innovation across platforms, to reaching new levels of business scale and velocity.

Protecting these journeys requires alignment and modernization of infrastructure (lift and shift), applications (refactoring) and user access models (zero trust). It requires an advanced AI drive security operations transformation across all IT domains, leveraging machine learning and sophisticated models to minimize human interventions and unguarded sides.

Our relationship with Google Cloud is based on a deep engineering relationship, yielding integrated solutions that help customers achieve better digital outcomes. Our partnership can help your organization eliminate tradeoffs between a cloud-native experience and best-in-class security. We have more than 80 co-engineered integrations, helping to improve and protect hybrid workers, cloud migrations and application modernization efforts.

We remain committed to our goals of outpacing cyberthreats, helping customers at every stage of their cloud journey, and creating a world where tomorrow is more secure than today.

Whether you’re just beginning your cloud journey or managing complex transformational projects, our jointly engineered, AI-driven solutions are designed to deliver seamless, scalable security. Explore the dynamic partnership between Palo Alto Networks and Google Cloud. Join us at Google Cloud Next '26 in Las Vegas from April 22-24 to discover how to secure your development lifecycle from code to cloud.

The post Scaling AI Agents with Confidence appeared first on Palo Alto Networks Blog.

Our Contribution

We help organizations secure their digital environment with a comprehensive portfolio of cybersecurity solutions spanning Network, Cloud, Security Operations, AI and Identity. Trusted by more than 70,000 customers worldwide and informed by Unit 42^® Threat Intelligence, their AI-driven platforms help organizations reduce complexity, modernize with confidence, and securely enable innovation.

As a Platinum Member, our subject matter experts will actively participate in the DNS-OARC community by engaging in discussions and contributing to research on evolving DNS threats and network challenges. The growing intersection of DNS and security makes access to intelligence and experience increasingly important. It strengthens the community’s ability to respond to emerging challenges and improves resilience across the internet.

Through our participation, our customers will gain stronger protection informed by community-driven intelligence and real-world operational insight. These learnings are continuously integrated into our threat intelligence and security capabilities. Our participation signals our support for DNS-OARC’s mission of fostering open dialogue and shared learning across the DNS ecosystem. This collaboration helps bridge DNS operations with broader security practices, improving coordination between operators, researchers and security practitioners.

Our Commitment to the DNS-OARC and Global Communities

Collaboration between our organizations strengthens the connection among DNS operations and modern security practices by bringing together operational insight and a global community dedicated to advancing the internet’s resilience.

For the DNS-OARC community, our commitment enhances knowledge sharing around evolving DNS threats, large-scale network operations and practical approaches to emerging challenges.

For organizations and customers, it reinforces a stronger alignment between DNS infrastructure and security, expands access to community-driven intelligence and supports more resilient, well-informed defenses.

Tong Zhao, Senior Manager of DNS Security Engineering, Palo Alto Networks:

We recognize the critical role of DNS-OARC in DNS operations and research. The teams from Palo Alto Networks believe that our DNS-OARC membership aligns perfectly with our goals. We are eager to participate in and contribute to the DNS community.

Our partnership with the DNC-OARC highlights the value of open collaboration in helping both the community and its participants stay ahead of an increasingly complex threat landscape. To learn more about how our expertise and insights support DNS-OARC’s mission to improve the security and stability of the internet’s DNS, visit DNS-OARC.

The post Palo Alto Networks Joins DNS-OARC as a Platinum Member appeared first on Palo Alto Networks Blog.