Palo Alto Networks: Securing the AI-Powered Enterprise – RSA 2026

Every so often something new comes along and becomes a nightmare for security professionals and a major impact on technology leaders, from the birth of email phishing and DDoS attacks to today, when anyone can create agents with outside software or within existing software.

Many of these AI agents are booking meetings, executing transactions, and accessing sensitive data inside enterprise systems, and most organizations have zero visibility into what those agents are actually doing.

At RSA 2026, Palo Alto Networks announced a new set of capabilities aimed at that gap: identifying and monitoring all AI agents running within an organization, enforcing data protection policies directly in the browser for workflows that use AI, and automating certificate management to streamline security. Palo Alto offers these features in packages designed for small and medium-sized businesses (SMBs).

In most organizations the security stack was not designed for a world where software acts autonomously on behalf of your employees. Security teams are scrambling to lock everything down and anticipate where the openings are.

To illustrate the rapid evolution of this field, Anthropic announced just this week an update to Claude enabling it to autonomously perform tasks within its Code and Cowork AI tools by operating directly on users’ computers. This new functionality allows Claude to automatically open files, use web browsers and applications, and run development tools without any required setup, even when the user is not present at their computer.

Product-by-Product Analysis of the Palo Alto Announcements

Image Source: Palo Alto Announcements

Prisma AIRS 3.0: Agent Discovery & Runtime Security

Prisma AIRS 3.0 gives security teams a single-pane inventory of every AI agent running across cloud, SaaS, and endpoint, with the ability to vet agents before deployment and monitor behavior at runtime. This is the centerpiece of Palo Alto’s RSA announcement and the one most likely to matter in competitive evaluations.

This is a genuine differentiator in our opinion. We have not seen anyone ship discovery, pre-deployment vetting, and runtime monitoring in a single integrated product. Specialist vendors like Protect AI and HiddenLayer cover pieces (model vulnerabilities here, data leakage there) but none connect the full chain. Microsoft is building AI security into Defender and Purview, but only for its own ecosystem. If you’re running agents across AWS, Azure, and third-party SaaS (which you are), Microsoft’s coverage has a hard boundary. AIRS 3.0 doesn’t.

The practical value is straightforward: Most enterprises cannot answer the basic governance question of what agents are running and what they can access. That’s the primary reason AI initiatives stall in legal and compliance review. AIRS 3.0 produces the evidence those teams require. If it works as described, it removes a bottleneck that is holding up AI programs across industries.

Secure Agentic Browser: Data Policy Enforcement at the Browser Layer

The Secure Agentic Browser embeds AI tools directly into employee workflows while enforcing data policies at the browser level. It prevents sensitive corporate data from reaching unauthorized AI tools and, critically, generates audit logs that distinguish between actions taken by humans and those executed by AI agents.

With a proliferation of browser-based extensions, the human-vs-agent attribution in audit logs is a smart, underappreciated feature. When something goes wrong with an AI-assisted workflow, the first question every compliance team asks is, “Who did this, a person or a bot?” Most tools today can’t answer that cleanly.

The direct competitors are Island and Microsoft Edge for Business. Island has carved out a real position in secure enterprise browsing, and Edge for Business benefits from Microsoft’s distribution advantage. But neither currently offers the same level of agentic AI governance baked into the browser itself. Palo Alto’s play here is to make the browser the enforcement point for AI policy, not just web policy.

For employees, the experience is largely invisible. Approved AI tools work normally; enforcement happens in the background. That’s the right design choice. Security products that rely on employees making correct judgment calls about data exposure are already failing.

NGTS: Automated Certificate Management

NGTS automates the lifecycle management and renewal of digital certificates across an organization’s infrastructure. The timing is driven by regulatory changes taking effect in 2029 that will shorten maximum certificate validity from roughly 400 days to approximately 47 days, a tenfold increase in renewal frequency.

This is less about differentiation and more about inevitability. The 47-day renewal cycle is coming whether organizations are ready or not. A company managing 5,000 certificates will face 100+ renewals per day under the new rules. That is not operationally feasible without automation, full stop. The established players here are AppViewX and Venafi (the latter now part of CyberArk, which Palo Alto Networks recently acquired). That acquisition means Palo Alto Networks now competes in certificate management while also owning key underlying technology from a former market leader. Expect some market confusion about where Venafi ends and NGTS begins. For buyers, it’s worth pressing Palo Alto on the integration roadmap.

The experience for IT teams is exactly what you’d expect from automation done right: certificates renew before they expire, administrators get a centralized status view, and the spreadsheets and calendar reminders that most teams currently rely on become obsolete. The real value is preventing the outages that expired certificates cause: taking down customer-facing applications, payment systems, or critical internal services within minutes.

Prisma Browser for Business: Enterprise Security for the SMB Market

This packages the AI governance and certificate management capabilities for organizations without large security teams. It’s the same protection surface, delivered through a streamlined interface that doesn’t require a dedicated SOC to operate.

This is a table-stakes market expansion move, not a differentiator. But it’s a smart one. AI threats and certificate vulnerabilities don’t scale to company size. A 200-person firm running AI agents has fundamentally the same exposure as a 20,000-person enterprise, minus the security team to manage it. The competitive question is whether SMBs will buy from Palo Alto Networks at all, given the brand’s enterprise positioning and the procurement friction that comes with it.

What’s Actually Different Here

AI security has, until now, focused almost entirely on the conversation layer: what an AI says, what data enters a prompt, what comes back. That was fine when AI was a chat interface. It’s not sufficient when agents are autonomously executing actions inside enterprise systems: approving invoices, booking travel, modifying code, accessing customer records. The shift from AI that responds to AI that acts is a material change to the threat model, and most existing security tools were not designed for it.

Palo Alto’s RSA 2026 announcements are the first credible attempt to address the full scope of that shift from a single vendor. That doesn’t mean they’ve solved it (this is a 1.0 play in a market that barely exists yet), but it means they’re setting the terms of the conversation. Competitors will be responding to this framing for the next 12 to 18 months.

Competitive Landscape: Honest Assessment

The agentic AI security market is early stage and fragmented. Here’s how the pieces map:

• Agent security: Protect AI, HiddenLayer, and a growing cohort of startups offer point solutions. None provide the discover-vet-monitor pipeline that AIRS 3.0 claims. Microsoft is building into Defender/Purview but is ecosystem locked. Palo Alto has the most complete story here, though “most complete” in a nascent market is a low bar.
• Secure browsing: Island is the most direct competitor and has real enterprise traction. Edge for Business has distribution. Palo Alto’s angle – the browser as AI policy enforcement point – is distinct but unproven at scale.
• Certificate management: AppViewX and Venafi/CyberArk are established. The Venafi acquisition gives Palo Alto both an asset and a conflict. This is worth monitoring.

Our Take

Start with discovery. If you cannot produce an inventory of which AI agents are running in your organization, what data they can access, and who authorized them, you are not ready for any vendor evaluation or for an honest conversation about your risk posture. Business units are deploying AI tools faster than security can track, and pretending otherwise is not a strategy.

Employee awareness remains underweighted. Work with HR and learning teams to help people understand what AI agents are, how to use approved ones responsibly, and why the work/personal device boundary matters. This costs very little and prevents significant exposure before any technical controls are in place.

For CISOs: Prompt injection and similar techniques make broadly autonomous agents a real attack surface. Clear usage guidelines and consistent monitoring are foundational, not optional. For CIOs and CTOs: Security protocols need to support AI adoption, not hinder it; the organizations that get this right will move faster than those that don’t. For CEOs and boards: Oversight of AI access to critical systems is a governance responsibility, and it belongs at the leadership level.

If you’re already a Palo Alto Networks customer, prioritize activation: Get certificate automation running and let AIRS build an agent inventory before layering on additional tooling. If you’re evaluating the platform from scratch, assess it as an integrated solution rather than a collection of point products and treat the 2029 certificate deadline as a concrete, time-bound reason to act.

Know what’s running. Train your people. Automate certificate management now. The regulatory deadline and the threat landscape are both moving faster than most organizations’ security programs.

Want to Know More?

Palo Alto Networks Completes CyberArk Deal, Expanding Zero Trust to Machine Identity