[](https://www.paloaltonetworks.com/?ts=markdown)

* Sign In
  
  * Customer
  * Partner
  * Employee
  * [Login to download](https://www.paloaltonetworks.com/login?ts=markdown)
  * [Join us to become a member](https://www.paloaltonetworks.com/login?screenToRender=traditionalRegistration&ts=markdown)

* EN
  
  * [USA (ENGLISH)](https://www.paloaltonetworks.com)
  * [AUSTRALIA (ENGLISH)](https://www.paloaltonetworks.com.au)
  * [BRAZIL (PORTUGUÉS)](https://www.paloaltonetworks.com.br)
  * [CANADA (ENGLISH)](https://www.paloaltonetworks.ca)
  * [CHINA (简体中文)](https://www.paloaltonetworks.cn)
  * [FRANCE (FRANÇAIS)](https://www.paloaltonetworks.fr)
  * [GERMANY (DEUTSCH)](https://www.paloaltonetworks.de)
  * [INDIA (ENGLISH)](https://www.paloaltonetworks.in)
  * [ITALY (ITALIANO)](https://www.paloaltonetworks.it)
  * [JAPAN (日本語)](https://www.paloaltonetworks.jp)
  * [KOREA (한국어)](https://www.paloaltonetworks.co.kr)
  * [LATIN AMERICA (ESPAÑOL)](https://www.paloaltonetworks.lat)
  * [MEXICO (ESPAÑOL)](https://www.paloaltonetworks.com.mx)
  * [SINGAPORE (ENGLISH)](https://www.paloaltonetworks.sg)
  * [SPAIN (ESPAÑOL)](https://www.paloaltonetworks.es)
  * [TAIWAN (繁體中文)](https://www.paloaltonetworks.tw)
  * [UK (ENGLISH)](https://www.paloaltonetworks.co.uk)

* ![magnifying glass search icon to open search field](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/search-black.svg)

* [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)

* [What's New](https://www.paloaltonetworks.com/resources?ts=markdown)

* [Get Support](https://support.paloaltonetworks.com/SupportAccount/MyAccount)

* [Under Attack?](https://start.paloaltonetworks.com/contact-unit42.html)
  ![x close icon to close mobile navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/x-black.svg) [![Palo Alto Networks logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)](https://www.paloaltonetworks.com/?ts=markdown) ![magnifying glass search icon to open search field](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/search-black.svg)

* [](https://www.paloaltonetworks.com/?ts=markdown)

* Products  
  ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Products  
  [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown)
  
  * [AI Security](https://www.paloaltonetworks.com/ai-security?ts=markdown)
  
  * [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown)
  
  * [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown)
  
  * [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown)
  
  * [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown)
  
  * [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown)
  
  * [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown)
  
  * [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown)
  
  * [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)
  
  * [Enterprise Device Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown)
  
  * [Medical Device Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)
  
  * [Next-Gen Trust Security](https://www.paloaltonetworks.com/network-security/next-gen-trust-security?ts=markdown)
  
  * [OT Device Security](https://www.paloaltonetworks.com/network-security/ot-device-security?ts=markdown)
  
  * [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown)
  
  * [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown)
  
  * [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown)
  
  * [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown)
  
  * [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown)
  
  * [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown)
  
  * [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown)
  
  * [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown)
  
  * [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown)
  
  * [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown)
  
  * [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown)
  
  * [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)
  
  * [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown)
  
  * [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown)
  
  * [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown)
  
  * [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown)
  
  * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)  
    [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown)
  
  * [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)
  
  * [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)
  
  * [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown)
  
  * [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown)
  
  * [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown)
  
  * [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown)
  
  * [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown)
  
  * [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown)
  
  * [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown)
  
  * [Cortex AgentiX](https://www.paloaltonetworks.com/cortex/agentix?ts=markdown)
  
  * [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown)
  
  * [Cortex Exposure Management](https://www.paloaltonetworks.com/cortex/exposure-management?ts=markdown)
  
  * [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown)
  
  * [Cortex Advanced Email Security](https://www.paloaltonetworks.com/cortex/advanced-email-security?ts=markdown)
  
  * [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)
  
  * [Unit 42 Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown)  
    [Next-Generation Identity Security](https://www.paloaltonetworks.com/idira?ts=markdown)
  
  * [Privileged Access Management](https://www.paloaltonetworks.com/idira/human/privileged-access-management?ts=markdown)
  
  * [Identity and Access Management](https://www.paloaltonetworks.com/idira/human/identity-and-access-management?ts=markdown)
  
  * [Endpoint Privilege Manager](https://www.paloaltonetworks.com/idira/human/endpoint-privilege-manager?ts=markdown)
  
  * [Identity Governance](https://www.paloaltonetworks.com/idira/human/identity-governance?ts=markdown)
  
  * [Workforce Password Management](https://www.paloaltonetworks.com/idira/human/workforce-password-management?ts=markdown)
  
  * [Agentic Identities](https://www.paloaltonetworks.com/idira/agentic?ts=markdown)
  
  * [Secrets Management](https://www.paloaltonetworks.com/idira/machine/secrets-management?ts=markdown)
  
  * [Unified Secrets Governance](https://www.paloaltonetworks.com/idira/machine/unified-secrets-governance?ts=markdown)
  
  * [Application Credentials Delivery](https://www.paloaltonetworks.com/idira/machine/application-credentials-delivery?ts=markdown)
  
  * [Vendor Privileged Access](https://www.paloaltonetworks.com/idira/human/vendor-privileged-access?ts=markdown)

* Solutions  
  ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Solutions  
  Secure AI by Design
  
  * [Secure AI Ecosystem](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown)
  * [Secure GenAI Usage](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown)  
    Network Security
  * [Cloud Network Security](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown)
  * [Data Center Security](https://www.paloaltonetworks.com/network-security/data-center?ts=markdown)
  * [DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown)
  * [Intrusion Detection and Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown)
  * [Device Security](https://www.paloaltonetworks.com/network-security/device-security?ts=markdown)
  * [OT Security](https://www.paloaltonetworks.com/network-security/ot-security-solution?ts=markdown)
  * [5G Security](https://www.paloaltonetworks.com/network-security/5g-security?ts=markdown)
  * [Secure All Apps, Users and Locations](https://www.paloaltonetworks.com/sase/secure-users-data-apps-devices?ts=markdown)
  * [Secure Branch Transformation](https://www.paloaltonetworks.com/sase/secure-branch-transformation?ts=markdown)
  * [Secure Work on Any Device](https://www.paloaltonetworks.com/sase/secure-work-on-any-device?ts=markdown)
  * [VPN Replacement](https://www.paloaltonetworks.com/sase/vpn-replacement-for-secure-remote-access?ts=markdown)
  * [Web \& Phishing Security](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown)  
    Cloud Security
  * [Application Security Posture Management (ASPM)](https://www.paloaltonetworks.com/cortex/cloud/application-security-posture-management?ts=markdown)
  * [Software Supply Chain Security](https://www.paloaltonetworks.com/cortex/cloud/software-supply-chain-security?ts=markdown)
  * [Code Security](https://www.paloaltonetworks.com/cortex/cloud/code-security?ts=markdown)
  * [Cloud Security Posture Management (CSPM)](https://www.paloaltonetworks.com/cortex/cloud/cloud-security-posture-management?ts=markdown)
  * [Cloud Infrastructure Entitlement Management (CIEM)](https://www.paloaltonetworks.com/cortex/cloud/cloud-infrastructure-entitlement-management?ts=markdown)
  * [Data Security Posture Management (DSPM)](https://www.paloaltonetworks.com/cortex/cloud/data-security-posture-management?ts=markdown)
  * [AI Security Posture Management (AI-SPM)](https://www.paloaltonetworks.com/cortex/cloud/ai-security-posture-management?ts=markdown)
  * [Cloud Detection and Response (CDR)](https://www.paloaltonetworks.com/cortex/cloud-detection-and-response?ts=markdown)
  * [Cloud Workload Protection (CWP)](https://www.paloaltonetworks.com/cortex/cloud/cloud-workload-protection?ts=markdown)
  * [Web Application \& API Security (WAAS)](https://www.paloaltonetworks.com/cortex/cloud/web-app-api-security?ts=markdown)  
    Security Operations
  * [Cloud Detection and Response (CDR)](https://www.paloaltonetworks.com/cortex/cloud-detection-and-response?ts=markdown)
  * [Security Information and Event Management](https://www.paloaltonetworks.com/cortex/modernize-siem?ts=markdown)
  * [Network Security Automation](https://www.paloaltonetworks.com/cortex/network-security-automation?ts=markdown)
  * [Incident Case Management](https://www.paloaltonetworks.com/cortex/incident-case-management?ts=markdown)
  * [SOC Automation](https://www.paloaltonetworks.com/cortex/security-operations-automation?ts=markdown)
  * [Threat Intel Management](https://www.paloaltonetworks.com/cortex/threat-intel-management?ts=markdown)
  * [Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)
  * [Attack Surface Management](https://www.paloaltonetworks.com/cortex/cortex-xpanse/attack-surface-management?ts=markdown)
  * [Compliance Management](https://www.paloaltonetworks.com/cortex/cortex-xpanse/compliance-management?ts=markdown)
  * [Internet Operations Management](https://www.paloaltonetworks.com/cortex/cortex-xpanse/internet-operations-management?ts=markdown)
  * [Extended Data Lake (XDL)](https://www.paloaltonetworks.com/cortex/cortex-xdl?ts=markdown)
  * [Agentic Assistant](https://www.paloaltonetworks.com/cortex/cortex-agentic-assistant?ts=markdown)  
    Endpoint Security
  * [Endpoint Protection](https://www.paloaltonetworks.com/cortex/endpoint-protection?ts=markdown)
  * [Extended Detection \& Response](https://www.paloaltonetworks.com/cortex/detection-and-response?ts=markdown)
  * [Ransomware Protection](https://www.paloaltonetworks.com/cortex/ransomware-protection?ts=markdown)
  * [Digital Forensics](https://www.paloaltonetworks.com/cortex/digital-forensics?ts=markdown)  
    Identity Security
  * [Human Identities](https://www.paloaltonetworks.com/idira/human?ts=markdown)
  * [Machine Identities](https://www.paloaltonetworks.com/idira/machine?ts=markdown)
  * [Agentic Identities](https://www.paloaltonetworks.com/idira/agentic?ts=markdown)  
    [Industries](https://www.paloaltonetworks.com/industry?ts=markdown)
  * [Public Sector](https://www.paloaltonetworks.com/industry/public-sector?ts=markdown)
  * [Financial Services](https://www.paloaltonetworks.com/industry/financial-services?ts=markdown)
  * [Manufacturing](https://www.paloaltonetworks.com/industry/manufacturing?ts=markdown)
  * [Healthcare](https://www.paloaltonetworks.com/industry/healthcare?ts=markdown)
  * [Small \& Medium Business Solutions](https://www.paloaltonetworks.com/industry/small-medium-business-portfolio?ts=markdown)

* Services  
  ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Services  
  [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown)
  
  * [Assess](https://www.paloaltonetworks.com/unit42/assess?ts=markdown)
  
  * [Frontier AI Defense](https://www.paloaltonetworks.com/unit42/ai-advantage?ts=markdown)
  
  * [AI Security Assessment](https://www.paloaltonetworks.com/unit42/assess/ai-security-assessment?ts=markdown)
  
  * [Attack Surface Assessment](https://www.paloaltonetworks.com/unit42/assess/attack-surface-assessment?ts=markdown)
  
  * [Breach Readiness Review](https://www.paloaltonetworks.com/unit42/assess/breach-readiness-review?ts=markdown)
  
  * [BEC Readiness Assessment](https://www.paloaltonetworks.com/bec-readiness-assessment?ts=markdown)
  
  * [Cloud Security Assessment](https://www.paloaltonetworks.com/unit42/assess/cloud-security-assessment?ts=markdown)
  
  * [Compromise Assessment](https://www.paloaltonetworks.com/unit42/assess/compromise-assessment?ts=markdown)
  
  * [Cyber Risk Assessment](https://www.paloaltonetworks.com/unit42/assess/cyber-risk-assessment?ts=markdown)
  
  * [M\&A Cyber Due Diligence](https://www.paloaltonetworks.com/unit42/assess/mergers-acquisitions-cyber-due-diligence?ts=markdown)
  
  * [Penetration Testing](https://www.paloaltonetworks.com/unit42/assess/penetration-testing?ts=markdown)
  
  * [Purple Team Exercises](https://www.paloaltonetworks.com/unit42/assess/purple-teaming?ts=markdown)
  
  * [Ransomware Readiness Assessment](https://www.paloaltonetworks.com/unit42/assess/ransomware-readiness-assessment?ts=markdown)
  
  * [SOC Assessment](https://www.paloaltonetworks.com/unit42/assess/soc-assessment?ts=markdown)
  
  * [Supply Chain Risk Assessment](https://www.paloaltonetworks.com/unit42/assess/supply-chain-risk-assessment?ts=markdown)
  
  * [Tabletop Exercises](https://www.paloaltonetworks.com/unit42/assess/tabletop-exercise?ts=markdown)
  
  * [Unit 42 Retainer](https://www.paloaltonetworks.com/unit42/retainer?ts=markdown)
  
  * [Respond](https://www.paloaltonetworks.com/unit42/respond?ts=markdown)
  
  * [Cloud Incident Response](https://www.paloaltonetworks.com/unit42/respond/cloud-incident-response?ts=markdown)
  
  * [Digital Forensics](https://www.paloaltonetworks.com/unit42/respond/digital-forensics?ts=markdown)
  
  * [Incident Response](https://www.paloaltonetworks.com/unit42/respond/incident-response?ts=markdown)
  
  * [Managed Detection and Response](https://www.paloaltonetworks.com/unit42/respond/managed-detection-response?ts=markdown)
  
  * [Managed Threat Hunting](https://www.paloaltonetworks.com/unit42/respond/managed-threat-hunting?ts=markdown)
  
  * [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown)
  
  * [Unit 42 Retainer](https://www.paloaltonetworks.com/unit42/retainer?ts=markdown)
  
  * [Transform](https://www.paloaltonetworks.com/unit42/transform?ts=markdown)
  
  * [IR Plan Development and Review](https://www.paloaltonetworks.com/unit42/transform/incident-response-plan-development-review?ts=markdown)
  
  * [Security Program Design](https://www.paloaltonetworks.com/unit42/transform/security-program-design?ts=markdown)
  
  * [Virtual CISO](https://www.paloaltonetworks.com/unit42/transform/vciso?ts=markdown)
  
  * [Zero Trust Advisory](https://www.paloaltonetworks.com/unit42/transform/zero-trust-advisory?ts=markdown)  
    [Global Customer Services](https://www.paloaltonetworks.com/services?ts=markdown)
  
  * [Education \& Training](https://www.paloaltonetworks.com/services/education?ts=markdown)
  
  * [Professional Services](https://www.paloaltonetworks.com/services/consulting?ts=markdown)
  
  * [Success Tools](https://www.paloaltonetworks.com/services/customer-success-tools?ts=markdown)
  
  * [Support Services](https://www.paloaltonetworks.com/services/solution-assurance?ts=markdown)
  
  * [Customer Success](https://www.paloaltonetworks.com/services/customer-success?ts=markdown)  
    [![](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/logo-unit-42.svg)  
    UNIT 42 RETAINER
    Custom-built to fit your organization's needs, you can choose to allocate your retainer hours to any of our offerings, including proactive cyber risk management services. Learn how you can put the world-class Unit 42 Incident Response team on speed dial.
    Learn more](https://www.paloaltonetworks.com/unit42/retainer?ts=markdown)

* Partners  
  ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Partners  
  NextWave Partners
  
  * [NextWave Partner Community](https://www.paloaltonetworks.com/partners?ts=markdown)
  * [Cloud Service Providers](https://www.paloaltonetworks.com/partners/nextwave-for-csp?ts=markdown)
  * [Global Systems Integrators](https://www.paloaltonetworks.com/partners/nextwave-for-gsi?ts=markdown)
  * [Technology Partners](https://www.paloaltonetworks.com/partners/technology-partners?ts=markdown)
  * [Service Providers](https://www.paloaltonetworks.com/partners/service-providers?ts=markdown)
  * [Solution Providers](https://www.paloaltonetworks.com/partners/nextwave-solution-providers?ts=markdown)
  * [Managed Security Service Providers](https://www.paloaltonetworks.com/partners/managed-security-service-providers?ts=markdown)  
    Take Action
  * [Portal Login](https://www.paloaltonetworks.com/partners/nextwave-partner-portal?ts=markdown)
  * [Managed Services Program](https://www.paloaltonetworks.com/partners/managed-security-services-provider-program?ts=markdown)
  * [Become a Partner](https://paloaltonetworks.my.site.com/NextWavePartnerProgram/s/partnerregistration?type=becomepartner)
  * [Request Access](https://paloaltonetworks.my.site.com/NextWavePartnerProgram/s/partnerregistration?type=requestaccess)
  * [Find a Partner](https://paloaltonetworks.my.site.com/NextWavePartnerProgram/s/partnerlocator)  
    [CYBERFORCE
    CYBERFORCE represents the top 1% of partner engineers trusted for their security expertise.
    Learn more](https://www.paloaltonetworks.com/cyberforce?ts=markdown)

* Company  
  ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Company  
  Palo Alto Networks
  
  * [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown)
  * [Management Team](https://www.paloaltonetworks.com/about-us/management?ts=markdown)
  * [Investor Relations](https://investors.paloaltonetworks.com)
  * [Locations](https://www.paloaltonetworks.com/about-us/locations?ts=markdown)
  * [Ethics \& Compliance](https://www.paloaltonetworks.com/company/ethics-and-compliance?ts=markdown)
  * [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown)
  * [Military \& Veterans](https://jobs.paloaltonetworks.com/military)  
    [Why Palo Alto Networks?](https://www.paloaltonetworks.com/why-paloaltonetworks?ts=markdown)
  * [Precision AI Security](https://www.paloaltonetworks.com/precision-ai-security?ts=markdown)
  * [Our Platform Approach](https://www.paloaltonetworks.com/why-paloaltonetworks/platformization?ts=markdown)
  * [Accelerate Your Cybersecurity Transformation](https://www.paloaltonetworks.com/why-paloaltonetworks/nam-cxo-portfolio?ts=markdown)
  * [Awards \& Recognition](https://www.paloaltonetworks.com/about-us/awards?ts=markdown)
  * [Customer Stories](https://www.paloaltonetworks.com/customers?ts=markdown)
  * [Global Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown)
  * [Trust 360 Program](https://www.paloaltonetworks.com/resources/whitepapers/trust-360?ts=markdown)  
    Careers
  * [Overview](https://jobs.paloaltonetworks.com/)
  * [Culture \& Benefits](https://jobs.paloaltonetworks.com/en/culture/)  
    [A Newsweek Most Loved Workplace
    "Businesses that do right by their employees"
    Read more](https://www.paloaltonetworks.com/company/press/2021/palo-alto-networks-secures-top-ranking-on-newsweek-s-most-loved-workplaces-list-for-2021?ts=markdown)

* More  
  ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) More  
  Resources
  
  * [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown)
  * [Unit 42 Threat Research](https://unit42.paloaltonetworks.com/)
  * [Communities](https://www.paloaltonetworks.com/communities?ts=markdown)
  * [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown)
  * [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown)
  * [Tech Insider](https://techinsider.paloaltonetworks.com/)
  * [Knowledge Base](https://knowledgebase.paloaltonetworks.com/)
  * [Palo Alto Networks TV](https://tv.paloaltonetworks.com/)
  * [Perspectives of Leaders](https://www.paloaltonetworks.com/perspectives/?ts=markdown)
  * [Cyber Perspectives Magazine](https://www.paloaltonetworks.com/cybersecurity-perspectives/cyber-perspectives-magazine?ts=markdown)
  * [Regional Cloud Locations](https://www.paloaltonetworks.com/products/regional-cloud-locations?ts=markdown)
  * [Tech Docs](https://docs.paloaltonetworks.com/)
  * [Security Posture Assessment](https://www.paloaltonetworks.com/security-posture-assessment?ts=markdown)
  * [Threat Vector Podcast](https://unit42.paloaltonetworks.com/unit-42-threat-vector-podcast/)
  * [Packet Pushers Podcasts](https://www.paloaltonetworks.com/podcasts/packet-pusher?ts=markdown)  
    Connect
  * [LIVE community](https://live.paloaltonetworks.com/)
  * [Events](https://events.paloaltonetworks.com/)
  * [Executive Briefing Center](https://www.paloaltonetworks.com/about-us/executive-briefing-program?ts=markdown)
  * [Demos](https://www.paloaltonetworks.com/demos?ts=markdown)
  * [Contact us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)  
    [Blog
    Stay up-to-date on industry trends and the latest innovations from the world's largest cybersecurity
    Learn more](https://www.paloaltonetworks.com/blog/)

* Sign In  
  ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Sign In
  
  * Customer
  * Partner
  * Employee
  * [Login to download](https://www.paloaltonetworks.com/login?ts=markdown)
  * [Join us to become a member](https://www.paloaltonetworks.com/login?screenToRender=traditionalRegistration&ts=markdown)

* EN  
  ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Language
  
  * [USA (ENGLISH)](https://www.paloaltonetworks.com)
  * [AUSTRALIA (ENGLISH)](https://www.paloaltonetworks.com.au)
  * [BRAZIL (PORTUGUÉS)](https://www.paloaltonetworks.com.br)
  * [CANADA (ENGLISH)](https://www.paloaltonetworks.ca)
  * [CHINA (简体中文)](https://www.paloaltonetworks.cn)
  * [FRANCE (FRANÇAIS)](https://www.paloaltonetworks.fr)
  * [GERMANY (DEUTSCH)](https://www.paloaltonetworks.de)
  * [INDIA (ENGLISH)](https://www.paloaltonetworks.in)
  * [ITALY (ITALIANO)](https://www.paloaltonetworks.it)
  * [JAPAN (日本語)](https://www.paloaltonetworks.jp)
  * [KOREA (한국어)](https://www.paloaltonetworks.co.kr)
  * [LATIN AMERICA (ESPAÑOL)](https://www.paloaltonetworks.lat)
  * [MEXICO (ESPAÑOL)](https://www.paloaltonetworks.com.mx)
  * [SINGAPORE (ENGLISH)](https://www.paloaltonetworks.sg)
  * [SPAIN (ESPAÑOL)](https://www.paloaltonetworks.es)
  * [TAIWAN (繁體中文)](https://www.paloaltonetworks.tw)
  * [UK (ENGLISH)](https://www.paloaltonetworks.co.uk)

* [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)

* [What's New](https://www.paloaltonetworks.com/resources?ts=markdown)

* [Get support](https://support.paloaltonetworks.com/SupportAccount/MyAccount)

* [Under Attack?](https://start.paloaltonetworks.com/contact-unit42.html)

* [Demos and Trials](https://www.paloaltonetworks.com/get-started?ts=markdown)  
  Search  
  All

* [Tech Docs](https://docs.paloaltonetworks.com/search)  
  Close search modal
  [Introducing Idira, the next-generation identity security platform.](https://www.paloaltonetworks.com/idira?ts=markdown)  
  [](https://www.paloaltonetworks.com/?ts=markdown)

1. [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown)
2. [Generative AI Security](https://www.paloaltonetworks.com/cyberpedia/what-is-generative-ai-security?ts=markdown)
3. [Frontier AI Security Checklist](https://www.paloaltonetworks.com/cyberpedia/frontier-ai-security-checklist?ts=markdown)  
   Table of Contents

* [What Is Generative AI Security? \[Explanation/Starter Guide\]](https://www.paloaltonetworks.com/cyberpedia/what-is-generative-ai-security?ts=markdown)
  * [Why is GenAI security important?](https://www.paloaltonetworks.com/cyberpedia/what-is-generative-ai-security#why-is-genai-security-important?ts=markdown)
  * [How does GenAI security work?](https://www.paloaltonetworks.com/cyberpedia/what-is-generative-ai-security#how-does-genai-security-work?ts=markdown)
  * [What are the different types of GenAI security?](https://www.paloaltonetworks.com/cyberpedia/what-is-generative-ai-security#different-types-of-genai?ts=markdown)
  * [What are the main GenAI security risks and threats?](https://www.paloaltonetworks.com/cyberpedia/what-is-generative-ai-security#gen-ai-risks?ts=markdown)
  * [How to secure GenAI in 5 steps](https://www.paloaltonetworks.com/cyberpedia/what-is-generative-ai-security#gen-ai-5-steps?ts=markdown)
  * [Top 12 GenAI security best practices](https://www.paloaltonetworks.com/cyberpedia/what-is-generative-ai-security#gen-ai-best-practices?ts=markdown)
  * [GenAI security FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-generative-ai-security#gen-ai-security-faqs?ts=markdown)
* Frontier AI Security Checklist
  * [Inventory](https://www.paloaltonetworks.com/cyberpedia/frontier-ai-security-checklist#inventory?ts=markdown)
  * [Data](https://www.paloaltonetworks.com/cyberpedia/frontier-ai-security-checklist#data?ts=markdown)
  * [Identity](https://www.paloaltonetworks.com/cyberpedia/frontier-ai-security-checklist#identity?ts=markdown)
  * [Actions](https://www.paloaltonetworks.com/cyberpedia/frontier-ai-security-checklist#actions?ts=markdown)
  * [Monitoring](https://www.paloaltonetworks.com/cyberpedia/frontier-ai-security-checklist#monitoring?ts=markdown)
  * [Evaluation](https://www.paloaltonetworks.com/cyberpedia/frontier-ai-security-checklist#evaluation?ts=markdown)
  * [Governance](https://www.paloaltonetworks.com/cyberpedia/frontier-ai-security-checklist#governance?ts=markdown)
  * [Frontier AI Security Checklist FAQs](https://www.paloaltonetworks.com/cyberpedia/frontier-ai-security-checklist#faqs?ts=markdown)
* [Frontier Security Implementation Roadmap](https://www.paloaltonetworks.com/cyberpedia/frontier-ai-security-implementation-roadmap?ts=markdown)
  * [Do You Need a Frontier AI Security Implementation Roadmap?](https://www.paloaltonetworks.com/cyberpedia/frontier-ai-security-implementation-roadmap#roadmap?ts=markdown)
  * [First 30 Days: Establish Visibility and Stop Uncontrolled Action](https://www.paloaltonetworks.com/cyberpedia/frontier-ai-security-implementation-roadmap#action?ts=markdown)
  * [Days 31 to 90: Convert Discovery Into Controls](https://www.paloaltonetworks.com/cyberpedia/frontier-ai-security-implementation-roadmap#controls?ts=markdown)
  * [Months 4 to 12: Mature AI Security into an Operating Capability](https://www.paloaltonetworks.com/cyberpedia/frontier-ai-security-implementation-roadmap#capability?ts=markdown)
  * [Frontier AI Security Implementation Roadmap FAQs](https://www.paloaltonetworks.com/cyberpedia/frontier-ai-security-implementation-roadmap#faqs?ts=markdown)
* [What Is Frontier AI Security?](https://www.paloaltonetworks.com/cyberpedia/what-is-frontier-ai-security?ts=markdown)
  * [Why Frontier AI Security Now](https://www.paloaltonetworks.com/cyberpedia/what-is-frontier-ai-security#why?ts=markdown)
  * [How Frontier Models Work](https://www.paloaltonetworks.com/cyberpedia/what-is-frontier-ai-security#how?ts=markdown)
  * [Why Architecture Matters for Security](https://www.paloaltonetworks.com/cyberpedia/what-is-frontier-ai-security#security?ts=markdown)
  * [Frontier AI Threat Model](https://www.paloaltonetworks.com/cyberpedia/what-is-frontier-ai-security#frontier?ts=markdown)
  * [Core Security Challenges](https://www.paloaltonetworks.com/cyberpedia/what-is-frontier-ai-security#core?ts=markdown)
  * [Frontier AI Security Controls](https://www.paloaltonetworks.com/cyberpedia/what-is-frontier-ai-security#controls?ts=markdown)
  * [Evaluation, Red Teaming, and Assurance](https://www.paloaltonetworks.com/cyberpedia/what-is-frontier-ai-security#evaluation?ts=markdown)
  * [Governance and Operating Model](https://www.paloaltonetworks.com/cyberpedia/what-is-frontier-ai-security#governance?ts=markdown)
  * [Third-Party AI Risk](https://www.paloaltonetworks.com/cyberpedia/what-is-frontier-ai-security#risk?ts=markdown)
  * [Metrics for Frontier AI Security](https://www.paloaltonetworks.com/cyberpedia/what-is-frontier-ai-security#metrics?ts=markdown)
  * [Frontier AI Security FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-frontier-ai-security#faqs?ts=markdown)
* [What Is Frontier AI?](https://www.paloaltonetworks.com/cyberpedia/what-is-frontier-ai?ts=markdown)
  * [Frontier AI Explained](https://www.paloaltonetworks.com/cyberpedia/what-is-frontier-ai#explained?ts=markdown)
  * [How Do Frontier Models Work?](https://www.paloaltonetworks.com/cyberpedia/what-is-frontier-ai#how?ts=markdown)
  * [Applications and Use Cases of Frontier Models](https://www.paloaltonetworks.com/cyberpedia/what-is-frontier-ai#models?ts=markdown)
  * [What Are the Benefits of Frontier Models?](https://www.paloaltonetworks.com/cyberpedia/what-is-frontier-ai#what?ts=markdown)
  * [Challenges with Frontier AI](https://www.paloaltonetworks.com/cyberpedia/what-is-frontier-ai#challenges?ts=markdown)
* [Frontier AI FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-frontier-ai#faqs?ts=markdown)

# Frontier AI Security Checklist

4 min. read  
Table of Contents

* * [Inventory](https://www.paloaltonetworks.com/cyberpedia/frontier-ai-security-checklist#inventory?ts=markdown)
  * [Data](https://www.paloaltonetworks.com/cyberpedia/frontier-ai-security-checklist#data?ts=markdown)
  * [Identity](https://www.paloaltonetworks.com/cyberpedia/frontier-ai-security-checklist#identity?ts=markdown)
  * [Actions](https://www.paloaltonetworks.com/cyberpedia/frontier-ai-security-checklist#actions?ts=markdown)
  * [Monitoring](https://www.paloaltonetworks.com/cyberpedia/frontier-ai-security-checklist#monitoring?ts=markdown)
  * [Evaluation](https://www.paloaltonetworks.com/cyberpedia/frontier-ai-security-checklist#evaluation?ts=markdown)
  * [Governance](https://www.paloaltonetworks.com/cyberpedia/frontier-ai-security-checklist#governance?ts=markdown)
* [Frontier AI Security Checklist FAQs](https://www.paloaltonetworks.com/cyberpedia/frontier-ai-security-checklist#faqs?ts=markdown)

1. Inventory

* * [Inventory](https://www.paloaltonetworks.com/cyberpedia/frontier-ai-security-checklist#inventory?ts=markdown)
  * [Data](https://www.paloaltonetworks.com/cyberpedia/frontier-ai-security-checklist#data?ts=markdown)
  * [Identity](https://www.paloaltonetworks.com/cyberpedia/frontier-ai-security-checklist#identity?ts=markdown)
  * [Actions](https://www.paloaltonetworks.com/cyberpedia/frontier-ai-security-checklist#actions?ts=markdown)
  * [Monitoring](https://www.paloaltonetworks.com/cyberpedia/frontier-ai-security-checklist#monitoring?ts=markdown)
  * [Evaluation](https://www.paloaltonetworks.com/cyberpedia/frontier-ai-security-checklist#evaluation?ts=markdown)
  * [Governance](https://www.paloaltonetworks.com/cyberpedia/frontier-ai-security-checklist#governance?ts=markdown)
* [Frontier AI Security Checklist FAQs](https://www.paloaltonetworks.com/cyberpedia/frontier-ai-security-checklist#faqs?ts=markdown)

A [frontier AI security](/content/pan/en_us/cyberpedia/what-is-frontier-ai-security) checklist helps practitioners confirm whether each AI system is visible, governed, monitored, and containable. Use it during architecture review, vendor review, predeployment approval, red-team planning, and quarterly control validation.

## Inventory

Unknown AI use creates unmanaged risk before a single prompt runs. A strong inventory should reveal the business process, owner, trust boundary, data path, and operational dependency behind each AI system.

* **Models**: Document every approved, embedded, and externally accessed model, including provider, version, owner, business purpose, hosting model, and risk tier.
* **Agents**: Identify every agentic workflow, including what goal it serves, which tools it can call, which identity it uses, and which actions it can execute.
* **Copilots**: Record enterprise copilots across productivity suites, developer platforms, CRM, ITSM, security tools, HR systems, finance systems, and customer support.
* **APIs**: Inventory model-access APIs, API keys, model gateways, orchestration services, and applications that send data to external AI services.
* **Vector stores**: Track vector databases, retrieval indexes, embedding models, source corpora, data owners, access controls, and retention rules.
* **Plugins and connectors**: List SaaS connectors, browser extensions, plugins, tool integrations, OAuth grants, and service accounts connected to AI workflows.
* **SaaS AI features**: Review AI features introduced through vendor updates, especially summarization, semantic search, autonomous routing, assistant interfaces, and agent builders.

## Data

Frontier AI changes data protection because information can move through prompts, embeddings, retrieval layers, memory, logs, and generated responses in the same workflow. Security teams need to protect data as it enters context, persists in supporting systems, and reappears in outputs.

* **Prompts**: Define which data classes users may include in prompts, uploads, pasted content, screenshots, code snippets, and task instructions.
* **Uploads**: Scan files for regulated data, credentials, customer records, proprietary code, confidential documents, hidden instructions, and malicious content.
* **Embeddings**: Protect embeddings with encryption, access control, retention limits, tenant isolation, and ownership records.
* **Logs**: Configure AI logs to support investigation without retaining unnecessary sensitive data.
* **Memory**: Govern persistent memory with visibility, deletion paths, administrative policy, and limits on sensitive data retention.
* **Retrieval stores**: Enforce entitlement-aware retrieval at query time, not only during indexing.
* **Outputs**: Inspect generated text, code, summaries, recommendations, and tool instructions for leakage, unsafe guidance, and unsupported claims.

## Identity

[AI security](/content/pan/en_us/cyberpedia/ai-security) fails when conversational interfaces obscure who holds authority. Every AI-enabled workflow needs clear separation between user access, machine access, agent access, and inherited connector permissions.

* **Human users**: Apply role-based access, step-up authentication, approved-use policies, and logging for users of high-risk AI systems.
* **Service accounts**: Replace shared or persistent credentials with scoped, time-bound identities wherever possible.
* **Agent credentials**: Give agents the narrowest authority needed for the task, with separate identities from the human user.
* **Connector permissions**: Review OAuth scopes, SaaS grants, cloud roles, repository access, ticketing privileges, and email or file access.
* **Revocation paths**: Maintain a tested process to revoke AI-connected credentials, keys, tokens, and grants quickly.
* Privilege drift: Monitor agent and connector permissions for expansion after product updates, workflow changes, or role changes.

**Related Article** : [Implementing Frontier AI Security: A Roadmap](/content/pan/en_us/cyberpedia/frontier-ai-security-implementation-roadmap)

## Actions

The moment AI can act, security must govern consequence rather than interface. A harmless-looking request can become a production change, customer communication, code commit, or privileged workflow step if tool access lacks constraint.

* **Tool calls**: Define which tools each model or agent may call, what inputs each tool accepts, and what data each tool can return.
* **Approval gates**: Require explicit approval for production changes, code commits, customer communications, financial activity, privileged identity changes, and security control modifications.
* **Rollback**: Test rollback for every high-impact AI-driven action before deployment.
* **Rate limits**: Apply rate limits to tool calls, retrieval queries, API requests, external messages, code submissions, and automated workflow execution.
* **Dry-run modes**: Use dry-run mode for cloud changes, policy updates, code modifications, ticket closures, and other state-changing actions.
* **High-impact workflows**: Route regulated, customer-facing, financial, production, and critical-infrastructure workflows through stronger review.

## Monitoring

AI activity needs [observability](/content/pan/en_us/cyberpedia/observability-in-ai-models) that captures intent, context, execution, and downstream effect. Without that evidence, teams can't distinguish safe assistance from prompt abuse, data exposure, unauthorized retrieval, or agentic misuse.

* **Prompts** : Monitor prompts for sensitive data, jailbreak attempts, [prompt injection](/content/pan/en_us/cyberpedia/what-is-a-prompt-injection-attack), policy bypass attempts, and unusual task patterns.
* **Outputs**: Inspect completions for data exposure, unsafe code, hallucinated evidence, policy violations, and harmful instructions.
* **Refusals**: Track refusal rates and repeated attempts to bypass refusals through prompt variation.
* **Retrieval events**: Log retrieved sources, query patterns, index access, sensitive repository use, stale-source use, and permission failures.
* **Tool calls** : Correlate tool-call telemetry with cloud, [SaaS](/content/pan/en_us/cyberpedia/what-is-saas), [endpoint](/content/pan/en_us/cyberpedia/what-is-an-endpoint), identity, API, source-code, and ticketing events.
* **Model changes**: Track model versions, system prompt changes, routing changes, tool-schema updates, connector changes, and safety-layer updates.
* **SOC integration** : Feed AI telemetry into [SIEM](/content/pan/en_us/cyberpedia/what-is-siem), [SOAR](/content/pan/en_us/cyberpedia/what-is-soar), [XDR](/content/pan/en_us/cyberpedia/what-is-extended-detection-response-XDR), [CNAPP](/content/pan/en_us/cyberpedia/what-is-a-cloud-native-application-protection-platform), identity monitoring, SaaS audit monitoring, and [data security](/content/pan/en_us/cyberpedia/what-is-data-security) workflows.

## Evaluation

Frontier AI testing should prove how the system behaves under pressure. Evaluations need to exercise adversarial inputs, ambiguous instructions, permission boundaries, tool misuse, and model-update regressions.

* **Prompt injection**: Test direct and indirect injection through prompts, documents, web pages, tickets, emails, code comments, images, and tool results.
* **Data leakage**: Test whether the system exposes secrets, regulated data, customer records, proprietary code, hidden system prompts, or unauthorized documents.
* **Excessive agency**: Test whether agents can take actions beyond their approved authority, especially through broad credentials or ambiguous tool permissions.
* **Jailbreaks**: Maintain a regression suite of known jailbreaks, refusal bypasses, and policy evasion attempts.
* **Cyber misuse** : Evaluate whether the system assists [phishing](/content/pan/en_us/cyberpedia/what-is-phishing), [malware](/content/pan/en_us/cyberpedia/what-is-malware) development, exploit generation, credential theft, evasion, or unauthorized persistence.
* **Retrieval poisoning**: Test whether untrusted, stale, or manipulated documents can alter model behavior or produce unsafe recommendations.
* **Regression**: Rerun evaluations after model updates, prompt changes, retrieval changes, tool-schema changes, and connector-permission changes.

## Governance

Frontier AI requires durable accountability because models, providers, use cases, and controls will keep changing. Governance should define who owns the risk, who can approve exceptions, what evidence must exist, and how unresolved exposure reaches leadership.

* **Ownership**: Assign every AI system a business owner, technical owner, security owner, data owner, and risk tier.
* **Policy**: Define acceptable use, approved providers, prohibited data, retention requirements, logging rules, tool permissions, and agent authority.
* **Exceptions**: Require documented justification, compensating controls, monitoring, expiration dates, and approval authority for exceptions.
* **Vendor risk**: Review provider training use, retention, isolation, subprocessors, model updates, logging, breach reporting, audit rights, and termination support.
* **Auditability**: Preserve model version, system prompt version, retrieved sources, tool calls, approvals, outputs, and downstream actions.
* **Board reporting** : Report AI asset coverage, high-risk systems, unresolved exposure, sensitive data events, prompt injection attempts, blocked tool calls, [red-team](/content/pan/en_us/cyberpedia/what-is-ai-red-teaming) findings, vendor concentration, and time to revoke compromised agent credentials.

## Frontier AI Security Checklist FAQs

### What's the first thing security teams should inventory?

Start with AI systems that can touch sensitive data or take action. Prioritize agents, copilots connected to enterprise repositories, SaaS AI features with broad data access, model APIs, vector stores, and AI tools with OAuth grants or service accounts.

### How is an AI asset inventory different from a software inventory?

An AI inventory must track behavior and authority, not only ownership and deployment location. It should capture model version, provider, retrieval sources, prompt templates, memory settings, tool permissions, agent credentials, logging status, evaluation results, and downstream workflows.

### Why do vector stores and embeddings belong in the checklist?

Vector stores can preserve sensitive meaning from enterprise documents, code, tickets, chats, and customer records. Weak access control can let a model retrieve information the user couldn't open directly, which makes retrieval governance a core data security control.

### What makes agent credentials different from normal service accounts?

Agent credentials can combine automation with probabilistic decision-making. An agent may choose when to use a credential, which tool to invoke, and what sequence of actions to attempt. Scoped, time-bound credentials reduce the blast radius when the agent misinterprets a task, follows injected instructions, or runs outside its approved boundary.

### Which AI actions should require human approval?

Require approval for production changes, code commits, customer-facing communications, financial actions, privileged identity changes, security control modifications, regulated decisions, mass data exports, and any workflow that could materially affect customers, revenue, compliance, or operational resilience.

### What should teams monitor beyond prompts and outputs?

Monitor retrieval events, tool calls, model refusals, memory writes, approval events, blocked actions, model-version changes, connector activity, agent plans, and downstream changes in SaaS, cloud, code repositories, ticketing systems, and data platforms.

### Why do refusals matter as a security signal?

Repeated refusals followed by prompt variation can indicate jailbreak attempts, data-exfiltration attempts, reconnaissance, or policy probing. Refusal patterns also help teams identify gaps in user education, workflow design, and prompt-injection defenses.

### How often should frontier AI systems be evaluated?

Evaluate before deployment, after every material change, and whenever monitoring reveals new misuse patterns. Material changes include model updates, system prompt changes, retrieval corpus changes, tool-schema updates, connector-permission changes, policy changes, and workflow expansion.

### What's the difference between red teaming and routine evaluation?

Routine evaluation tests defined requirements against expected failure modes. Red teaming uses authorized adversarial methods to break assumptions across prompts, retrieval, tools, agents, connectors, model APIs, approval workflows, and human trust.

### What should a prompt injection test include?

Test direct prompts and indirect inputs from documents, web pages, tickets, emails, code comments, images, retrieved content, and tool results. Strong tests check whether untrusted content can override privileged instructions, trigger unsafe tool calls, reveal secrets, or manipulate human approval.

### What does entitlement-aware retrieval mean?

Entitlement-aware retrieval means the AI system retrieves only content the requesting user, agent, or workflow may access at query time. Index-time filtering isn't enough because permissions, customer boundaries, legal holds, and regional restrictions change.

### How should teams handle embedded AI features in SaaS tools?

Treat embedded AI as a material product change. Review data access, retention, training use, logging, subprocessors, connector permissions, auditability, model-change notification, and disablement options before allowing the feature to process enterprise data.

### What's the most important metric for the checklist?

No single metric suffices. Track governed coverage first: the percentage of AI systems inventoried, risk-tiered, owner-assigned, monitored, and evaluated. Without governed coverage, other metrics may describe only the AI systems the security team already knows about.

### What evidence should an audit trail preserve?

Preserve user identity, agent identity, model version, system prompt version, retrieved sources, tool calls, approvals, policy decisions, outputs, blocked actions, and downstream changes. High-risk workflows should also preserve source snapshots and rollback records.

### How should boards read checklist results?

Boards should look for control coverage and unresolved exposure, not AI adoption volume. Reporting should show high-risk AI systems, sensitive data events, agentic actions by class, blocked tool calls, evaluation failures, vendor concentration, incident trends, and time to revoke compromised agent credentials.
Related Content  
[State of Cloud Security Report
Get the full picture of how cloud risk is evolving. Download the State of Cloud Security Report 2025 to benchmark your strategy and act on what matters most.](https://www.paloaltonetworks.com/state-of-cloud-native-security?ts=markdown)  
[Frontier AI and the Future of Defense: Your Top Questions Answered
What are the next steps for security leaders in this new age of frontier AI? We answer the top 10 questions customers are asking.](https://unit42.paloaltonetworks.com/frontier-ai-top-questions-answered/)  
[The AI Ecosystem Edge --- Introducing Our Frontier AI Alliance
Frontier AI accelerates cyberattacks. Learn how Palo Alto Networks and the Frontier AI Alliance deliver an industry-standard, unified defense for enterprise AI resilience.](https://www.paloaltonetworks.com/blog/2026/04/ai-ecosystem-edge-introducing-frontier-ai-alliance/?ts=markdown)  
[Defender's Guide to Frontier AI: A Checklist for CISOs
Advanced AI models with deep adversarial capabilities will soon become commonplace. Learn how to close your security gaps in this phased approach.](https://www.paloaltonetworks.com/resources/datasheets/defenders-guide-to-frontier-ai-checklist-for-cisos?ts=markdown)  
![Share page on facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/resources/facebook-circular-icon.svg) ![Share page on linkedin](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/resources/linkedin-circular-icon.svg) [![Share page by an email](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/resources/email-circular-icon.svg)](mailto:?subject=Frontier%20AI%20Security%20Checklist&body=Frontier%20AI%20security%20checklist%20helps%20teams%20inventory%2C%20govern%2C%20and%20monitor%20AI%20systems%2C%20identities%2C%20data%20flows%2C%20and%20actions%20to%20reduce%20risk%20and%20maintain%20control%20at%20scale.%20at%20https%3A//www.paloaltonetworks.com/cyberpedia/frontier-ai-security-checklist)  
Back to Top  
[Previous](https://www.paloaltonetworks.com/cyberpedia/what-is-generative-ai-security?ts=markdown) What Is Generative AI Security? \[Explanation/Starter Guide\]  
[Next](https://www.paloaltonetworks.com/cyberpedia/frontier-ai-security-implementation-roadmap?ts=markdown) Frontier Security Implementation Roadmap  
{#footer} Products and Services

* [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown)

* [Secure AI by Design](https://www.paloaltonetworks.com/ai-security?ts=markdown)

* [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown)

* [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown)

* [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown)

* [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown)

* [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown)

* [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown)

* [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown)

* [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown)

* [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown)

* [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown)

* [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown)

* [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown)

* [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown)

* [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown)

* [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown)

* [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown)

* [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown)

* [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown)

* [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown)

* [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown)

* [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown)

* [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown)

* [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown)

* [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown)

* [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown)

* [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown)

* [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown)

* [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown)

* [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)

* [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown)

* [Next-Generation Identity Security](https://www.paloaltonetworks.com/idira?ts=markdown)

* [Privileged Access Management](https://www.paloaltonetworks.com/idira/human/privileged-access-management?ts=markdown)

* [Identity and Access Management](https://www.paloaltonetworks.com/idira/human/identity-and-access-management?ts=markdown)

* [Endpoint Privilege Manager](https://www.paloaltonetworks.com/idira/human/endpoint-privilege-manager?ts=markdown)

* [Identity Governance](https://www.paloaltonetworks.com/idira/human/identity-governance?ts=markdown)

* [Workforce Password Management](https://www.paloaltonetworks.com/idira/human/workforce-password-management?ts=markdown)

* [Agentic Identities](https://www.paloaltonetworks.com/idira/agentic?ts=markdown)

* [Secrets Management](https://www.paloaltonetworks.com/idira/machine/secrets-management?ts=markdown)

* [Unified Secrets Governance](https://www.paloaltonetworks.com/idira/machine/unified-secrets-governance?ts=markdown)

* [Application Credentials Delivery](https://www.paloaltonetworks.com/idira/machine/application-credentials-delivery?ts=markdown)

* [Vendor Privileged Access](https://www.paloaltonetworks.com/idira/human/vendor-privileged-access?ts=markdown)

* [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown)

* [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown)

* [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown)

* [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown)

* [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown)  
  Company

* [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown)

* [Careers](https://jobs.paloaltonetworks.com/en/)

* [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)

* [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown)

* [Customers](https://www.paloaltonetworks.com/customers?ts=markdown)

* [Investor Relations](https://investors.paloaltonetworks.com/)

* [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown)

* [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown)  
  Popular Links

* [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown)

* [Communities](https://www.paloaltonetworks.com/communities?ts=markdown)

* [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown)

* [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown)

* [Event Center](https://events.paloaltonetworks.com/)

* [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center)

* [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown)

* [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown)

* [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown)

* [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown)

* [Tech Docs](https://docs.paloaltonetworks.com/)

* [Unit 42](https://unit42.paloaltonetworks.com/)

* [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd)
  ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)

* [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown)

* [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown)

* [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown)

* [Documents](https://www.paloaltonetworks.com/legal?ts=markdown)

Copyright © 2026 Palo Alto Networks. All Rights Reserved

* [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks)
* [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown)
* [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/)
* [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks)
* [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks)
* EN  
  Select your language