Security professionals are finding themselves in a difficult position. As organizations race to deploy AI Factories and autonomous agents, security teams are being asked to protect high-performance, massively accelerated computing architectures that they cannot fully see. Operating at incredible volume and speed, the deepest layers of the infrastructure—such as AI compute nodes and NVIDIA BlueField data processing units (DPUs) —are exactly where high-fidelity, in-silicon observability becomes essential.
Securing the AI Factory requires security leaders to optimize their architecture rather than accept a mindset of competing priorities. When traditional host-based agents compete for the premium compute resources that AI models desperately need, it creates an artificial tug-of-war between security visibility and token economics.
Balancing AI Innovation and Security
Security teams shouldn't be forced to compromise between robust protection and rapid progress. To address the unique challenges of securing modern AI infrastructure without stalling computing workloads, organizations should adopt a collaborative, visibility-first strategy:
- Eliminate the False Choice: Build the security check into the pipeline instead of bolting it on afterward. When a model can't be promoted to production until its data lineage and dependencies clear an automated scan, the gate runs inline in CI rather than sitting in a review queue.
- Restore Infrastructure Visibility: Monitor the pipeline down at the layer where attacks actually land. You want to catch the moment a service account pulls model weights it has never accessed before, or an inference endpoint starts returning data that looks like training records leaking back out.
- Remove Innovation Bottlenecks: Make the secure path the default path. When a data scientist spins up a training environment and it arrives already segmented with secrets handled for them, security stops being the ticket they wait on.
Eliminating Blind Spots: In-Silicon Visibility into AI Nodes
To stop advanced threats, security teams must look beneath the software layer. Leveraging the NVIDIA BlueField DPU as an out-of-band sensor grants direct visibility into AI node memory and runtime processes straight from the hardware. This empowers analysts with unprecedented insights into data flows, file access, and memory operations, effectively eliminating the blind spots that traditional OS logs leave behind.
We partnered with NVIDIA to help security professionals gain visibility into the AI Factory without becoming a bottleneck to innovation. Palo Alto Networks Cortex has integrated with the NVIDIA DOCA Argus framework to provide an out-of-band security sensor. DOCA Argus generates critical security events and alerts directly on the AI node by utilizing advanced memory forensics and in-silicon machine introspection. Because it operates from BlueField, it can scan host memory and monitor process activity, file access, and network connections without relying on host-based agents or impacting the performance of the AI workload.
Making the Data Immediately Usable
Telemetry is only useful if it is actionable. Raw JSON logs from DOCA Argus are automatically forwarded to Cortex XSIAM, where they are parsed and mapped into the Cortex Data Model (XDM). This native normalization transforms complex hardware-level signals into a standardized schema that SOC analysts can immediately query alongside existing datasets. By modeling Argus network fields into XDM, telemetry is converted into active security data capable of triggering high-fidelity detections through the Cortex analytics pipeline.
Furthermore, analysts are empowered to build their own tailored dashboards, giving them the exact situational awareness they need to proactively hunt for anomalous behavior specific to their unique AI workloads.
From Insight to Automated Response: Eliminating Operational Friction
This integration operates completely out-of-band to eliminate performance overhead, ensuring that 100% of AI compute resources remain dedicated to the business mission. Beyond deep visibility, it seamlessly turns these insights into immediate, automated action. By using Cortex to automate policy changes and isolate compromised AI nodes in real time, organizations can eliminate operational friction. The result? A SOC that no longer slows down production, but instead acts as a secure-by-design enabler of AI innovation.
From Bottleneck to Catalyst: Redefining Security for the AI Factory
Security teams carry the weight of protecting the AI Factory, and they deserve tooling that meets them where they work. With NVIDIA DOCA Argus telemetry feeding natively into the Cortex platform, defenders can stop stitching together fragmented point products and finally see the whole environment at once. That unified visibility, made possible by Palo Alto Networks and NVIDIA, gives them the confidence to protect every stage of the AI lifecycle. Within their own organizations, they shed the reputation of operational bottleneck and become the force that drives AI innovation forward.
Key Takeaways
- Workload Security with Deep Visibility: Unlock continuous memory scanning across application hosts without the performance drag or resource drain of traditional security agents. This delivers deep, uncompromised infrastructure visibility while keeping host compute and memory 100% free to power critical AI workloads at peak speed.
- Seamless Sensor Integration with XDM: NVIDIA DOCA Argus acts as a native sensor, feeding telemetry straight into the Cortex Data Model (XDM). Security teams get structured, hardware-level signal and automated remediation that runs without manual stitching. Visibility that is rooted in purpose-built silicon means they can catch threats closer to the source.
- Enhanced Correlation and Observability: Tailored dashboards transform raw telemetry into a live, searchable feed of prioritized alerts. Packed with rich context—like timestamps, activity types, and host details—analysts can correlate threats faster and respond instantly.
Ready to Empower Your SOC?
- Explore the Integration: Download the DOCA Argus Content Pack today on the Cortex Marketplace.