The cloud gave us limitless scale. Software ships faster, environments reconfigure in seconds, and AI-generated code will soon account for 95% of what reaches production. Threats, however, scale just as fast. AI-supported attacks unfold in as little as 25 minutes, half the time they required a year ago.
Security teams now sit between two exponential forces, defending with resources that grow linearly. Thirty eight percent of teams spend a full day or more gathering alert context before response can begin. Across 2,800 surveyed organizations, 100% reported a major cloud security incident in the past year. Dashboards, tickets, and human-centric remediations weren’t built for AI scale.
Palo Alto Networks, the company that inaugurated CNAPP, is once again setting the standard, evolving cloud security from teams just viewing dashboards to teams fortified by a workforce of AI agents.
We Found the Limits of CNAPP
Two years ago, AI copilots were the industry's answer to the scalability problem. They weren't enough, though, in that they still require a human analyst to prompt, interpret, and direct every step. Copilots accelerate information retrieval, but every decision waits on a person, which creates a bottleneck.
Relying solely on playbook-driven automation comes with a similar limitation. As soon as a threat falls outside the predefined logic of a response plan, you have to involve a person to manually carry out the investigation and response. In essence, you have a system that creates the illusion of speed without actually closing the velocity gap.
CNAPP, even with these advancements, hasn't solved the speed differential. Teams continue to spend 69% of investigation time collecting and correlating data — before any actual response begins — while the attack that triggered the alert executed in 25 minutes.
The Four Pillars of an Agentic-Ready Cloud Security Platform
You can’t drop autonomous agents into a legacy data model and expect results. Effective agentic security requires a purpose-built foundation. Here’s how Palo Alto Networks has built that foundation for Cortex Cloud.
1. Unified Telemetry
Agents need data. The more context, the better. Fragmented tooling means fragmented data models, and an agent working off 17 disconnected sources can’t reason accurately. The consequences are measurable: 99% of organizations attribute delayed incident response to fragmented data sources and the inability to correlate alerts across their environments.
Cortex Cloud provides the industry's only unified data lake connecting code to cloud to SOC, giving our agents the complete picture to correlate a vulnerability in a line of code with a live threat in the runtime environment — simultaneously.
2. Deterministic Workflows
You can’t simply instruct an agent to go fix your cloud security posture. Probabilistic AI requires deterministic guardrails. Our platform codifies over 1.2 billion real-world security responses into proven workflows, ensuring agents don't guess. They follow mature, validated procedures. The agent knows how to respond to an exposed vulnerability or an overly permissive role because we've encoded what good looks like at scale.
3. Identity-Centric Context
If identity is the new perimeter — and it is — then identity context is non-negotiable for agentic security. Agents must distinguish between a genuine threat actor and an authorized user making routine changes. Without deep, real-time identity intelligence, autonomous action creates as much risk as it mitigates. Cortex Cloud ensures our agents understand not just what is happening, but who is doing it and whether that behavior is expected.
4. Human-on-the-Loop Governance
Autonomy requires trust, and trust requires control. Our human-on-the-loop model shifts analysts from operators executing every task end-to-end to commanders reviewing and directing agent actions at the strategic level. Reasoning transparency gives every stakeholder a full audit trail of why an agent made a decision, making it possible to intervene precisely when needed rather than monitoring everything continuously.
Introducing the Agentic Cloud Security Platform
Palo Alto Networks is closing the velocity gap with the launch of the Agentic Cloud Security Platform, a decisive shift from seeing risk to eliminating it autonomously. Unlike visibility-only tools that show you a map of the burning building, our agents take action — 64% of critical vulnerabilities sit in production for one to two weeks before detection. That window closes here.
Organizations can now command a workforce of specialized AI agents that plan, reason, and execute routine security tasks independently, freeing your analysts to focus on the complex, strategic work that requires human judgment.
Three New Cloud Security AI Agents Coming to Cortex Cloud
| Agent | Capabilities | Impact |
|---|---|---|
| Application Security Agent | Detects vulnerabilities, writes the code patch, and opens a ready-to-merge Pull Request. | Ends the developer alert backlog and prevents logic gaps in API specs. |
| Cloud Posture Security Agent | Calculates blast radius, identifies root causes, and reverts configuration drift in production settings immediately. | Autonomously applies encryption or revokes unused permissions for non-human identities. |
| Runtime Security Agent | Detects malicious processes — including ransomware — and terminates them in milliseconds. | Stops execution before damage occurs, rather than routing an alert to a queue. |
Autonomy with 100% Control
Deploying autonomous agents without oversight isn't a solution — it's a different kind of risk. That's why our agentic-first cloud security platform is built on Cortex AgentiX, which provides enterprise-grade guardrails at every layer.
Reasoning transparency gives every agent action a complete audit trail of its planning and decision logic. Human-in-the-loop controls let organizations define exactly which actions run fully autonomously and which require analyst approval before execution. And by unifying AppSec, CloudSec, and SecOps on a single platform, we deliver complete context while eliminating the handoff gaps where threats have historically lived.
The Bottom Line
Security fails when attacks scale faster than response.
Cortex Cloud, the agentic cloud security platform, changes the equation. Palo Alto Networks hasn't built a better dashboard or a smarter copilot. We've built a digital workforce — one that operates at machine speed, with human accountability built in. Attackers have been moving at the speed of AI for some time now. As of today, so do defenders.
See Cortex Cloud in action. Schedule a personalized demo.