* [Blog](https://www.paloaltonetworks.com/blog)
* [Palo Alto Networks](https://www.paloaltonetworks.com/blog/corporate/)
* [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/)
* Artificial Intelligence ---...

# Artificial Intelligence --- Beyond the Algorithms

[](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww.paloaltonetworks.com%2Fblog%2F2023%2F09%2Fartificial-intelligence-beyond-the-algorithms%2F)  
[](https://twitter.com/share?text=Artificial+Intelligence+%E2%80%94+Beyond+the+Algorithms&url=https%3A%2F%2Fwww.paloaltonetworks.com%2Fblog%2F2023%2F09%2Fartificial-intelligence-beyond-the-algorithms%2F)  
[](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww.paloaltonetworks.com%2Fblog%2F2023%2F09%2Fartificial-intelligence-beyond-the-algorithms%2F&title=Artificial+Intelligence+%E2%80%94+Beyond+the+Algorithms&summary=&source=)  
[](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://www.paloaltonetworks.com/blog/2023/09/artificial-intelligence-beyond-the-algorithms/&ts=markdown)  
\[\](mailto:?subject=Artificial Intelligence — Beyond the Algorithms)  
Link copied  
By [Dena De Angelo](https://www.paloaltonetworks.com/blog/author/ddeangelo/?ts=markdown "Posts by Dena De Angelo")  
Sep 26, 2023  
6 minutes  
[Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown)  
[Points of View](https://www.paloaltonetworks.com/blog/category/points-of-view/?ts=markdown)  
[Product Features](https://www.paloaltonetworks.com/blog/security-operations/category/product-features/?ts=markdown)  
[Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown)  
[Cortex](https://www.paloaltonetworks.com/blog/tag/cortex/?ts=markdown)  
[cybersecurity strategy](https://www.paloaltonetworks.com/blog/tag/cybersecurity-strategy/?ts=markdown)  
[Interview](https://www.paloaltonetworks.com/blog/tag/interview/?ts=markdown)  
[SOC](https://www.paloaltonetworks.com/blog/tag/soc/?ts=markdown)  
[This is how we do it](https://www.paloaltonetworks.com/blog/tag/this-is-how-we-do-it/?ts=markdown)

In Episode 6 of ["This is How We Do It,"](https://www.paloaltonetworks.com/blog/tag/this-is-how-we-do-it/?ts=markdown) Peter Havens, from Cortex product marketing, continues the interview series. He sits down with Yoni Allon, VP Research, to discuss how Palo Alto Networks leverages artificial intelligence (AI) to enhance cybersecurity in our SOC.

Palo Alto Networks stands as a cybersecurity stalwart, safeguarding the network and security environments for nearly *one* *hundred thousand organizations* across the globe. Given the dynamic threat landscape, Yoni and his team employ a multifaceted and proactive approach to fortify their defenses. In this interview, we peek a bit under the hood to learn more about the role AI plays in defending our own security operations center (SOC), our customers' data and how we utilize AI to adapt and enhance the efficiency of blocking and detecting malicious activities.

It's a brave, new world, but in a *good*way.

## Defining "Artificial Intelligence" in Cybersecurity

Yoni opens the conversation by offering his perspective on what constitutes artificial intelligence within the purview of cybersecurity. He defines AI as "any algorithm capable of adapting to new data and evolving to accommodate these changes." Crucially, AI possesses the ability to handle vast and complex datasets, making it a powerful tool for efficiently detecting and mitigating evolving cyberthreats. This distinction helps set the stage for understanding the significance of AI in modern cybersecurity. Yoni shares more about the differences between AI and machine-learning (ML), which are often (and somewhat erroneously) used interchangeably:

*"And there's a distinction here between AI and machine learning or ML, or ML specifically is not just any algorithm that adapts to new data. It's a specific algorithm that was generated by another algorithm, meaning that you push data into an algorithm and that results in a new algorithm that can potentially adapt to new data as it comes. And that's where the differentiation lies. So, AI might be man made, might be machine made, right? But, the general broad term is, you know, still AI."*

## The Data-Driven Nature of Modern Security Challenges

As Yoni points out, the nature of security threats has evolved dramatically. Traditional security approaches relied on human experts crafting signatures -- a specific pattern that allows cybersecurity technologies to recognize malicious threats -- and to counter specific threats. However, with the exponential growth of attacks and data, as well as the need to protect against diverse threats, AI has emerged as a critical asset. AI's data-processing capabilities empower it to tackle contemporary challenges where traditional human-centric approaches fall short. The immense volume of data ingested daily by Cortex XSIAM in our SOC highlights how AI can analyze and detect potential threats that may otherwise go unnoticed.

Notably, a common customer pain point is the inability to analyze or contextualize ingested data. With XSIAM, Yoni and his team can normalize data and stitch different points of view (POVs) of the same event into a single, augmented log line that tell the story of the activity, and then use this data in the analytics engine and make it available for querying via XQL.

That said, Yoni emphasizes that AI isn't a standalone solution but a collaborative effort -- it merges the expertise of security professionals, data scientists and technology to create a formidable, yet balanced defense.

## AI in Action: Anomaly Detection and Supervised Learning

Palo Alto Networks deploys AI across its Cortex suite to address various aspects of cybersecurity. Anomaly detection, a crucial aspect of AI, takes on a different dimension here. Yoni explains that conventional anomaly detection falls short because it often flags non-malicious activities as anomalous, leading to information overload. To overcome this, Palo Alto Networks employs supervised learning, creating models that classify and prioritize incidents based on labeled data. This approach focuses on finding the fine line between benign and malicious activities, ensuring a more precise and effective detection mechanism. Yoni explains further:

*"So firstly, every model that we do release has a security person and a data scientist looking at the results, understanding if they're good enough, validating that it makes sense. And that's why using supervised learning makes more sense."*

#### Risk Prioritization with AI

Another key application of AI within Cortex is risk prioritization. By harnessing data and AI capabilities, Palo Alto Networks helps security analysts efficiently allocate their time to investigate the most critical incidents. The AI-driven risk prioritization model sifts through vast datasets and highlights incidents with the highest potential risk, streamlining the investigative process. Alert fatigue and endless false positives are no joke, and advancements in AI hold great promise to alleviate this all-too-common bane to security analysts to save time.

#### Building Trust in AI-Driven Decision Making

Trust in AI-driven decision making is paramount. To build confidence in the AI's recommendations, Palo Alto Networks employs a meticulous approach. Each AI model undergoes scrutiny from both security experts and data scientists. Additionally, the Cortex platform provides visibility into the reasoning behind AI-generated scores, enabling analysts to comprehend and validate the decisions made by the AI.

Lastly, the interview touches on the evolving landscape of AI, particularly large language models (LLMs). These models have the potential to revolutionize aspects of cybersecurity, such as data loss prevention and phishing detection, by enhancing natural language understanding, improving email filtering and identifying phishing emails more accurately.

However, they also raise concerns, as they can empower less experienced attackers to create sophisticated malware. While LLMs have the potential to streamline security operations and improve productivity, their impact on the cybersecurity landscape remains a topic of ongoing discussion. Delving further into the subject, Peter asks Yoni for his take on LLMs; whether it's all hype, if he's investigating it more, and what he sees happening down the road:

*"That's a big question. I think you can split it into a couple of parts. First is, let's say the core security issues of creating new detections, solving core security problems. I think that there's some merit. There's some use for example of DLP (data loss prevention) or phishing, there's a lot of potential uses there. I think it's gonna revolutionize that in those industries. And I think for other things, people are maybe expecting this to change the way malware detection is working. I'm not as convinced, or at least not convinced yet that this is going to do that. In the second part, there's generating attacks and generating malware. And, and I think there, again, when you go to phishing emails, it's doing an amazing job at generating those things. And generating malware is something that I think a lot of people are actively investigating."*

In conclusion, Palo Alto Networks proactively embraces AI in its cybersecurity strategy to exemplify the industry's ongoing transformation. By harnessing AI's capabilities in anomaly detection, risk prioritization and beyond, Palo Alto Networks is not only safeguarding its own infrastructure but also leading the charge in enhancing security for countless organizations worldwide. The collaboration between security experts and data scientists, combined with a commitment to transparency, ensures that AI-driven decisions are both effective and trustworthy in the battle against cyberthreats.

Watch their\*\*[full interview](https://www.youtube.com/watch?v=AOs_8-rJddQ&t=98s)\*\* on our Cortex YouTube channel.

*** ** * ** ***

## Related Blogs

### [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [Product Features](https://www.paloaltonetworks.com/blog/security-operations/category/product-features/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown)

[#### Threat Hunting to Find the Good Stuff](https://www.paloaltonetworks.com/blog/2023/10/threat-hunting-to-find-the-good-stuff/)

### [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [Points of View](https://www.paloaltonetworks.com/blog/category/points-of-view/?ts=markdown), [Product Features](https://www.paloaltonetworks.com/blog/security-operations/category/product-features/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown)

[#### Data --- The Lifeblood of Security and Detection Engineering](https://www.paloaltonetworks.com/blog/2023/09/security-and-detection-engineering/)

### [Company \& Culture](https://www.paloaltonetworks.com/blog/category/company-culture/?ts=markdown), [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [Points of View](https://www.paloaltonetworks.com/blog/category/points-of-view/?ts=markdown), [Product Features](https://www.paloaltonetworks.com/blog/security-operations/category/product-features/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown)

[#### Hasta La Vista Human Powers --- Automating the Automation](https://www.paloaltonetworks.com/blog/2023/05/automating-the-automation/)

### [Points of View](https://www.paloaltonetworks.com/blog/category/points-of-view/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown)

[#### Beyond the Hype --- Where AI Can Shine in Security](https://www.paloaltonetworks.com/blog/2024/01/where-ai-can-shine-in-security/)

### [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [Product Features](https://www.paloaltonetworks.com/blog/security-operations/category/product-features/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown)

[#### This Is How We Do It --- Season One Recap](https://www.paloaltonetworks.com/blog/2023/11/this-is-how-we-do-it-season-one/)

### [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [Points of View](https://www.paloaltonetworks.com/blog/category/points-of-view/?ts=markdown), [Product Features](https://www.paloaltonetworks.com/blog/security-operations/category/product-features/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown)

[#### Multiplying Force with Automation --- Reducing the Soul Crushing Work](https://www.paloaltonetworks.com/blog/2023/08/multiplying-force-with-automation/)

### Subscribe to the Blog!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.
![spinner](https://www.paloaltonetworks.com/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up  
Please enter a valid email.  
By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.  
This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply.  
{#footer} {#footer}

## Products and Services

* [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown)

* [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown)

* [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown)

* [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown)

* [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown)

* [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown)

* [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown)

* [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown)

* [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown)

* [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown)

* [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown)

* [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown)

* [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown)

* [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown)

* [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown)

* [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown)

* [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown)

* [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown)

* [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown)

* [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown)

* [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown)

* [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown)

* [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown)

* [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown)

* [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown)

* [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown)

* [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown)

* [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown)

* [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown)

* [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown)

* [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)

* [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown)

* [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown)

* [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown)

* [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown)

* [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown)

* [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown)

## Company

* [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown)
* [Careers](https://jobs.paloaltonetworks.com/en/)
* [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)
* [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown)
* [Customers](https://www.paloaltonetworks.com/customers?ts=markdown)
* [Investor Relations](https://investors.paloaltonetworks.com/)
* [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown)
* [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown)

## Popular Links

* [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown)
* [Communities](https://www.paloaltonetworks.com/communities?ts=markdown)
* [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown)
* [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown)
* [Event Center](https://events.paloaltonetworks.com/)
* [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center)
* [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown)
* [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown)
* [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown)
* [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown)
* [Tech Docs](https://docs.paloaltonetworks.com/)
* [Unit 42](https://unit42.paloaltonetworks.com/)
* [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd)
  ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)
* [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown)
* [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown)
* [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown)
* [Documents](https://www.paloaltonetworks.com/legal?ts=markdown)

Copyright © 2026 Palo Alto Networks. All Rights Reserved

* [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks)
* [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown)
* [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/)
* [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks)
* [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks)
* EN  
  Select your language