As CISOs worry about AI agent sprawl, Palo Alto Networks has announced an update to its Prisma AIRS security platform and enterprise browser to include the ability to discover AI agents, models, and connections across the entire IT environment, to scan agents for vulnerabilities, and to allow admins to simulate red team tests for agents.
Assuming the completion of Palo Alto Networks’ planned acquisition of Koi Security, it said, Prisma AIRS 3.0 will soon also offer an AI Agent Gateway providing a central control plane to enforce agent runtime and identity security.
According to Gartner, 40% of enterprise applications will be integrated with task-specific AI agents by the end of this year, up from less than 5% today. As organizations accelerate their digital transformation, agentic AI in enterprise applications will move beyond individual productivity, Gartner says, setting new standards for teamwork and workflow through smarter human-agent interactions.
To meet that challenge, Prisma AIRS is adding new ways to use AI to detect AI application security issues. In a prerelease briefing for reporters, Nikesh Arora, CEO of Palo Alto Networks, predicted, “in next five years, our customers are going to go through the most significant overhaul of their enterprise networks they’ve ever seen” because of AI.
“Every CIO wants AI implemented yesterday,” he said. “Every company wants to see how they can leverage AI as quickly as possible,” wants to understand if the shift to AI is real, and if so, how CIOs need to prepare.
“Can we use AI to deliver better cybersecurity outcomes? Yes, we can,” he said. But it won’t happen overnight. In fact, he said, the pace at which large language models (LLMs) are moving is significantly expanding the attack surface.
Recently, he said, there have been news reports that AI agents created by firms caused hacks within their own companies. He didn’t cite specific examples, but last week Meta said there had been a severe internal security breach after an autonomous AI agent exposed sensitive company and user data to unauthorized employees for two hours.
In the future, if agents in the enterprise are more than a fad, Arora said, “there will be millions of agents traversing enterprise architectures, trying to execute on their behalf — both agents delegated by people like you and me, and autonomously. I can’t imagine meeting a CEO in the last three months who does not have some aspiration to start having agents effectively doing tasks within the enterprise. It’s slow going, but the intention is there. And I can see many system integrators and consultants out there advocating and helping customers with that migration.”
But, he added, there are risks. To meet them, Prisma AIRS 3.0 will allow admins to safely deploy AI applications, he said. To increase visibility, the platform will identify agents running in cloud environments, on SaaS platforms and locally on endpoints. A capability called Agent Artifact Security maps out an agent’s architecture and scans for vulnerabilities, and another capability called AI Red Teaming for Agents simulates context-aware agentic attacks, discovers AI-related vulnerabilities, and recommends runtime security policies.
Prisma Browser
To also improve AI security, Palo Alto Networks released a new version of Prisma Browser for enterprise end users, with expanded capabilities allowing employees to use any LLM they choose. The new version of the browser is able to discover user-generated AI activity and enforce content-aware boundaries to keep agents within their intended scope. The browser also prevents sensitive data from leaking to unmanaged or public AI tools during automated tasks, identifies and blocks prompt injection attacks, including malicious instructions designed to hijack AI agents hidden within websites.
Palo Alto Networks said the browser also provides real-time distinction between human actions and automated AI tasks. By assessing the intentions of both human and non-human identities, Prisma Browser enables total accountability and compliance with evolving global AI regulations
Next Generation Trust Security
Separately, Palo Alto Networks also announced a new digital certificate lifecycle management platform, following the closing last month of its acquisition of CyberArk.
By integrating CyberArk’s machine identity intelligence into the network, NGTS closes the gap between the teams managing certificates and the teams responsible for uptime, Palo Alto Networks said in a press release.
The company said that Next Generation Trust Security (NGTS) will help organizations deal with the fact that the maximum lifespan of digital certificates has just been cut to 200 days from 398 days, and by 2029 will fall to just 47 days. Until now, many companies have been keeping track of certificates through spreadsheets, says Palo Alto Networks; NGTS discovers and manages the lifecycle of certificates across the network for them.
The company said that NGTS also eliminates unapproved certificates and blind spots that lead to security gaps, protects the business from certificate-related outages and trust failures by automatically identifying and refreshing credentials before they expire and disrupt customer transactions or internal services, and accelerates the transition to a post-quantum future by handling faster renewal cycles and evolving encryption standards through automation.
Palo Alto Networks has not announced pricing for NGTS.