With the imminent release of unbounded frontier models, the barrier to entry for sophisticated cyberattacks has vanished. Anthropic’s Mythos represents a 50% leap in coding capability over previous models. It’s a leap that, as Lee Klarich stated, translates into autonomous agents capable of both surfacing a massive surge of vulnerabilities and exploiting them faster than we’ve ever seen or imagined.

In this new era, business continuity requires more than just better tools; it requires a unified ecosystem of experts capable of orchestrating a defense that matches this new pace of attack.

As we drive the industry standard for addressing these emerging risks with our Unit 42^® Frontier AI Defense, we’ve united an alliance of global transformation leaders, starting with Accenture, Deloitte, IBM, NTT DATA and PwC, and will continue to scale these alliances to ensure every enterprise has a rapid path to AI resilience.

By combining the world’s most advanced AI security platform with deep industry expertise, we are delivering the security assessment and rapid protection needed to help customers stop emerging threats and keep their business resilient.

By engaging directly with Palo Alto Networks, or working with our partners through the Frontier AI Alliance, our customers can move past the complexity of building an AI-ready defense from scratch and gain:

• Accelerated Immunity: Go from a high-exposure state to a hardened posture using a prevalidated AI Defense Blueprint, delivering coverage in weeks, not years.
• On-Demand Expertise: Our partners provide the specialized prompting and verification required to make the latest AI Frontier models work for the defender.
• Operational Resilience: While Unit 42 provides the Frontier AI Exposure Analysis, our ecosystem partners provide the boots on the ground to remediate those findings and leverage our product portfolio to deliver AI-readiness to your enterprise.

The threat of Mythos-class models is imminent, but the path to resilience is clear. Whether you are looking for an immediate strategic assessment or a deep operational overhaul, the Frontier AI Alliance is ready to move at the speed of your business.

The post The AI Ecosystem Edge — Introducing Our Frontier AI Alliance appeared first on Palo Alto Networks Blog.

This generational improvement in coding ability directly translates to a significant advance in vulnerability discovery and exploit generation. These capabilities, however guardrailed, will not stay contained. Similar advances will appear across other major AI labs, Chinese models, and open source models. Attackers will find the seams in those guardrails. They will use advanced AI to discover zero-day vulnerabilities at scale, generate exploits in near real time, and develop autonomous attack agents unlike anything the industry has faced.

Within six months, advanced AI models with deep cybersecurity capabilities will become commonplace. Organizations that have not put appropriate safeguards in place will face an entirely new class of risk across their enterprise and critical infrastructure.

Frontier AI: A Quantum Leap in Code Fluency

As you have probably already seen, the latest unbounded models like Mythos represent roughly a 50% improvement in coding efficiency over Anthropic’s previous leading model. Palo Alto Networks has had early access to unbounded models and we’ve been able to leverage this vast improvement in coding to a quantum leap in scanning and offensive capability.

Hundreds of our best security engineers have been assessing these capabilities and developing best practices for using it effectively. The results revealed several core truths:

• Vulnerability discovery at scale: Frontier AI is exceptionally effective at identifying vulnerabilities in code. In less than three weeks, it accomplished the equivalent of a full year’s worth of penetration testing effort.
• Attack path determination: Perhaps more impressive than finding individual vulnerabilities, Frontier AI excels at vulnerability chaining, combining multiple lower-severity issues into critical-level exploit paths. For example, linking two medium-severity and one low-severity vulnerability into a single critical exploit.
• Full-stack logic analysis: Frontier AI can analyze the full exposure surface of applications, including SaaS and public-facing platforms, identifying logic-based vulnerabilities that traditional tools miss.

Impacts on the Cyber Landscape

Attackers have been using LLMs for years, but based on our testing of frontier AI models, there are three key areas where they will have a significant impact on the cybersecurity landscape:

1. The Vulnerability Deluge: Frontier AI models will dramatically accelerate the rate at which vulnerabilities are discovered, by defenders and attackers alike. This will be particularly acute in open source and critically, the flood of patches that follows will itself create risk. Every patch that is not applied immediately becomes a known, targetable vulnerability. Organizations will need to accelerate and automate their patching programs, rethink how they prioritize and apply patches, and ensure best-in-class protections are in place to mitigate vulnerability until they can be remediated.
2. Rise of Inside-Out Attacks: Recent supply chain attacks on tools like LiteLLM and Trivy demonstrate a growing pattern where attacks land adversaries inside an organization’s infrastructure, bypassing multiple conventional attack steps and reducing the number of prevention opportunities available to defenders. The rapid deployment of AI infrastructure has made this problem more acute as the AI supply chain, including runtime environments, communication infrastructure, and model dependencies, is often insufficiently protected. While open source usage and patching practices must become significantly more robust, organizations will need structural containment of potential attacks through zero trust, identity modernization, outbound connection restrictions and lateral movement protections.
3. Faster AI-Assisted Attack Cycles: I expect the most consequential shift with frontier AI models is the move from AI-assisted to AI-driven attacks. Attackers will build autonomous attack agents that dramatically compress attack cycle times. What once took days or weeks of skilled manual effort will soon be executed in minutes. This democratization of advanced attack capabilities means that defenders must match that speed with near-real-time detection and response, which is only possible with extensive AI and automation throughout security operations. Organizations whose Mean Time to Detection and Mean Time to Response are not measured in low single-digit minutes will be outpaced.

The Defenders Guide: Assessment, Protection, Platformization

The framework for defending against AI-driven threats is not completely new, but the standard for execution must be absolute. Organizations that are “mostly protected” are effectively unprotected. What follows is a phased approach – assessment, protection and platformization – that organizations should pursue in parallel to close gaps before attackers exploit them.

Assessment: Every organization should use the latest AI models to assess its entire code and application landscape and build a comprehensive asset and exposure inventory.

Key priorities:

• Leverage AI models to identify vulnerabilities across your codebase, applications and infrastructure before attackers do.
• Evaluate exposure with full context, including how vulnerabilities chain together to form critical exploit paths.
• Audit your open source supply chain, including AI infrastructure, runtime environments and model dependencies.
• Map your current sensor coverage. Detection, prevention and telemetry gaps represent critical blind spots.

Protect & Remediation: Remediating and reducing exposure is table-stakes. What in the past may have been difficult due to cross-organizational friction of finding and fixing at pace should now be accelerated with the c-suite attention of these new AI models. But this must go further and extend to comprehensive deployment of best-in-class attack prevention capabilities where the new standard is 100% coverage and optimization.

• XDR everywhere, with emphasis on real-time ML-based detection and prevention of attacks; all hosts on prem and cloud included.
• Agentic endpoint security to secure wide-scale adoption of vibe coding and AI security across the enterprise (e.g. Prisma AIRS and our recent acquisition of Koi is now a necessity for securing the agentic endpoint).
• With an average of 85% of work now happening in the browser, secure enterprise browsers with real-time security become a must-have for attack prevention.
• Zero trust and identity security are foundational to securing every user and every connection.

Real-Time Security Operations: With attack cycle times shrinking rapidly, the legacy approach to security operations simply doesn’t work. Disparate tools analyzing data in silos overlaid with manual processes must be replaced with AI and automation throughout. Cortex XSIAM, our AI-driven SOC platform, is what I consider to be the gold standard for how to take a next-generation approach to deliver MTTD and MTTR in single digit minutes.

• Attack detections must be AI/ML driven to detect even frequently-changing and novel attacks at scale.
• These AI detections must operate against a wide range of 1st party and 3rd party data sources – a best in class AI SOC must operate on ALL relevant data sources.
• Automation both natively integrated and throughout the SOC lifecycle is necessary to achieve single digit MTTR; this automation will increasingly be agentic.
• This must be delivered as a platform to remove the seams and gaps between point solutions.

We’re Here to Help

Achieving this level of resilience requires the right platforms and the right expertise.

To help you navigate this shift, we are introducing Unit 42 Frontier AI Defense. This new offering is designed to discover and remediate your current exposure before attackers do, strengthen controls that reduce exposure and contain impact and modernize operations so teams can detect and respond at machine speed.

This is the moment we’ve been preparing for. The threat has never been more sophisticated, but the path forward has never been clearer, and we’re here to partner with you on what comes next.

The post Defender's Guide to the Frontier AI Impact on Cybersecurity appeared first on Palo Alto Networks Blog.

Until now, defenders have had time to detect activity, investigate signals and contain threats before exposures were chained into full attacks. AI is quickly closing this window.

Defending against AI-driven threats means engineering a resilient architecture that limits how easily attackers can exploit discovered weaknesses, that contains the blast radius when they do, and enables faster response at scale. It also means using AI to accelerate the security program itself, from vulnerability discovery and code review to triage, remediation and incident response.

The transition should cover three areas. First, discover and remediate your current exposure before attackers do. Second, strengthen controls that reduce exposure and contain impact. Third, modernize operations so teams can detect and respond in real-time.

To help organizations make this shift, Palo Alto Networks is launching Unit 42^® Frontier AI Defense.

Powered by the latest AI models, Unit 42 Frontier AI Defense helps organizations answer a critical question: Are your defenses ready for AI-powered attacks?

Unit 42 Frontier AI Defense combines three core components delivered by expert consultants, coupled with 6 months of complimentary access to Cortex^® XDR, Cortex Xpanse^® and Koi Agentic Security.

Frontier AI Exposure Analysis: Identify and validate the exposures most likely to be chained into real attacks before attackers weaponize them.

Actions

• • Use the latest frontier models, Unit 42 offensive security expertise, threat telemetry and Unit 42 Threat Intelligence to assess your environment.
  • Identify the vulnerabilities, misconfigurations and posture gaps most likely to be exploited across infrastructure, applications, code, identity and cloud.
  • Validate the attack paths most likely to matter in real-world attacks.

Outputs

• • A prioritized view of vulnerabilities and attack paths that matter most
  • Clear actions to fix the exposures that matter first

Autonomous Security Blueprint: Benchmark current capabilities and define the changes required for machine-speed defense.

Actions

• • Assess current-state capabilities across attack surface, identity, software supply chain, zero trust containment, as well as real-time detection and response.
  • Identify where AI-powered threats create the greatest exposure and where current controls are most likely to fail.
  • Define the technical and operational changes required to close those gaps.

Outputs

• • A clear blueprint for immediate action
  • A prioritized roadmap to reduce exposure, strengthen containment and modernize security for the AI era

Agentic Defense Transformation: Implement the prioritized architecture, control and operating changes needed to modernize defenses for AI-driven threats.

Actions

• • Implement the architectural, operational and control changes required to defend against AI-driven threats.
  • Modernize exposure management, harden the software supply chain, and advance zero trust architecture.
  • Build response capabilities that can keep pace with autonomous attacks.

Outputs

• • Accelerated implementation of the changes that matter most
  • A more modern security architecture, built to reduce exposure and improve containment

The Window Is Still Open, for Now

AI is the biggest security inflection point since enterprises moved to the cloud. Organizations that act now will be the ones that are ready. Those that wait will be forced to respond under maximum pressure on the worst possible day.

Frontier AI is changing what is possible for attackers. In the hands of defenders, it can become a decisive advantage.

Human-speed security is no longer enough. A modern security approach is required. Get started with Unit 42 Frontier AI Defense today.

*The complimentary offer is not available to public sector customers or current Cortex XDR, Cortex Xpanse or Koi customers.

The post Introducing Unit 42 Frontier AI Defense appeared first on Palo Alto Networks Blog.

The United Kingdom has established itself as a leading global cyber power. Over the last decade, Palo Alto Networks has been proud to work alongside British institutions to protect the digital borders of a highly innovative economy. As UK organisations navigate an evolving threat landscape and adopt transformative technologies, like AI, the need for security partners who understand British operational realities has never been greater.

The Path to Digital Autonomy, Resilience and Control

Organisations today require more than a technology provider. They need a partner that understands the specific legal frameworks and strategic priorities of the British landscape. We are reaffirming our deep commitment to the UK, safeguarding British data as a core part of national resilience, even as both technology and cyber adversaries evolve.

The targeting of UK infrastructure is a daily operational reality. According to our Unit 42 2026 Global Incident Response Report, attackers are moving at unprecedented speed, with exfiltration speeds for the fastest attacks quadrupling in 2025. Identity weaknesses played a material role in almost 90% of Unit 42® investigations, as attackers increasingly exploit stolen credentials and fragmented identity systems to escalate privileges and move laterally. These threats span across all sectors, from NHS patient data to local government systems and energy networks.

UK organisations need partners who understand their unique requirements. While our broader European commitments provide a strong foundation, we recognise that the UK requires a dedicated focus across data protection, critical infrastructure security and public-private collaboration. This includes a deep-rooted local presence, aligning our operations with national standards of protection to support British ingenuity and ambition.

Control Over Your Data

Genuine data control requires two things: understanding exactly how and under which laws your information is handled and having the technical capabilities to enforce that control.

For UK customers, we provide the capability to host data within UK-based infrastructure, ensuring that critical data can be stored in regions that align with UK data protection requirements. Additionally, for applicable products and services, we offer Bring Your Own Encryption Keys (BYOK) capabilities, giving you direct control over the encryption protecting your data.

Our agreements are built to comply with UK GDPR requirements and include the necessary protections for any cross-border data transfers. But beyond contractual obligations, we operate on a fundamental principle: Your data serves only the purpose for which you’ve engaged us.

How we handle different data categories:

1. Customer and Personal Data Are Processed Only to Serve You

We process your Customer Data and Personal Data exclusively to deliver the services you have purchased. This includes the content of your communications and files uploaded for support. The purpose is singular: delivering the security and protection you’ve contracted us to provide.

2. Systems Data Is Used to Enhance Functionality and Collective Defence

To provide effective security, our products generate Systems Data, which includes technical logs, performance metrics and threat indicators. This information serves three main purposes: ensuring the day-to-day functionality of your services, enabling our teams to provide expert technical support and troubleshooting, and powering our global threat research capabilities.

When a new threat is detected against a specific UK sector, our entire network receives updated protection within minutes. This allows British organisations to benefit from global threat intelligence. We handle Systems Data in ways that preserve your operational privacy, ensuring the intelligence value comes from understanding threat patterns, not identifying individual organisations.

For detailed technical information on how we categorise and handle data, see our Customer Data, Personal Data and Systems Data whitepapers.

Transparency in Practice

We publish a biannual Transparency Report detailing all government and law enforcement data requests we receive. This isn’t simply about compliance. It’s about providing UK organisations with verifiable evidence of how we handle requests, enabling informed risk assessment and governance oversight. For more information, please visit the Privacy Section in our Trust Center.

Securing Critical National Infrastructure

The UK’s 13 sectors of Critical National Infrastructure represent the backbone of society. These sectors require security solutions built with an understanding of their unique threat models, from the specific requirements of an NHS trust to the challenges facing an energy provider.

We currently serve hundreds of UK public sector organisations across government, health and critical infrastructure sectors, which include the UK Government, UK Home Office and the Ministry of Justice.

Operational Resilience

For the UK’s most critical services, operational resilience is paramount. Our security platforms are designed for high availability and reliability, helping organisations maintain continuous protection even during disruptions.

Trust and Transparency

Palo Alto Networks is deeply integrated into the UK’s security ecosystem, ensuring our solutions exceed national benchmarks for resilience and transparency.

We hold Cyber Essentials Plus certification and align with the NCSC Cloud Security Principles, providing assurance to customers that we adhere to the highest security protocols to protect their most critical assets. As a Software Security Ambassador and a committed supporter of the NCSC Telecom Vendor Assessment, we are committed to enhancing the security of the UK’s telecommunications and software supply chains.

Beyond compliance, our Unit 42 team serves as an NCSC-assured Cyber Incident Response (CIR) Enhanced Level provider, offering specialised incident support to help UK organisations navigate and recover from the most complex incidents. For customers with specific requirements, particularly in defence and national security, we can provide support from personnel in countries with compatible security standards and legal frameworks. We are committed to the Telecommunications Security Act (TSA) Code of Practice, supporting the resilience of the UK’s public telecommunications networks.

Strengthening Local Expertise with National Impact

Our investment in the UK extends across our people, infrastructure and local expertise. Operating from our London hub, we remain deeply connected to the communities we serve and make a direct and indirect contribution to the UK economy. Our UK-based teams span engineering, threat research, professional services, policy and security strategy, and have a deep understanding of the UK market and the requirements of our customers. We also partner with NCSC CyberFirst and others on developing the next generation of cyber talent, and our Cyber Academy Program partners with universities and colleges all over the UK to train the next generation of cyber defenders.

A Partnership Built on Trust and Verifiable Commitments

The UK’s digital autonomy increasingly depends on its ability to secure both cyber infrastructure and the emerging AI economy. This requires partnerships that serve the UK’s long-term national interests, grounded in trusted institutions, local expertise and transparency that enables commitments to be verified, not simply asserted.

We recognise that the UK’s cyber landscape is shaped by its legal framework, strategic priorities and threat environment. From protecting critical infrastructure to enabling the secure adoption of AI, organisations across the UK need to trust their security partner to deliver on their commitments. Palo Alto Networks is committed to maintaining and increasing that trust through verifiable action, transparency, accountability and an enduring partnership.

To learn more about our comprehensive commitment to digital trust, privacy and security, visit the Palo Alto Networks Trust Center.

The post Securing the UK’s Digital Future appeared first on Palo Alto Networks Blog.

In modern enterprises, the "network perimeter" is a relic of the past. As organizations scale globally to support home offices, satellite branches and third-party clouds, the challenge has shifted. Now the onus is on optimizing the end-to-end digital experience. And to maintain that edge, enterprises must operate at machine speed, supported by agentic autonomous operations. They must make sure that every user, regardless of their location or underlying hardware, experiences uninterrupted performance, seamless security and peak user experience from “Day 0” to keep pace with the speed of business.

To meet this demand, we are proud to announce the general availability of the Autonomous Digital Experience Management Universal Agent, or ADEM Universal Agent, for Prisma^® Access customers. This breakthrough marks a significant milestone in our mission to automate deployment and operations by unifying fragmented infrastructure and providing the flexibility to deploy, using infrastructure hardware of your choice.

Continued Data Gap Is a Roadblock for Agentic Operations

Organizations are shifting toward "best-of-breed" architectures to operate at machine speed, but they often lack the unified telemetry required for automated operations. Any tool built on top of this architecture to enhance the digital experience is only as effective as the data it consumes. Traditional monitoring tools often lack the precise data and contextual correlation needed to drive agentic resolution. In this siloed landscape, three critical gaps have emerged:

• Data Entropy: Fragmented data is inconsistent and leads to unreliable automation. Without unified data, automated workflows become unreliable and risky to execute at scale.
• Hardware Dependency: Traditional monitoring agents often require specific hardware platforms, which can severely limit deployment speed and the ability to adapt to diverse customer infrastructures.
• Blind Spots: Data entropy and hardware dependency have resulted in data gaps, and therefore visibility gaps at the edge, and as a result, automated systems cannot pinpoint root causes, leaving IT teams trapped in manual troubleshooting.

To operate at machine speed, enterprises need more than visibility. They need a unified, high-fidelity data engine to create the foundation of fail-safe autonomous operations for a stellar digital experience.

The Universal Agent Contributes to a Unified Data Engine for Agentic Autonomy

The ADEM Universal Agent is a hardware-agnostic solution that can be deployed on any branch site connecting to Prisma Access. It can be hosted on virtual machines or Docker containers, regardless of the underlying infrastructure. ADEM Universal Agent transforms branch experiences by providing a unified data engine for agentic operations:

• Deploy Anywhere and Monitor Everywhere
  The Universal Agent can be deployed at any branch site connected to Prisma Access, enabling IT teams to run synthetic tests from the branch regardless of underlying infrastructure hardware.

• Bridge the Gap Between Vendor-Locked Silos and Machine-Speed Operations
  The Universal Agent aggregates disparate environment data into key metrics geared toward agentic operations, enabling IT teams to move beyond fragmented troubleshooting, toward unified, proactive governance of their entire IT footprint.

• Accelerate Troubleshooting with Granular Path Analysis
  When a user in a remote branch reports a slowdown, IT teams need more than a "red/green" status light. The Universal Agent provides a granular path analysis, delivering a hop-by-hop visualization with both overlay and underlay tunnel metrics, enabling them to quickly pinpoint bottlenecks.

Thus, by mapping the entire path from the Universal Agent to the target application, IT teams can pinpoint exactly where the friction lies.

• Is it a local network issue?
• An ISP (internet service provider) bottleneck?
• A bottleneck at a handoff between providers?
• Is the application's own network at fault?

The Universal Agent Offers Inherent Security and Operational Simplicity

To help ensure that organizations can maintain peak performance and security amidst a constant stream of changes, the Universal Agent is built on a foundation of robust features:

• Native Integration with Prisma Access for Accelerated Troubleshooting
  The Universal Agent is natively integrated with Prisma Access and automatically discovers the POP (Point of Presence) location and IP infrastructure where the branch site is connected to monitor overlay and underlay, hop-by-hop, ISP health, all the way to the application to deliver precise root-cause analysis.

• Simplified Deployment at Scale
  IT teams can deploy and manage multiple agents at scale with just a few clicks from the Strata™ Cloud Manager Platform. Through our autonomous AI operations platform, we leverage enriched telemetry to watch the network and proactively manage it all from a unified platform.

• Comprehensive Full-Stack Visibility
  We utilize a single agent per branch site to deliver deep visibility into both overlay and underlay tunnel metrics. This granular path analysis allows IT teams to pinpoint network bottlenecks using hop-by-hop visualizations from the Universal Agent all the way to the target application.

The Universal Agent Optimizes End-to-End Digital Experience with Unified Operations

The launch of the ADEM Universal Agent represents a fundamental shift in how we architect the distributed enterprise, from moving beyond managing data gaps into agentic, machine-speed orchestration. Natively integrated with Prisma Access, the Universal Agent synthesizes disparate network data across multiple branch sites into a unified, vendor-agnostic ecosystem. By eliminating the 'noise' of traditional monitoring, it provides the deterministic precision and real-time context required to fuel agentic autonomous operations, enabling every automated action to be accurate, impactful and optimized for a flawless digital experience.

Ready to gain complete application experience from all branch sites and remote users? Watch our announcement video below to see the Universal Agent in action. Visit the ADEM webpage for more information or request a demo.

The post Announcing ADEM Universal Agent appeared first on Palo Alto Networks Blog.

At the core of every modern enterprise is a fundamental need: The ability to innovate across hybrid environments without sacrificing security. For over five years, Palo Alto Networks and Nutanix have partnered to meet this need, building a collaborative ecosystem where industry-leading infrastructure meets the world’s most comprehensive AI-powered security.

As we look toward the future of the enterprise at Nutanix .NEXT 2026, our focus remains on a shared vision for the "Secure Nutanix Cloud."

2026 Global Security Partner of the Year

We are deeply honored to be named the Nutanix 2026 Global Security Partner of the Year. This recognition reflects our commitment to delivering integrated, automated security that feels like a native part of the Nutanix experience. Together, we have helped thousands of joint customers move from reactive security to a proactive, zero trust posture that spans the data center, the edge and the public cloud.

The Existing Partnership Is the Foundation of Trust

Our partnership is built on the belief that security should be invisible, automated and inseparable from the infrastructure it protects. We’ve worked alongside Nutanix to enable enterprises to scale their hybrid multicloud, and their security posture scales with it. Current integrations provide zero trust protection across the Nutanix environment:

• VM-Series Virtual Firewalls – Seamlessly integrated with Nutanix AHV and Flow Network Security, our virtual firewalls provide Layer 7 visibility and advanced threat prevention for east-west traffic. This integration leverages Nutanix Flow service chaining to automatically steer traffic through VM-Series firewalls for deep packet inspection without manual reconfiguration. It delivers full functional parity and operational continuity for Nutanix AHV environments, allowing security teams to maintain high-performance standards using familiar Panorama® management and persistent, tag-based policies that migrate with workloads across clusters.
• Hybrid Cloud Security – We provide consistent security for Nutanix Cloud Clusters (NC2) on both AWS and Azure, enabling your policies to follow your workloads wherever they reside.
• Automation & Orchestration – Leveraging the Panorama® plugin for Nutanix, teams can automate security provisioning and use Dynamic Address Groups to sync application attributes instantly.

New Integration Secures Nutanix Enterprise AI (NAI)

Building on this foundation, the highlight of this year’s show is our groundbreaking integration designed to accelerate Enterprise AI adoption. NAI provides a simplified, cloud-native stack that allows organizations to deploy and scale large language models (LLMs) across their choice of infrastructure with push-button simplicity. We are collaborating on a first-of-its-kind, end-to-end security solution for NAI.

This integration, launching soon, will bring AI Model Security and AI Red Teaming directly into the NAI, creating a seamless experience where security is built in, not bolted on. By allowing only Prisma AIRS™ validated models to reach production, we eliminate security friction at the start of the AI lifecycle. Every model will undergo rigorous scans for known vulnerabilities before deployment, providing a "clean room" environment for AI development. Providing a proactive test of AI defenses, Prisma AIRS AI Red Teaming will be available within NAI as an autonomous solution that integrates seamlessly into the development pipeline, utilizing a combination of a profiler and an attacker agent to perform contextual iterative simulations that mirror real-world attacker behavior. By providing detailed reports that map vulnerabilities directly to the OWASP Top 10 for LLMs and NIST AI RMF, it equips teams with the precise context needed to secure AI applications continuously and effectively.

By proactively identifying and neutralizing emerging threats, we will give organizations the confidence to deploy AI bravely, knowing their innovation is anchored in the world’s most robust security platform.

Powered by Prisma AIRS, this integration will bring a "security-first" approach to your AI deployments:

• AI Model Security – Scans AI models during the download phase to block malicious code and hidden backdoors before they reach your environment.
• AI Red Teaming – Provides continuous, autonomous vulnerability hunting on models, application and agent endpoints, testing your AI behavior against more than 750 real-world attack scenarios and contextual agentic risk assessment.
• Unified Visibility – Provides a complete overview of your AI risk posture and scan summaries directly within your NAI dashboards.

Benefits:

Seamless and Frictionless Deployment

We will prioritize a fast and frictionless deployment experience, ensuring that robust AI security does not come at the cost of development speed. By integrating these controls directly into the NAI workflow, organizations will be able to deploy and scale their AI initiatives with "push-button" simplicity, removing the traditional complexity and friction associated with securing large language models.

Proactive Protection Against Emerging Threats

Leveraging our deep expertise in threat prevention, this solution will proactively identify and block vulnerable or malicious models before they can impact the enterprise environment. By scanning models for hidden backdoors and malicious code during the initial download phase, we will stop threats at the perimeter, allowing only validated, secure models to ever reach your production environment.

A Comprehensive Enterprise Cloud AI Solution

This integration will deliver a comprehensive enterprise cloud AI solution, merging Nutanix’s industry-leading infrastructure with our next-generation security controls. The result will be a unified, cloud-native stack where security is built in rather than bolted on after the workload deployment, providing a secured deployment environment, which is consistent across the data center, the edge and public cloud.

Evolving Insights and Real-Time Remediation

The vulnerability insights from AI Red Teaming are coupled with remediation insights. The platform will provide a prioritized list of remediation steps that are tailor-made for the endpoint. This allows organizations to battle-test their inference endpoints before deploying them at scale.

Key Takeaways

• A Proven, Award-Winning Partnership: Celebrating five years of collaboration, Palo Alto Networks has been named the Nutanix 2026 Global Security Partner of the Year, highlighting a shared commitment to delivering native, automated zero trust security for hybrid multicloud environments.
• Seamless Zero Trust for Hybrid Workloads: Through deep integrations with VM-Series virtual firewalls and Nutanix Cloud Clusters (NC2), organizations can maintain consistent Layer 7 visibility and tag-based security policies that automatically follow workloads across on-premises data centers and public clouds.
• Securing the AI Lifecycle with Prisma AIRS: The new integration with NAI, launching soon, will bring a security-first approach to AI adoption, utilizing Prisma AIRS to scan LLMs for vulnerabilities during download, and perform autonomous Red Teaming to neutralize emerging threats before they reach production.

Don’t Miss Our Speaking Session

Want to see the integration in action? Join our experts, Shrikant Brahmbhatt (Palo Alto Networks) and Ashwini Vasanth (Nutanix), on Tuesday April 7 3:30-4pm for an exclusive look at how we are securing the "Challenge of Hybrid AI." We’ll dive into the architecture that allows you to discover, assess and protect your entire AI ecosystem (apps, agents and models alike).

Visit Us at Booth #G2

Stop by the Palo Alto Networks booth (#G2) to meet our team of over 19,000 active threat researchers and see live demos of our joint solutions. Whether you are building the next generation of agentic AI or securing your virtual desktop infrastructure (VDI), we have the tools to help you innovate at machine speed.

Ready to secure your journey? Visit the Palo Alto Networks partner directory or learn more about Prisma AIRS.

Forward-Looking Statements

This blog contains forward-looking statements that involve risks, uncertainties and assumptions, including, without limitation, statements regarding the benefits, impact, or performance or potential benefits, impact or performance of our products and technologies or future products and technologies. These forward-looking statements are not guarantees of future performance, and there are a significant number of factors that could cause actual results to differ materially from statements made in this blog, including, without limitation: developments and changes in general market, political, economic, and business conditions; risks associated with managing our growth; risks associated with new products and subscription and support offerings; shifts in priorities or delays in the development or release of new offerings, or the failure to timely develop, release and achieve market acceptance of new products and subscriptions as well as existing products and subscription and support offerings; failure of our business strategies; rapidly evolving technological developments in the market for security products and subscription and support offerings; our customers’ purchasing decisions and the length of sales cycles; our competition; our ability to attract and retain new customers; and our ability to acquire and integrate other companies, products, or technologies. We identify certain important risks and uncertainties that could affect our results and performance in our most recent Annual Report on Form 10-K, our most recent Quarterly Report on Form 10-Q, and our other filings with the U.S. Securities and Exchange Commission from time-to-time, each of which are available on our website at investors.paloaltonetworks.com and on the SEC's website at www.sec.gov. All forward-looking statements in this blog are based on information available to us as of the date hereof, and we do not assume any obligation to update the forward-looking statements provided to reflect events that occur or circumstances that exist after the date on which they were made.

The post Palo Alto Networks at Nutanix .NEXT 2026 appeared first on Palo Alto Networks Blog.

This complexity creates blind spots that modern threats exploit. Recognising this vulnerability, the UK Government is moving toward a secure-by-design digital infrastructure, with the 2026 Government Cyber Action Plan (GCAP) setting a high bar for resilience. A central theme of the GCAP is the urgent need for the government to have better visibility of cyber security and resilience risk. Fundamentally, organisations cannot secure what they cannot see. As the GCAP explicitly states, the Government will use “data sources from across the government to truly understand government-wide and departmental cyber risks.”

The Challenge: Visibility in a “Landscape”

Many public sector organisations rely on a complex web of spreadsheets, data calls, legacy tools and manually curated lists to create an inventory of their internet-connected assets. But attackers do not look at an organisation's internal lists; they scan the internet for what they have forgotten to secure. Whether it is an unpatched server from a legacy project or a misconfigured database in a department, these "unknown unknowns" are the primary entry points for attackers.

The Strategic Mission: Empowering the Public Sector and Critical Industries

Palo Alto Networks Cortex Xpanse® is an active external attack surface management (EASM) solution that provides an outside-in view of organisations' entire digital footprint. It helps leaders meet national resilience goals:

• Comprehensive, Continuous Visibility: Xpanse scans the global internet space continuously and identifies every asset associated with an organisation, without requiring software agents to be installed on your systems.
• Accelerate Response: Leveraging automation, the solution streamlines response processes and enhances collaboration across dispersed teams from the sharing of findings to tracking actions and remediation.
• Supply Chain Integrity: Inline with the new Cyber Security and Resilience Bill (bringing managed service providers and critical third parties into scope), Xpanse allows organisations to assess the internet-facing security posture of third-party partners and suppliers, ensuring a weak link elsewhere doesn't compromise the broader mission.
• Alignment with GovAssure: Xpanse provides a consolidated risk profile and inventory for all internet-facing and cloud assets required for GovAssure assessments, turning a manual, months-long audit process into a continuous, data-driven cycle.
• Investment prioritisation: Xpanse provides that much needed visibility to help executive committees and boards prioritise investment decisions on legacy IT and technical debt.

Aligning to National Cybersecurity Centre (NCSC) Guidance

Palo Alto Networks Cortex Xpanse aligns with the National Cyber Security Centre (NCSC) external attack surface management (EASM) buyer's guide by providing automated discovery, continuous monitoring and risk prioritisation of internet-facing assets. It replaces manual, point-in-time audits with a proactive, agentless solution. By automating the discovery of all internet-accessible assets (including shadow IT and unmanaged cloud operations) the platform fulfills the NCSC’s core requirement for continuous global monitoring and rapid attribution. This data-driven approach allows for the automated prioritisation of critical exposures, such as RDP, and integrates seamlessly with multiple third-party automation and visualisation tools, including Cortex XSOAR® and XSIAM, to accelerate remediation with national incident response standards.

In fact, with Palo Alto Networks deployment of Cortex Xpanse, we were able to achieve a 95% reduction in external vulnerability management spending across more than 700,000 cloud instances, while improving coverage and outcomes.

Palo Alto Networks Cortex Xpanse Capabilities

• Discover Assets: Leveraging organisations' known asset inventory and other data points, Xpanse performs continual, automated discovery of all internet-accessible assets, effectively eliminating blind spots created by shadow IT and unmanaged cloud operations.
• Obtain Information: Always-on, continuous monitoring of an organisation's entire attack surface through daily scans of the global IP address space, ensuring that newly exposed services are identified quickly and accurately.
• Perform Analysis: Xpanse automates and prioritises alerts on all identified risks by severity, enabling organisations to optimise resolution and risk management, allowing teams to properly allocate resources and focus on the most critical risks to the organisation.
• Display Information and Provide Advice: Leveraging a unified view of the internet facing and cloud-based estate, Xpanse provides specific resolver guidance for every identified issue, supporting and monitoring automated resolution through multiple native integrations.
• Monitor Risk: Always on, discreet continual monitoring provides an independent real time status of the digital estate. Leveraging the threat intelligence capabilities of Palo Alto Networks, Xpanse is uniquely positioned to provide rapid coverage for newly discovered vulnerabilities, exploits or misconfigurations.

Securing the public sector requires a move from manual, point in time assessments to data-driven intelligence. Cortex Xpanse provides the foundations to remove blind spots, secure the supply chain and prevent unknown vulnerabilities in the face of sophisticated threats.

For further information and case studies, visit the links below, or schedule a demo.

• Palo Alto Networks: Slash false positives, remediation time budget with Cortex attack surface management.
• U.S. Pentagon: Palo Alto Networks Cortex Xpanse supercharge the Cyber Defences for the Department of Defense.
• Accenture: Secure rapid growth with Cortex Xpanse.

The post Closing the Gap by Enhancing Visibility and Mitigating Risks appeared first on Palo Alto Networks Blog.

Legacy security tools were built for defined perimeters and managed endpoints, not for AI-powered workflows running across encrypted traffic, SaaS applications and unmanaged devices. As work increasingly happens inside the browser, many of the traditional controls that organizations have relied on simply no longer apply.

The result is a growing visibility, governance and control gap at the exact point where work happens. As AI, SaaS and browser-based workflows become the default, enterprise security leaders are forced to confront a new set of risks and questions they can no longer ignore.

Here are the five questions keeping Chief Experience Officers (CxOs) up at night that Prisma^® Browser™ helps address.

1. Are Employees Exposing Trade Secrets to AI?

For organizations, GenAI is a double-edged sword. It drives incredible speed, but it introduces massive shadow AI risks, which will only increase as 12 thousand AI apps are expected to be in use by 2030. The danger usually isn't malicious intent; it’s the hundreds of microdecisions employees make daily. In the rush to be productive, employees may unknowingly submit proprietary code, model parameters, sensitive customer data or other confidential information into unsanctioned GenAI prompts, exposing the organization to significant risk.

For CxOs, this raises the prospect of intellectual property loss from everyday AI use that remains largely invisible to security teams. Legacy network tools are unable to notice these specific last-mile actions, so security teams often resort to bluntly blocking GenAI apps entirely.

2. Can Employees’ Personal Devices Let Hackers In?

As work moves into the browser, the network perimeter has quietly shifted from the office firewall to an employee’s kitchen counter. Unmanaged personal devices are an invisible risk, whether it’s a contractor accessing a sensitive application, an employee checking email after hours from a personal desktop, or a user connecting from a mobile device outside corporate oversight. The statistics are alarming: 92% of successful ransomware attacks originate from unmanaged devices. These devices often run gaming apps or risky extensions that fall completely outside of corporate control. For CxOs, this means a single infected personal device can become a direct path to ransomware, data loss and other threats.

3. Are There Attacks Hiding in the Browser?

Legacy tools cannot see what happens within the browser. Organizations increasingly face new threats that evade network security, such as reassembly attacks, where malware is chopped into innocent-looking fragments to bypass firewalls, only to reassemble inside the browser’s memory. At the same time, malicious browser extensions can abuse trusted permissions to steal credentials, capture sessions or exfiltrate data without triggering traditional controls. Combined with AI-driven spear phishing that creates clean, unique typo-free lures, attackers can hijack identities and exfiltrate data while your network logs remain perfectly clean. For CxOs, this creates a dangerous blind spot where breaches can unfold inside trusted web sessions without detection, until sensitive data has already been compromised.

4. Could My AI Browser Go Rogue?

The world is shifting from the tools you chat with to the tools that act on your behalf, and that’s where agentic browsers come into the picture. This creates two massive risks:

• Unintended actions, where an AI exposes authentication data and enables unauthorized access to user accounts.
• Prompt injection, where hidden website commands can jailbreak the AI to perform unauthorized actions without the user clicking a button.

Compounding this problem is the inability to distinguish between actions taken by a human vs. an agent. For CxOs, this introduces an entirely new governance challenge: Ensuring AI systems cannot take unauthorized actions, access sensitive systems, or operate without clear accountability and oversight.

5. Can Users Leak Customer Data?

In a browser-first world, data leakage rarely looks like a breach; it just looks like everyday work. Employees move data between SaaS applications or share content across personal and corporate environments in the name of productivity. The problem for CxOs is that these actions happen inside trusted sessions, often beyond the reach of traditional enterprise security controls. As AI accelerates workflows and data moves faster than policies can keep up, accidental exposure becomes a board-level risk, carrying regulatory, financial and reputational consequences that organizations may not detect until it is too late.

Browse Bravely and Be in Control with Prisma Browser

This is how Prisma Browser helps answer these questions, addressing these challenges by securing the last mile where work, data and AI interactions actually happen.

1. Control AI Use With Confidence: Stop saying “no” to innovation. Prisma Browser enables safe AI usage with surgical precision. Instead of disrupting workflows, it enforces granular content and context-aware policies, such as blocking file uploads to public LLMs while allowing uploads to your private internal sandbox. With Enterprise DLP, Prisma Browser identifies sensitive data and prevents data leaks into GenAI prompts before data leaves the enterprise environment, while providing detailed auditing and visibility to support compliance requirements.

2. Secure Hybrid Work: Prisma Browser creates a secure isolated workspace on any device, enabling secure work from any location, any application and any device. For IT and security teams, this eliminates the cost and friction of VDI and shipping laptops and enables zero-trust access for personal devices and for independent contractors in minutes. By embedding enterprise-grade DLP directly into a familiar interface and leveraging AI-driven security, it prevents data exfiltration and mitigates even the most advanced web threats.

3. Prevent Evasive Threats in Real-Time: Prisma Browser continuously scans every page in real-time before it loads in the browser, catching the evasive threats that legacy tools miss. It identifies malware hiding in encrypted traffic, malicious scripts and web-based threats, such as AI-powered spear phishing attacks. The browser protects against malicious extensions by continuously monitoring permissions, updates and usage, while blocking malicious or risky extensions automatically. With this visibility, security teams finally regain control of what was once a blind spot in the browser ecosystem.

4. Govern Agentic AI: Prisma Browser brings an AI assistant with agentic browsing capabilities into the modern workspace while extending all AI-powered last-mile security controls to agent-driven actions. It applies DLP and identity controls to distinguish between human and AI activity, enforce inline governance, while enabling step-up MFA and just-in-time permissions for sensitive actions. Integrated with Prisma AIRS™ for topic guardrails, the browser defends against prompt-injection attempts and supports a flexible BYO-LLM model, so organizations can securely govern agentic workflows while maintaining full control.

5. Protect Customer Data: Prisma Browser eliminates the visibility gaps that plague traditional security by providing insights into every user interaction across all web, SaaS and GenAI applications in use, including unsanctioned applications. By securing the last mile, the critical point where data is rendered and manipulated, the browser applies granular controls that stop leaks in real time. From masking sensitive, personally identifiable information (PII) and blocking unauthorized uploads to restricting copy-paste and screenshots, Prisma Browser enforces strict controls over how data is handled. This ensures your proprietary data stays within corporate boundaries, even on unmanaged devices, and reduces the risk of accidental data loss.

Secure AI Usage at Enterprise Scale

Shift the browser from a liability you manage to a high-performance workspace you trust.

Prisma Browser is designed to let you embrace cloud applications and AI with confidence. It’s time to protect data, govern AI use and stop threats where work happens.

Check out our on-demand webinars from industry experts to learn more on securing the modern workspace with an Enterprise Browser.

The post Five Browser and AI Security Questions Keeping CxOs up at Night appeared first on Palo Alto Networks Blog.

However, we have reached a critical inflection point in this journey. AI is no longer just a tool that assists us; it is becoming an active participant. We are entering the era of agentic AI, where autonomous agents execute tasks, access sensitive data, and navigate the web with the same privileges as human users.

This shift changes everything. When your new workforce includes agents with identities operating 24/7, the traditional, human-centric security model is no longer enough. As enterprises become AI-driven, SASE must evolve to govern these new AI identities, secure their interactions, and keep data protected while work flows at machine speed.

Today, I am thrilled to announce the next evolution of Prisma^® SASE: The Industry’s Most Comprehensive SASE Platform built for the agentic AI era.

Why Legacy Approaches Can’t Keep up with the AI-Driven Enterprise

Traditional SASE solutions are tethered to a human-centric past. Designed for human-to-app connections, these solutions cannot distinguish between a human user and an autonomous agent. Lacking the insights to determine intent, they fail to differentiate between a legitimate employee, a helpful agent, a rogue agent or a bad actor. This inability to validate the "why" behind an action creates significant risks that stall strategic AI innovation and leave enterprises vulnerable in the era of agentic AI.

Today, the browser is not only where the majority of work happens but it is now the central hub for AI interactions and AI-driven productivity. However, as we evolve from merely using AI tools to leveraging autonomous agents, organizations are exposed to risks, such as prompt injection and agent hijacking, that traditional solutions simply cannot see.

Simultaneously, sensitive data is no longer confined to predictable silos. It is flowing into applications, LLMs and automated pipelines, creating an "AI data sprawl" that traditional DLP fails to detect and secure.

Beyond security, the operational burden is reaching a breaking point. IT teams are drowning in "ticket fatigue" while trying to manage high-volume, AI-driven traffic with reactive tools. And in the always-on agentic enterprise, even a minor outage can disrupt the machine-speed productivity that drives your business forward. You shouldn’t have to trade security for speed, performance or innovation.

A Unified Foundation for the Agentic AI Era

To close these gaps, we have unified the secure agentic workspace, AI-lifecycle data protection, and autonomous operations into a single, resilient, always-on SASE platform. This isn't just a collection of features; it is a fundamental architectural shift designed to support the way work happens today and moving forward.

Reimagining the Workspace with Prisma Browser

Because the browser is the primary interface for AI interactions, we have transformed Prisma Browser^® into a high-performance, secure AI workspace. It empowers organizations to bridge the gap between human and machine work by allowing teams to leverage the LLM of their choice, ensuring they can utilize the most effective AI tools for any specific task without the risk of unmanaged agents and AI-driven workflows.

Prisma Browser provides unparalleled visibility and data security for user-to-AI application interactions, discovering AI activity across the organization to ensure that human workflows remain protected. We are now extending these robust, content-aware boundaries to agentic interactions, keeping autonomous agents within their intended scope and preventing sensitive data from leaking into unmanaged or public AI environments during automated tasks. It acts as a defense for these new digital identities, identifying prompt injection attacks and preventing agent hijacking in real time to keep autonomous workflows secure and on track. Ultimately, Prisma Browser provides the visibility and security needed to distinguish between human and machine actions, ensuring safe actions by assessing the true intent of every identity, whether human or nonhuman.

Protecting Sensitive Data Across the AI Lifecycle

AI-driven productivity starts in the browser, but it must be secured across the entire enterprise. As sensitive data flows into GenAI apps, through agentic workflows and to nonhuman identities. It creates critical blind spots across all channels in the enterprise (endpoint, network, SaaS apps, browser, etc.). To eliminate these risks, Prisma SASE provides unified AI-powered data security to protect sensitive data throughout its entire journey.

The foundational layer of this defense is establishing comprehensive AI application visibility to move beyond “shadow AI” and uncover insights into employee GenAI usage. Through AI Access Security™, we provide real-time visibility and granular control over more than 6,000 GenAI apps. This allows security teams to block unsanctioned apps while safely accelerating the usage of tools that drive the business forward. Beyond application visibility, AI Access Security also performs real-time AI-Powered Prompt Analysis to detect and block sensitive data exposure through GenAI and maintains a complete prompt history for audits.

The next essential requirement is deep data visibility to combat the proliferation of shadow data. The rise of AI and agentic workflows has massively increased the risk of sensitive information hiding in unexpected and forgotten places. Powered by Precision AI^®, Prisma SASE provides automated shadow data discovery to find and classify all types of sensitive data, whether structured or unstructured, across every channel.

Finally, our comprehensive coverage of all data exposure channels now extends to sensitive data at rest on endpoints. Organizations gain visibility into the data stored locally on their employees’ devices and implement controls to prevent exfiltration. This helps ensure a uniform, consistent policy is enforced enterprise-wide, securing data throughout the AI lifecycle and preventing leaks into unmanaged GenAI tools or misconfigured environments.

From Reactive IT to Autonomous Operations

As AI powers every workflow and accelerates the enterprise to move at machine speed, IT and Security teams must move past the era of manual troubleshooting. By integrating autonomous agentic operations, Prisma SASE enables proactive remediation by diagnosing and resolving security and connectivity issues before they ever impact the business.

Instead of wading through alerts, teams can now leverage AI agents to build robust deployment plans and optimize configurations based on automated best-practice recommendations. We have transformed real-time network context into guided, simplified troubleshooting that pinpoints root causes with precision. By eliminating manual triage with automated multilayer investigations, we accelerate resolution while involving human authority only when strategic decisions are needed. This shift doesn't just eliminate "ticket fatigue," it removes blind spots through simplified deployment at scale, freeing your teams from the "work of yesterday," so they can focus on enabling the AI-driven enterprise of tomorrow.

Architecting for Always-On Resilience

Finally, with agents working around the clock, the always-on agentic enterprise demands a foundation defined by unmatched performance and resilience. By leveraging global hyperscalers (Amazon Web Services, Google Cloud, Oracle Cloud), we provide the massive scale and reach that modern organizations require to ensure their AI-driven workflows are never interrupted. This resilience extends to the edge of the user workspace. Prisma Browser serves as a critical component of Business Continuity Planning (BCP), enabling employees to remain productive and secure regardless of network conditions.

To address specialized high-performance and sensitive needs, we are introducing SASE Private Location. This new offering brings the same cloud-delivered resilience directly to your campus by extending our multicloud fabric into high-bandwidth sites, processing high volumes of traffic without backhauling to the cloud and eliminating single points of failure. By maintaining consistent policies across campus, branch and multicloud environments, we remove the "security vs. speed" trade-off once and for all, providing the infrastructure necessary for an era where downtime is not an option.

Unleashing the True Velocity of Autonomous Work

The transition to an AI-driven enterprise, powered by a new workforce of agents, is the greatest productivity opportunity of our generation. However, it is impossible to grant true autonomy without first providing absolute security. That productivity is only sustainable if it is built on a foundation of trust that ensures every agentic action is governed and every interaction is protected.

Prisma SASE converges secure agentic browsing, autonomous operations and AI-powered data protection into a single solution. We aren’t just helping you secure the use of AI, we are helping you transform your AI-driven workflows into a growth engine that operates at machine speed, without compromise.

The future of work is autonomous. It’s time your SASE platform was, too.

To learn more about how we are redefining security for the agentic AI era, read the full press release and sign up for our event, “Tomorrow Secured,” during cybersecurity's biggest week. 

Forward-Looking Statements

This blog contains forward-looking statements that involve risks, uncertainties and assumptions, including, without limitation, statements regarding the benefits, impact, or performance or potential benefits, impact or performance of our products and technologies or future products and technologies. These forward-looking statements are not guarantees of future performance, and there are a significant number of factors that could cause actual results to differ materially from statements made in this blog, including, without limitation: developments and changes in general market, political, economic, and business conditions; risks associated with managing our growth; risks associated with new products and subscription and support offerings; shifts in priorities or delays in the development or release of new offerings, or the failure to timely develop, release and achieve market acceptance of new products and subscriptions as well as existing products and subscription and support offerings; failure of our business strategies; rapidly evolving technological developments in the market for security products and subscription and support offerings; our customers’ purchasing decisions and the length of sales cycles; our competition; our ability to attract and retain new customers; and our ability to acquire and integrate other companies, products, or technologies. We identify certain important risks and uncertainties that could affect our results and performance in our most recent Annual Report on Form 10-K, our most recent Quarterly Report on Form 10-Q, and our other filings with the U.S. Securities and Exchange Commission from time-to-time, each of which are available on our website at investors.paloaltonetworks.com and on the SEC's website at www.sec.gov. All forward-looking statements in this blog are based on information available to us as of the date hereof, and we do not assume any obligation to update the forward-looking statements provided to reflect events that occur or circumstances that exist after the date on which they were made.

The post Securing the Era of Agentic AI with Prisma SASE appeared first on Palo Alto Networks Blog.

For decades, the digital economy has operated on a model of static cryptographic trust.

Certificates were issued for long periods of time. The same encryption algorithms protected data for decades. Security teams could simply increase key lengths to stay ahead of advances in computing power. Trust infrastructure changed slowly and predictably.

That era is over.

Over the next several years, the foundations of cryptographic trust will change more dramatically than at any point since the modern internet was created. The cryptographic mechanisms that establish identity, secure communication and protect sensitive data are entering a period of continuous change.

Organizations are now confronting what can best be described as a cryptographic reset.

Security teams are fighting a battle on two fronts: Trust and Integrity.

At the same time, the scale of digital infrastructure continues to grow rapidly. Cloud services, distributed applications and autonomous agents are multiplying across enterprise environments. Each device, workload, service and agent ultimately depends on certificates and cryptographic keys to establish trust within the network.

As this ecosystem expands, automation and continuous visibility must replace human-led manual processes. For this to happen efficiently, the network must become the ultimate point of cryptographic control.

The First Front Is Trust

The first major shift is happening in how digital trust is maintained.

On March 15, 2026, the CA/Browser Forum reduced the maximum validity period for public TLS certificates from 398 days to 200 days. This change begins a phased transition that will reduce certificate lifetimes further to 100 days in 2027 and ultimately to 47 days by 2029.

At first glance, this may appear to be a simple policy change. In reality, it represents a fundamental shift in operational requirements.

When certificate lifetimes shrink, renewal velocity increases dramatically.

A certificate that previously required renewal once per year will soon require renewal multiple times per year. At 47 days, the renewal workload increases roughly twelvefold.

Many organizations today still manage certificates through manual processes. Expiration dates are tracked in spreadsheets. Calendar reminders are used to trigger renewals. Scripts and ticket workflows coordinate deployment.

These approaches do not scale to the new reality. For an enterprise managing 1,000 public TLS certificates, manual renewal already consumes roughly 4,000 hours per year, which is about two engineers' worth of work. As lifecycles shrink toward 47 days and renewal velocity increases 12×, that workload jumps to nearly 48,000 hours annually, which is the equivalent of 24 engineers.

Shorter lifecycles transform certificate management from an occasional administrative task into a continuous operational process. If manual workflows remain in place, the likelihood of business-impacting outages rises sharply.

Consider a common scenario.

A VPN gateway relies on a public TLS certificate. The expiration date is tracked in a spreadsheet maintained by an operations team. A renewal reminder is scheduled on a shared calendar.

If the reminder is missed and the certificate expires, the gateway stops accepting secure connections. Remote employees lose access to corporate resources. The help desk begins receiving calls. Security and infrastructure teams are forced into emergency remediation.

What appears to be a minor configuration detail becomes a service outage affecting the entire workforce.

In a world of 47-day certificates, the traditional “set it and forget it” approach is no longer viable. The operational risk is simply too high.

This challenge can no longer be addressed through manual processes or additional staffing.

Maintaining digital trust at this velocity requires complete visibility into certificates and fully automated lifecycle management.

Discovery, renewal, deployment and governance must operate continuously across environments without manual intervention.

The Second Front: Integrity

While trust lifecycles are accelerating, another change is unfolding simultaneously.

The mathematics protecting modern encryptions are approaching a breaking point.

Advances in quantum computing threaten to undermine the public key cryptography that secures most digital communications today. Within the coming decade, sufficiently powerful quantum systems are expected to break widely used algorithms such as RSA and ECC.

But the risk is not limited to a future breakthrough.

Adversaries are already exploiting this transition through a strategy known as “harvest now, decrypt later.”

In this model, attackers collect encrypted data today and store it for later decryption once quantum capabilities become available. Sensitive information captured now may remain vulnerable for years into the future.

This means the integrity of encrypted data is already at risk.

Organizations must prepare for the operational challenges of shorter certificate lifecycles, as well as the cryptographic transition required to protect data against quantum threats.

Turning the Network into the Trust Control Plane

Surviving the cryptographic reset does not require deploying another collection of isolated point products or rebuilding security infrastructure from scratch.

Instead, organizations can leverage the infrastructure they already operate.

Network security platforms already sit in the path of critical traffic, observing encrypted communications across the enterprise. These systems can serve as powerful sensors and enforcement points for managing cryptographic trust.

By elevating the network into a control plane for cryptography, organizations gain the visibility and automation required to navigate both the trust and integrity challenges ahead.

Earlier this year, Palo Alto Networks introduced an end-to-end quantum security architecture designed to help organizations inventory cryptographic assets, assess risk exposure, and accelerate the transition to post-quantum cryptography. One of its key innovations is cipher translation, which allows organizations to upgrade cryptographic protections for devices and applications without modifying application code.

These capabilities address the integrity side of the cryptographic reset.

But organizations must also solve the operational challenge of managing trust at scale.

Introducing Next-Generation Trust Security

Today we are introducing a new capability designed to address the growing operational risk associated with certificate lifecycles.

We call it Next-Generation Trust Security.

Next-Generation Trust Security brings certificate lifecycle management directly into the network security platform. It combines network-native discovery, continuous certificate visibility, and fully automated lifecycle management.

Because the network already observes encrypted traffic and certificate usage, discovery happens automatically across environments through existing NGFW and SASE infrastructure.

Once certificates are discovered, automated lifecycle workflows ensure they are renewed, deployed and governed according to policy.

Tasks that previously required hours of manual work can now be executed automatically.

In many environments, remediation that once required hours of investigation and coordination can occur automatically with no manual intervention.

The result is a system that continuously maintains digital trust without placing an additional operational burden on security teams.

From Cryptographic Reset to Operational Resilience

The forces reshaping digital trust are not temporary disruptions.

Shorter certificate lifecycles will continue. Cryptographic algorithms will evolve. Quantum-resistant protections will become necessary. Organizations must adapt their operational models accordingly.

By transforming the network into the control plane for cryptographic trust and security, enterprises can address both fronts of the cryptographic reset.

They can maintain trust as certificate lifecycles accelerate. They can protect data integrity as encryption standards evolve. Most importantly, they can reduce the operational risk that threatens service availability, security enforcement and business continuity.

The cryptographic reset is underway.

The organizations that prepare now will be positioned to secure both what’s running today and what comes next.

Next-Generation Trust Security is designed to help organizations operate in this new reality, where certificates renew continuously and cryptographic standards are evolving.

To learn more about how organizations can prepare for shorter certificate lifecycles, visit the Next-Generation Trust Security page.

The post The Cryptographic Reset Has Begun appeared first on Palo Alto Networks Blog.