[](https://www.paloaltonetworks.com/?ts=markdown) * Sign In * Customer * Partner * Employee * [Login to download](https://www.paloaltonetworks.com/login?ts=markdown) * [Join us to become a member](https://www.paloaltonetworks.com/login?screenToRender=traditionalRegistration&ts=markdown) * EN * [USA (ENGLISH)](https://www.paloaltonetworks.com) * [AUSTRALIA (ENGLISH)](https://www.paloaltonetworks.com.au) * [BRAZIL (PORTUGUÉS)](https://www.paloaltonetworks.com.br) * [CANADA (ENGLISH)](https://www.paloaltonetworks.ca) * [CHINA (简体中文)](https://www.paloaltonetworks.cn) * [FRANCE (FRANÇAIS)](https://www.paloaltonetworks.fr) * [GERMANY (DEUTSCH)](https://www.paloaltonetworks.de) * [INDIA (ENGLISH)](https://www.paloaltonetworks.in) * [ITALY (ITALIANO)](https://www.paloaltonetworks.it) * [JAPAN (日本語)](https://www.paloaltonetworks.jp) * [KOREA (한국어)](https://www.paloaltonetworks.co.kr) * [LATIN AMERICA (ESPAÑOL)](https://www.paloaltonetworks.lat) * [MEXICO (ESPAÑOL)](https://www.paloaltonetworks.com.mx) * [SINGAPORE (ENGLISH)](https://www.paloaltonetworks.sg) * [SPAIN (ESPAÑOL)](https://www.paloaltonetworks.es) * [TAIWAN (繁體中文)](https://www.paloaltonetworks.tw) * [UK (ENGLISH)](https://www.paloaltonetworks.co.uk) * ![magnifying glass search icon to open search field](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/search-black.svg) * [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown) * [What's New](https://www.paloaltonetworks.com/resources?ts=markdown) * [Get Support](https://support.paloaltonetworks.com/SupportAccount/MyAccount) * [Under Attack?](https://start.paloaltonetworks.com/contact-unit42.html) ![x close icon to close mobile navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/x-black.svg) [![Palo Alto Networks logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)](https://www.paloaltonetworks.com/?ts=markdown) ![magnifying glass search icon to open search field](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/search-black.svg) * [](https://www.paloaltonetworks.com/?ts=markdown) * Products ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Products [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown) * [AI Security](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown) * [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown) * [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown) * [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown) * [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown) * [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown) * [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown) * [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown) * [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Enterprise Device Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown) * [Medical Device Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [OT Device Security](https://www.paloaltonetworks.com/network-security/ot-device-security?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) * [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown) * [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown) * [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown) * [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown) * [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown) * [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown) * [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown) * [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown) * [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown) * [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown) * [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown) * [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown) * [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown) * [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown) * [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown) * [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown) * [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown) * [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown) * [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown) * [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown) * [Cortex AgentiX](https://www.paloaltonetworks.com/cortex/agentix?ts=markdown) * [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown) * [Cortex Exposure Management](https://www.paloaltonetworks.com/cortex/exposure-management?ts=markdown) * [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown) * [Cortex Advanced Email Security](https://www.paloaltonetworks.com/cortex/advanced-email-security?ts=markdown) * [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown) * [Unit 42 Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown) * Solutions ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Solutions Secure AI by Design * [Secure AI Ecosystem](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown) * [Secure GenAI Usage](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown) Network Security * [Cloud Network Security](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown) * [Data Center Security](https://www.paloaltonetworks.com/network-security/data-center?ts=markdown) * [DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown) * [Intrusion Detection and Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown) * [Device Security](https://www.paloaltonetworks.com/network-security/device-security?ts=markdown) * [OT Security](https://www.paloaltonetworks.com/network-security/ot-device-security?ts=markdown) * [5G Security](https://www.paloaltonetworks.com/network-security/5g-security?ts=markdown) * [Secure All Apps, Users and Locations](https://www.paloaltonetworks.com/sase/secure-users-data-apps-devices?ts=markdown) * [Secure Branch Transformation](https://www.paloaltonetworks.com/sase/secure-branch-transformation?ts=markdown) * [Secure Work on Any Device](https://www.paloaltonetworks.com/sase/secure-work-on-any-device?ts=markdown) * [VPN Replacement](https://www.paloaltonetworks.com/sase/vpn-replacement-for-secure-remote-access?ts=markdown) * [Web \& Phishing Security](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown) Cloud Security * [Application Security Posture Management (ASPM)](https://www.paloaltonetworks.com/cortex/cloud/application-security-posture-management?ts=markdown) * [Software Supply Chain Security](https://www.paloaltonetworks.com/cortex/cloud/software-supply-chain-security?ts=markdown) * [Code Security](https://www.paloaltonetworks.com/cortex/cloud/code-security?ts=markdown) * [Cloud Security Posture Management (CSPM)](https://www.paloaltonetworks.com/cortex/cloud/cloud-security-posture-management?ts=markdown) * [Cloud Infrastructure Entitlement Management (CIEM)](https://www.paloaltonetworks.com/cortex/cloud/cloud-infrastructure-entitlement-management?ts=markdown) * [Data Security Posture Management (DSPM)](https://www.paloaltonetworks.com/cortex/cloud/data-security-posture-management?ts=markdown) * [AI Security Posture Management (AI-SPM)](https://www.paloaltonetworks.com/cortex/cloud/ai-security-posture-management?ts=markdown) * [Cloud Detection \& Response](https://www.paloaltonetworks.com/cortex/cloud-detection-and-response?ts=markdown) * [Cloud Workload Protection (CWP)](https://www.paloaltonetworks.com/cortex/cloud/cloud-workload-protection?ts=markdown) * [Web Application \& API Security (WAAS)](https://www.paloaltonetworks.com/cortex/cloud/web-app-api-security?ts=markdown) Security Operations * [Cloud Detection \& Response](https://www.paloaltonetworks.com/cortex/cloud-detection-and-response?ts=markdown) * [Security Information and Event Management](https://www.paloaltonetworks.com/cortex/modernize-siem?ts=markdown) * [Network Security Automation](https://www.paloaltonetworks.com/cortex/network-security-automation?ts=markdown) * [Incident Case Management](https://www.paloaltonetworks.com/cortex/incident-case-management?ts=markdown) * [SOC Automation](https://www.paloaltonetworks.com/cortex/security-operations-automation?ts=markdown) * [Threat Intel Management](https://www.paloaltonetworks.com/cortex/threat-intel-management?ts=markdown) * [Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown) * [Attack Surface Management](https://www.paloaltonetworks.com/cortex/cortex-xpanse/attack-surface-management?ts=markdown) * [Compliance Management](https://www.paloaltonetworks.com/cortex/cortex-xpanse/compliance-management?ts=markdown) * [Internet Operations Management](https://www.paloaltonetworks.com/cortex/cortex-xpanse/internet-operations-management?ts=markdown) * [Extended Data Lake (XDL)](https://www.paloaltonetworks.com/cortex/cortex-xdl?ts=markdown) * [Agentic Assistant](https://www.paloaltonetworks.com/cortex/cortex-agentic-assistant?ts=markdown) Endpoint Security * [Endpoint Protection](https://www.paloaltonetworks.com/cortex/endpoint-protection?ts=markdown) * [Extended Detection \& Response](https://www.paloaltonetworks.com/cortex/detection-and-response?ts=markdown) * [Ransomware Protection](https://www.paloaltonetworks.com/cortex/ransomware-protection?ts=markdown) * [Digital Forensics](https://www.paloaltonetworks.com/cortex/digital-forensics?ts=markdown) [Industries](https://www.paloaltonetworks.com/industry?ts=markdown) * [Public Sector](https://www.paloaltonetworks.com/industry/public-sector?ts=markdown) * [Financial Services](https://www.paloaltonetworks.com/industry/financial-services?ts=markdown) * [Manufacturing](https://www.paloaltonetworks.com/industry/manufacturing?ts=markdown) * [Healthcare](https://www.paloaltonetworks.com/industry/healthcare?ts=markdown) * [Small \& Medium Business Solutions](https://www.paloaltonetworks.com/industry/small-medium-business-portfolio?ts=markdown) * Services ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Services [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown) * [Assess](https://www.paloaltonetworks.com/unit42/assess?ts=markdown) * [AI Security Assessment](https://www.paloaltonetworks.com/unit42/assess/ai-security-assessment?ts=markdown) * [Attack Surface Assessment](https://www.paloaltonetworks.com/unit42/assess/attack-surface-assessment?ts=markdown) * [Breach Readiness Review](https://www.paloaltonetworks.com/unit42/assess/breach-readiness-review?ts=markdown) * [BEC Readiness Assessment](https://www.paloaltonetworks.com/bec-readiness-assessment?ts=markdown) * [Cloud Security Assessment](https://www.paloaltonetworks.com/unit42/assess/cloud-security-assessment?ts=markdown) * [Compromise Assessment](https://www.paloaltonetworks.com/unit42/assess/compromise-assessment?ts=markdown) * [Cyber Risk Assessment](https://www.paloaltonetworks.com/unit42/assess/cyber-risk-assessment?ts=markdown) * [M\&A Cyber Due Diligence](https://www.paloaltonetworks.com/unit42/assess/mergers-acquisitions-cyber-due-diligence?ts=markdown) * [Penetration Testing](https://www.paloaltonetworks.com/unit42/assess/penetration-testing?ts=markdown) * [Purple Team Exercises](https://www.paloaltonetworks.com/unit42/assess/purple-teaming?ts=markdown) * [Ransomware Readiness Assessment](https://www.paloaltonetworks.com/unit42/assess/ransomware-readiness-assessment?ts=markdown) * [SOC Assessment](https://www.paloaltonetworks.com/unit42/assess/soc-assessment?ts=markdown) * [Supply Chain Risk Assessment](https://www.paloaltonetworks.com/unit42/assess/supply-chain-risk-assessment?ts=markdown) * [Tabletop Exercises](https://www.paloaltonetworks.com/unit42/assess/tabletop-exercise?ts=markdown) * [Unit 42 Retainer](https://www.paloaltonetworks.com/unit42/retainer?ts=markdown) * [Respond](https://www.paloaltonetworks.com/unit42/respond?ts=markdown) * [Cloud Incident Response](https://www.paloaltonetworks.com/unit42/respond/cloud-incident-response?ts=markdown) * [Digital Forensics](https://www.paloaltonetworks.com/unit42/respond/digital-forensics?ts=markdown) * [Incident Response](https://www.paloaltonetworks.com/unit42/respond/incident-response?ts=markdown) * [Managed Detection and Response](https://www.paloaltonetworks.com/unit42/respond/managed-detection-response?ts=markdown) * [Managed Threat Hunting](https://www.paloaltonetworks.com/unit42/respond/managed-threat-hunting?ts=markdown) * [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown) * [Unit 42 Retainer](https://www.paloaltonetworks.com/unit42/retainer?ts=markdown) * [Transform](https://www.paloaltonetworks.com/unit42/transform?ts=markdown) * [IR Plan Development and Review](https://www.paloaltonetworks.com/unit42/transform/incident-response-plan-development-review?ts=markdown) * [Security Program Design](https://www.paloaltonetworks.com/unit42/transform/security-program-design?ts=markdown) * [Virtual CISO](https://www.paloaltonetworks.com/unit42/transform/vciso?ts=markdown) * [Zero Trust Advisory](https://www.paloaltonetworks.com/unit42/transform/zero-trust-advisory?ts=markdown) [Global Customer Services](https://www.paloaltonetworks.com/services?ts=markdown) * [Education \& Training](https://www.paloaltonetworks.com/services/education?ts=markdown) * [Professional Services](https://www.paloaltonetworks.com/services/consulting?ts=markdown) * [Success Tools](https://www.paloaltonetworks.com/services/customer-success-tools?ts=markdown) * [Support Services](https://www.paloaltonetworks.com/services/solution-assurance?ts=markdown) * [Customer Success](https://www.paloaltonetworks.com/services/customer-success?ts=markdown) [![](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/logo-unit-42.svg) UNIT 42 RETAINER Custom-built to fit your organization's needs, you can choose to allocate your retainer hours to any of our offerings, including proactive cyber risk management services. Learn how you can put the world-class Unit 42 Incident Response team on speed dial. Learn more](https://www.paloaltonetworks.com/unit42/retainer?ts=markdown) * Partners ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Partners NextWave Partners * [NextWave Partner Community](https://www.paloaltonetworks.com/partners?ts=markdown) * [Cloud Service Providers](https://www.paloaltonetworks.com/partners/nextwave-for-csp?ts=markdown) * [Global Systems Integrators](https://www.paloaltonetworks.com/partners/nextwave-for-gsi?ts=markdown) * [Technology Partners](https://www.paloaltonetworks.com/partners/technology-partners?ts=markdown) * [Service Providers](https://www.paloaltonetworks.com/partners/service-providers?ts=markdown) * [Solution Providers](https://www.paloaltonetworks.com/partners/nextwave-solution-providers?ts=markdown) * [Managed Security Service Providers](https://www.paloaltonetworks.com/partners/managed-security-service-providers?ts=markdown) * [XMDR Partners](https://www.paloaltonetworks.com/partners/managed-security-service-providers/xmdr?ts=markdown) Take Action * [Portal Login](https://www.paloaltonetworks.com/partners/nextwave-partner-portal?ts=markdown) * [Managed Services Program](https://www.paloaltonetworks.com/partners/managed-security-services-provider-program?ts=markdown) * [Become a Partner](https://paloaltonetworks.my.site.com/NextWavePartnerProgram/s/partnerregistration?type=becomepartner) * [Request Access](https://paloaltonetworks.my.site.com/NextWavePartnerProgram/s/partnerregistration?type=requestaccess) * [Find a Partner](https://paloaltonetworks.my.site.com/NextWavePartnerProgram/s/partnerlocator) [CYBERFORCE CYBERFORCE represents the top 1% of partner engineers trusted for their security expertise. Learn more](https://www.paloaltonetworks.com/cyberforce?ts=markdown) * Company ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Company Palo Alto Networks * [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown) * [Management Team](https://www.paloaltonetworks.com/about-us/management?ts=markdown) * [Investor Relations](https://investors.paloaltonetworks.com) * [Locations](https://www.paloaltonetworks.com/about-us/locations?ts=markdown) * [Ethics \& Compliance](https://www.paloaltonetworks.com/company/ethics-and-compliance?ts=markdown) * [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown) * [Military \& Veterans](https://jobs.paloaltonetworks.com/military) [Why Palo Alto Networks?](https://www.paloaltonetworks.com/why-paloaltonetworks?ts=markdown) * [Precision AI Security](https://www.paloaltonetworks.com/precision-ai-security?ts=markdown) * [Our Platform Approach](https://www.paloaltonetworks.com/why-paloaltonetworks/platformization?ts=markdown) * [Accelerate Your Cybersecurity Transformation](https://www.paloaltonetworks.com/why-paloaltonetworks/nam-cxo-portfolio?ts=markdown) * [Awards \& Recognition](https://www.paloaltonetworks.com/about-us/awards?ts=markdown) * [Customer Stories](https://www.paloaltonetworks.com/customers?ts=markdown) * [Global Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown) * [Trust 360 Program](https://www.paloaltonetworks.com/resources/whitepapers/trust-360?ts=markdown) Careers * [Overview](https://jobs.paloaltonetworks.com/) * [Culture \& Benefits](https://jobs.paloaltonetworks.com/en/culture/) [A Newsweek Most Loved Workplace "Businesses that do right by their employees" Read more](https://www.paloaltonetworks.com/company/press/2021/palo-alto-networks-secures-top-ranking-on-newsweek-s-most-loved-workplaces-list-for-2021?ts=markdown) * More ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) More Resources * [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown) * [Unit 42 Threat Research](https://unit42.paloaltonetworks.com/) * [Communities](https://www.paloaltonetworks.com/communities?ts=markdown) * [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown) * [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown) * [Tech Insider](https://techinsider.paloaltonetworks.com/) * [Knowledge Base](https://knowledgebase.paloaltonetworks.com/) * [Palo Alto Networks TV](https://tv.paloaltonetworks.com/) * [Perspectives of Leaders](https://www.paloaltonetworks.com/perspectives/?ts=markdown) * [Cyber Perspectives Magazine](https://www.paloaltonetworks.com/cybersecurity-perspectives/cyber-perspectives-magazine?ts=markdown) * [Regional Cloud Locations](https://www.paloaltonetworks.com/products/regional-cloud-locations?ts=markdown) * [Tech Docs](https://docs.paloaltonetworks.com/) * [Security Posture Assessment](https://www.paloaltonetworks.com/security-posture-assessment?ts=markdown) * [Threat Vector Podcast](https://unit42.paloaltonetworks.com/unit-42-threat-vector-podcast/) * [Packet Pushers Podcasts](https://www.paloaltonetworks.com/podcasts/packet-pusher?ts=markdown) Connect * [LIVE community](https://live.paloaltonetworks.com/) * [Events](https://events.paloaltonetworks.com/) * [Executive Briefing Center](https://www.paloaltonetworks.com/about-us/executive-briefing-program?ts=markdown) * [Demos](https://www.paloaltonetworks.com/demos?ts=markdown) * [Contact us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown) [Blog Stay up-to-date on industry trends and the latest innovations from the world's largest cybersecurity Learn more](https://www.paloaltonetworks.com/blog/) * Sign In ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Sign In * Customer * Partner * Employee * [Login to download](https://www.paloaltonetworks.com/login?ts=markdown) * [Join us to become a member](https://www.paloaltonetworks.com/login?screenToRender=traditionalRegistration&ts=markdown) * EN ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Language * [USA (ENGLISH)](https://www.paloaltonetworks.com) * [AUSTRALIA (ENGLISH)](https://www.paloaltonetworks.com.au) * [BRAZIL (PORTUGUÉS)](https://www.paloaltonetworks.com.br) * [CANADA (ENGLISH)](https://www.paloaltonetworks.ca) * [CHINA (简体中文)](https://www.paloaltonetworks.cn) * [FRANCE (FRANÇAIS)](https://www.paloaltonetworks.fr) * [GERMANY (DEUTSCH)](https://www.paloaltonetworks.de) * [INDIA (ENGLISH)](https://www.paloaltonetworks.in) * [ITALY (ITALIANO)](https://www.paloaltonetworks.it) * [JAPAN (日本語)](https://www.paloaltonetworks.jp) * [KOREA (한국어)](https://www.paloaltonetworks.co.kr) * [LATIN AMERICA (ESPAÑOL)](https://www.paloaltonetworks.lat) * [MEXICO (ESPAÑOL)](https://www.paloaltonetworks.com.mx) * [SINGAPORE (ENGLISH)](https://www.paloaltonetworks.sg) * [SPAIN (ESPAÑOL)](https://www.paloaltonetworks.es) * [TAIWAN (繁體中文)](https://www.paloaltonetworks.tw) * [UK (ENGLISH)](https://www.paloaltonetworks.co.uk) * [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown) * [What's New](https://www.paloaltonetworks.com/resources?ts=markdown) * [Get support](https://support.paloaltonetworks.com/SupportAccount/MyAccount) * [Under Attack?](https://start.paloaltonetworks.com/contact-unit42.html) * [Demos and Trials](https://www.paloaltonetworks.com/get-started?ts=markdown) Search All * [Tech Docs](https://docs.paloaltonetworks.com/search) Close search modal [Deploy Bravely --- Secure your AI transformation with Prisma AIRS](https://www.deploybravely.com) [](https://www.paloaltonetworks.com/?ts=markdown) 1. [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown) 2. [AI Cybersecurity](https://www.paloaltonetworks.com/cyberpedia/artificial-intelligence-cybersecurity?ts=markdown) 3. [What Is Retrieval-Augmented Generation (RAG)? An Overview](https://www.paloaltonetworks.com/cyberpedia/what-is-retrieval-augmented-generation?ts=markdown) Table of contents * [Why is RAG central to today's AI discussions?](#why-is-rag-central-to-todays-ai-discussions) * [How does retrieval-augmented generation work?](#how-does-retrieval-augmented-generation-work) * [Why use retrieval-augmented generation?](#why-use-retrieval-augmented-generation) * [What are the primary use cases for RAG?](#what-are-the-primary-use-cases-for-rag) * [How does RAG compare to fine-tuning and prompt engineering?](#how-does-rag-compare-to-fine-tuning-and-prompt-engineering) * [Top RAG security risks and how to address them](#top-rag-security-risks-and-how-to-address-them) * [What is the future of retrieval-augmented generation?](#what-is-the-future-of-retrieval-augmented-generation) * [RAG FAQs](#rag-faqs) # What Is Retrieval-Augmented Generation (RAG)? An Overview 6 min. read Table of contents * [Why is RAG central to today's AI discussions?](#why-is-rag-central-to-todays-ai-discussions) * [How does retrieval-augmented generation work?](#how-does-retrieval-augmented-generation-work) * [Why use retrieval-augmented generation?](#why-use-retrieval-augmented-generation) * [What are the primary use cases for RAG?](#what-are-the-primary-use-cases-for-rag) * [How does RAG compare to fine-tuning and prompt engineering?](#how-does-rag-compare-to-fine-tuning-and-prompt-engineering) * [Top RAG security risks and how to address them](#top-rag-security-risks-and-how-to-address-them) * [What is the future of retrieval-augmented generation?](#what-is-the-future-of-retrieval-augmented-generation) * [RAG FAQs](#rag-faqs) 1. Why is RAG central to today's AI discussions? * [1. Why is RAG central to today's AI discussions?](#why-is-rag-central-to-todays-ai-discussions) * [2. How does retrieval-augmented generation work?](#how-does-retrieval-augmented-generation-work) * [3. Why use retrieval-augmented generation?](#why-use-retrieval-augmented-generation) * [4. What are the primary use cases for RAG?](#what-are-the-primary-use-cases-for-rag) * [5. How does RAG compare to fine-tuning and prompt engineering?](#how-does-rag-compare-to-fine-tuning-and-prompt-engineering) * [6. Top RAG security risks and how to address them](#top-rag-security-risks-and-how-to-address-them) * [7. What is the future of retrieval-augmented generation?](#what-is-the-future-of-retrieval-augmented-generation) * [8. RAG FAQs](#rag-faqs) Retrieval-augmented generation (RAG) is a method for improving language model outputs by adding relevant information retrieved from external sources. The system turns a user query into a vector, searches a database for matching documents, and inserts those documents into the model's prompt. This process helps the model give more accurate responses and reduces errors when the query depends on current or specialized knowledge. ## Why is RAG central to today's AI discussions? Retrieval-augmented generation is at the center of today's AI discussions because it tackles one of the most pressing challenges of large language models: relevance. "RAG is a significant leap forward in the ability of language models to handle large amounts of real-time data. No matter how expansive their training data, traditional LLMs are inherently limited to their last training cutoff, making them potentially outdated for specific topics or real-time events. RAG solves this limitation by allowing LLMs to access and integrate external, up-to-date information seamlessly." [- Steve Wilson, The Developer's Playbook for Large Language Model Security](https://www.oreilly.com/library/view/the-developers-playbook/9781098162191/) Traditional [large language models (LLMs)](https://www.paloaltonetworks.com/cyberpedia/large-language-models-llm), no matter how powerful, are static. They can't update themselves with new knowledge after training. And their responses are limited by what was available at the cutoff point. That limitation has real consequences. Businesses in fast-moving sectors---from finance to healthcare to cybersecurity---need systems that reflect current information. Not outdated context. RAG offers a path forward by bridging the gap between what models already know and what they need to retrieve in real time. Not to mention, RAG is increasingly viewed as an enabler of responsible AI. It grounds outputs in verifiable sources, reduces the risk of hallucinations, and provides a more transparent link between data and response. It's worth noting: It does introduce new security and governance considerations. Which is why it's part of the broader enterprise conversation about trust and safe deployment. ## How does retrieval-augmented generation work? RAG systems are built from several connected components that work together as a pipeline. ![Architecture diagram titled 'RAG architecture', illustrating the retrieval-augmented generation pipeline. At the top, a section labeled Indexing shows documents flowing into chunking, then through an embedding model to be vectorized and indexed into a vector database with nodes labeled Node 1, Node 2, and Node 3. Arrows indicate retrieval from the vector database. Below, a user sends a query, which is vectorized by an embedding model, searched against the vector database, and augmented with relevant contexts and prompts. The large language model (LLM) generates a response that is returned to the user. Key components including User, Query, Embedding model, Vector database, LLM, Prompts, and Augment are visually separated and connected by arrows showing the process flow.](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cyberpedia/what-is-retrieval-augmented-generation/RAG-architecture.png "Architecture diagram titled 'RAG architecture', illustrating the retrieval-augmented generation pipeline. At the top, a section labeled Indexing shows documents flowing into chunking, then through an embedding model to be vectorized and indexed into a vector database with nodes labeled Node 1, Node 2, and Node 3. Arrows indicate retrieval from the vector database. Below, a user sends a query, which is vectorized by an embedding model, searched against the vector database, and augmented with relevant contexts and prompts. The large language model (LLM) generates a response that is returned to the user. Key components including User, Query, Embedding model, Vector database, LLM, Prompts, and Augment are visually separated and connected by arrows showing the process flow.") Each plays a specific role: * **Retriever** -- Finds the most relevant passages or documents to answer a query. * **Vector database** -- Stores documents in vector form for efficient similarity search. * **Embedding model** -- Converts queries and documents into dense vectors that capture meaning. * **Orchestrator** -- Coordinates the workflow and assembles the context for the model. * **Large language model (LLM)** -- Generates the final response by combining the user's query with retrieved context. Together, these components create a process that retrieves and applies knowledge in real time. ![Architecture diagram titled 'How RAG (retrieval-augmented generation) works', illustrating the flow of a user query through retrieval-augmented generation. At the top left, a user question is shown in red text asking 'What does a next-generation firewall do?' The user icon is centered, connected by arrows to both the query input and the final answer. The answer is displayed in green text: 'A next-generation firewall inspects traffic at the application level, unlike traditional firewalls that only filter by ports and protocols.' To the left, a retriever component takes input from the user and retrieves text from a knowledge database, which contains sample passages including 'A next-generation firewall (NGFW) \[...\] inspects traffic at the application level' and 'Traditional firewalls \[...\] focus only on ports and protocols.' A Wikipedia icon is shown as the source of documents. Retrieved passages are combined into a context box labeled 'Context (augmented prompt)' that includes both a supporting passage and the user's question. This augmented prompt flows into the large language model (LLM) on the right, which produces the final output answer that is returned to the user. Arrows and labels indicate the steps: input, retrieve, collect, context, and output.](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cyberpedia/what-is-retrieval-augmented-generation/How-RAG-retrieval-augmented-generation-works.png "Architecture diagram titled 'How RAG (retrieval-augmented generation) works', illustrating the flow of a user query through retrieval-augmented generation. At the top left, a user question is shown in red text asking 'What does a next-generation firewall do?' The user icon is centered, connected by arrows to both the query input and the final answer. The answer is displayed in green text: 'A next-generation firewall inspects traffic at the application level, unlike traditional firewalls that only filter by ports and protocols.' To the left, a retriever component takes input from the user and retrieves text from a knowledge database, which contains sample passages including 'A next-generation firewall (NGFW) [...] inspects traffic at the application level' and 'Traditional firewalls [...] focus only on ports and protocols.' A Wikipedia icon is shown as the source of documents. Retrieved passages are combined into a context box labeled 'Context (augmented prompt)' that includes both a supporting passage and the user's question. This augmented prompt flows into the large language model (LLM) on the right, which produces the final output answer that is returned to the user. Arrows and labels indicate the steps: input, retrieve, collect, context, and output.") Here's how the workflow unfolds step by step. ### Query encoding The process starts with a user query. The system converts that query into a numerical representation called a vector using an embedding model. Instead of matching only exact words, the vector captures meaning. This makes it possible to compare the query with stored information, even if the wording differs. ### Data indexing For this comparison to work, the documents themselves must also be prepared. Ahead of time, the system breaks documents into smaller chunks and converts them into vectors using the same embedding model. These vectors, along with the original text, are stored in a database built to search by meaning, not just keywords. This preparation makes it possible to quickly retrieve the most relevant text when a query arrives. ***Note:*** *In the context of AI systems, the word 'documents' refers broadly to pieces of text or data (such as passages, articles, or records) that the system stores and retrieves for use in generation.* ### Document retrieval Once the query and documents are both in vector form, the system searches the database for the closest matches. Instead of looking only for identical words, it compares meanings and pulls the most relevant chunks of text. These become the foundation for shaping the model's response. ### Context augmentation Once the system finds the right documents, it attaches them to the user's question to form an expanded input. This step is called context augmentation. It gives the model both the question and supporting evidence to work with. Augmentation helps the model stay accurate and up to date, but there's a limit to how much text it can process at once. If too much is added, some material must be cut or shortened, so designers need to balance detail with space. ***Note:*** *Context augmentation is the process of adding retrieved information to a prompt so the model can generate a more accurate response.* ### Response generation The model takes the expanded input and creates an answer. It uses both what it already knows and the extra documents that were added. The documents don't provide the response directly, but they guide the model so its reasoning stays on track. The final accuracy depends on how relevant the retrieved documents are and how well the model combines them with its own knowledge. ### End-to-end workflow The entire RAG pipeline can be seen as a sequence: encode the query, retrieve matching documents, augment the prompt, and generate the response. Errors at any stage can cascade. Weak embeddings lead to poor retrieval. Poor retrieval leads to weak augmentation. Weak augmentation leads to an inaccurate response. ### Variations and practical considerations RAG systems are not all the same. Some rely only on dense retrieval. Others combine dense and sparse methods, like keyword search. Many add reranking steps to refine results. Practical factors also matter. Knowledge bases must be updated regularly to avoid outdated answers. Vector databases need to be optimized for speed and scalability. And because models have limited context windows, retrieval must focus on the most useful information. ***Note:*** * ***Dense retrieval** means matching text based on meaning.* * ***Sparse retrieval** refers to keyword-based matching.* * ***Reranking** is reordering results so the most relevant appear first.* ## Why use retrieval-augmented generation? ![Graphic titled 'Benefits of RAG' showing three main benefits, each with an icon, heading, and description. On the left, a lightbulb icon represents 'Grounding,' with text stating that grounding links answers to real evidence instead of relying on memorized training data, reducing hallucinations by tying outputs to verifiable sources. In the center, a four-way arrow icon represents 'Scalability,' with text explaining that scalability lets one model adapt to many domains without constant retraining, keeping knowledge bases current and making it easier to scale across use cases. On the right, a chart icon with upward-trending dots represents 'Cost efficiency,' with text explaining that cost efficiency cuts down on repeated fine-tuning and heavy compute cycles, shifting knowledge into external systems to lower overall costs.](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cyberpedia/what-is-retrieval-augmented-generation/Benefits-of-RAG.png "Graphic titled 'Benefits of RAG' showing three main benefits, each with an icon, heading, and description. On the left, a lightbulb icon represents 'Grounding,' with text stating that grounding links answers to real evidence instead of relying on memorized training data, reducing hallucinations by tying outputs to verifiable sources. In the center, a four-way arrow icon represents 'Scalability,' with text explaining that scalability lets one model adapt to many domains without constant retraining, keeping knowledge bases current and making it easier to scale across use cases. On the right, a chart icon with upward-trending dots represents 'Cost efficiency,' with text explaining that cost efficiency cuts down on repeated fine-tuning and heavy compute cycles, shifting knowledge into external systems to lower overall costs.") Generative AI is moving quickly into real-world use. But models trained only on fixed datasets hit limits when information changes or when accuracy is critical. Retrieval-augmented generation offers a way around those limits. By combining model output with live access to external sources, it solves problems that training alone cannot. * **One benefit is grounding.** Grounding links a model's answers to real evidence instead of relying only on what it memorized during training. Large language models can generate fluent text, but they don't always know if it's correct. This can lead to hallucinations---confident answers that are not backed by evidence. RAG reduces this risk by pulling in external documents so outputs are tied to verifiable sources. * **Another is scalability.** Fine-tuning models for each new task is costly and time consuming. It also creates static versions that must be retrained whenever information changes. With RAG, a single model can adapt to many domains by retrieving from an updated knowledge base. That makes scaling across use cases faster and less resource heavy. * **Finally, there's cost efficiency.** Running and fine-tuning large models demands significant computing power. RAG shifts much of the knowledge into external systems that are cheaper to refresh. This reduces repeated training cycles and makes the overall cost profile easier to manage. ## What are the primary use cases for RAG? ![Diagram titled 'RAG use cases' with five diamond-shaped icons arranged horizontally, each paired with a heading and description. From left to right: 'Enterprise search' with a document icon and the text 'Pulls from internal databases to deliver context-aware answers.' 'Customer service' with a headset icon and the text 'Grounds responses in company manuals and FAQs for consistency.' 'Research' with a magnifying glass icon and the text 'Retrieves key references to cut through information overload.' 'Compliance' with a checkmark on a document icon and the text 'Anchors outputs in policies and frameworks to reduce risk.' 'Coding assistants' with a code window icon and the text 'Uses external repositories and docs for accurate, up-to-date suggestions.' A dotted horizontal line connects all icons.](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cyberpedia/what-is-retrieval-augmented-generation/RAG-use-cases.png "Diagram titled 'RAG use cases' with five diamond-shaped icons arranged horizontally, each paired with a heading and description. From left to right: 'Enterprise search' with a document icon and the text 'Pulls from internal databases to deliver context-aware answers.' 'Customer service' with a headset icon and the text 'Grounds responses in company manuals and FAQs for consistency.' 'Research' with a magnifying glass icon and the text 'Retrieves key references to cut through information overload.' 'Compliance' with a checkmark on a document icon and the text 'Anchors outputs in policies and frameworks to reduce risk.' 'Coding assistants' with a code window icon and the text 'Uses external repositories and docs for accurate, up-to-date suggestions.' A dotted horizontal line connects all icons.") Retrieval-augmented generation is already moving from theory into practice. Organizations are applying it in areas where accuracy, efficiency, and domain-specific knowledge matter most, including: * **One of the clearest examples is enterprise search.** Employees often waste time trying to find information scattered across systems. RAG helps by pulling from internal databases and producing context-aware answers, which makes organizational knowledge easier to access. * **It also supports customer service.** Contact centers need reliable responses that stay consistent with approved manuals and FAQs. By grounding each answer in the company's own documentation, RAG reduces hallucinations and improves the quality of interactions. * **RAG is becoming useful in research, where scientists and analysts face information overload.** By retrieving the most relevant references before generation, it cuts through large volumes of material and keeps outputs tied to verifiable sources. * **Another area is compliance.** In regulated industries like finance, law, or healthcare, RAG can reference policies or frameworks directly. This lowers the risk of generating responses that conflict with rules or introduce liability. * **Finally, coding assistants are starting to rely on RAG.** Developers benefit when suggestions draw on external repositories and up-to-date documentation instead of only training data. This makes outputs more accurate and current. ***Note:*** *While RAG use cases span many industries, the differentiator isn't just retrieving information. It's trusting the source. In practice, organizations have to carefully curate and secure knowledge bases, since the quality of retrieval directly determines whether outputs are reliable or risky.* ## How does RAG compare to fine-tuning and prompt engineering? | Comparison of RAG, fine-tuning, and prompt engineering | |--------------------------------------------------------| | Approach | What it does | Strengths | Limitations | Best suited for | |------------------------|--------------------------------------------------------------|----------------------------------------------------------------|--------------------------------------------------------------------------|----------------------------------------------------------------| | **Fine-tuning** | Trains a base model further on domain-specific data | Strong performance on specialized tasks; builds deep expertise | Costly; requires large datasets; must be repeated when knowledge changes | Narrow, high-stakes domains (e.g., medical, legal) | | **Prompt engineering** | Crafts instructions to guide model behavior | Low cost; easy to apply; improves style and structure | Cannot add new knowledge; limited impact on factual accuracy | Quick refinements to interaction quality | | **RAG** | Retrieves external context and adds it to prompts at runtime | Keeps outputs current; reduces hallucinations; cost-efficient | Depends on retrieval quality and database freshness | Scalable, adaptable use cases needing accuracy and flexibility | **Fine-tuning adapts a model by training it further on domain-specific data.** It can deliver strong performance for specialized tasks, but it's costly, requires large datasets, and must be repeated to incorporate new knowledge. **Prompt engineering is a technique for crafting better instructions to guide a model's output.** It can change the style or structure of a response but cannot add new knowledge. At best, it refines how the model uses what it already knows. **RAG takes a different approach. Instead of embedding all information into model parameters, it retrieves relevant context from external sources at runtime.** This makes it easier to update knowledge bases, ground outputs in verifiable data, and reduce hallucinations without retraining. These approaches aren't mutually exclusive. Fine-tuning builds domain expertise, prompt engineering helps refine interactions, and RAG provides adaptability. RAG is often the most effective choice when accuracy, flexibility, and cost efficiency are priorities. | ***Further reading:** [What Is AI Prompt Security? Secure Prompt Engineering Guide](https://www.paloaltonetworks.com/cyberpedia/what-is-ai-prompt-security)* ## Top RAG security risks and how to address them "The integration of the Retrieval Augmented Generation (RAG) pattern in GenAI applications involved complex interactions between data retrieval, processing, and generation components. This complexity introduces several security considerations that must be meticulously addressed to safeguard the integrity, confidentiality, and availability of the system." [- K. Huang et al. (eds.)​, ​Generative AI Security​, ​Future of Business and Finance](https://link.springer.com/chapter/10.1007/978-3-031-54252-7_1) As discussed, RAG strengthens AI outputs by grounding them in external sources. But that same reliance on retrieval pipelines and third-party services creates new entry points for attackers. The risks outlined here show where those vulnerabilities arise and the safeguards needed to contain them. * **Data poisoning** Data poisoning occurs when attackers insert malicious or misleading information into the knowledge base. If retrieved, this data can cause the model to generate convincing but false answers. **Mitigation:** The best defense is maintaining data integrity --- through validation, filtering, and regular monitoring of external sources. * **Prompt injection** Malicious instructions can be hidden in retrieved text and override the intended query. This may cause the model to leak information or ignore safeguards. **Mitigation:** Sanitization pipelines and adversarial testing help detect and block these hidden prompts before they reach the model. * **Sensitive data leakage** Sensitive data leakage can happen when private or regulated information is exposed through retrieval or generation. Leakage not only undermines trust but can also create compliance failures. **Mitigation:** Strong access controls (RBAC/ABAC) and filtering of sensitive content are critical to limit exposure. * **External API dependencies** External API dependencies also add risk. Many RAG systems rely on third-party services for embeddings, retrieval, or generation. If an API is compromised or goes offline, the system can inherit vulnerabilities or fail entirely. **Mitigation:** Mitigations include vendor due diligence, monitoring outputs for anomalies, and building fallback mechanisms. Ultimately, securing RAG means treating every input and retrieval as untrusted until proven safe. By combining sanitization, access control, monitoring, validation, and testing, organizations can reduce the chance of manipulation while keeping RAG systems reliable. ***Note:*** *What makes RAG security challenging is that most risks don't originate inside the model. They come from inputs, retrieval pipelines, or external services. This shifts the defensive focus from model internals to supply-chain style controls over data sources, APIs, and context handling.* | ***Further reading:*** * [*What Is Generative AI Security? \[Explanation/Starter Guide\]*](https://www.paloaltonetworks.com/cyberpedia/what-is-generative-ai-security) * [*Top GenAI Security Challenges: Risks, Issues, \& Solutions*](https://www.paloaltonetworks.com/cyberpedia/generative-ai-security-risks) * [*What Is a Prompt Injection Attack? \[Examples \& Prevention\]*](https://www.paloaltonetworks.com/cyberpedia/what-is-a-prompt-injection-attack) * [*What Is Data Poisoning? \[Examples \& Prevention\]*](https://www.paloaltonetworks.com/cyberpedia/what-is-data-poisoning) * [*What Is LLM (Large Language Model) Security? | Starter Guide*](https://www.paloaltonetworks.com/cyberpedia/what-is-llm-security) ## What is the future of retrieval-augmented generation? RAG is moving from a niche method to a core part of AI development. The next stage will focus on making it more flexible, reliable, and secure. * **One path is hybrid retrieval and fine-tuning.** Combining live retrieval with fine-tuned layers could balance adaptability with stable domain expertise. This would cut down on repeated retraining while keeping outputs precise. * **Multimodal RAG is beginning to emerge.** Many systems are starting to retrieve and integrate not only text, but also images, audio, or video to ground answers in richer formats. While still early in adoption, this approach signals a shift toward broader real-world context for AI outputs. * **Integration with AI agents is also on the horizon.** RAG can serve as the knowledge backbone for systems that plan, reason, and act. Retrieval would then support not only answers but also decision-making in real time. * **Finally, security-first RAG design will be critical.** As retrieval pipelines grow, so do risks like poisoning or leakage. Embedding filtering, validation, and access controls directly into RAG systems will help ensure safe deployment. In short, the future of RAG is about more than scale. It's about evolving into adaptive, multimodal, and secure systems that anchor AI in trustworthy knowledge. ![Icon of a book](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cyberpedia/what-is-rlhf/icon-rlhf-document.svg) DIG DEEPER INTO GENAI SECURITY Read *Securing GenAI: A Comprehensive Report on Prompt Attacks: Taxonomy, Risks, and Solutions* to learn how attackers exploit prompts, plus defense strategies. --- [Download the report](https://www.paloaltonetworks.com/resources/research/unit-42-incident-response-report) ## RAG FAQs #### What is RAG in GenAI? Retrieval-augmented generation (RAG) combines a language model with a retrieval system that pulls relevant external information at query time. This helps the model generate grounded, more reliable responses instead of relying only on memorized training data. #### What is the difference between RAG and an LLM? A large language model generates outputs based on its training data alone. RAG adds a retrieval step, pulling information from external sources to guide responses. This makes RAG more adaptable and reduces errors in specialized or fast-changing domains. #### What is an example of RAG? A customer support chatbot using RAG can retrieve answers from a company's knowledge base. Instead of relying on pretraining, it combines live documentation with the model's reasoning to deliver accurate, up-to-date responses. #### How does RAG improve accuracy in AI systems? RAG grounds responses in retrieved documents. By anchoring outputs to verifiable sources, it reduces hallucinations and improves reliability. This is especially important for tasks requiring factual accuracy or domain-specific knowledge. #### Is RAG only used in enterprise applications? No. While enterprises use RAG for knowledge management and compliance, it is also applied in research, education, and consumer tools. Any context needing accurate, current, or specialized responses can benefit. #### What are the main challenges of implementing RAG? Challenges include building and maintaining high-quality retrieval databases, preventing data poisoning, ensuring privacy, and managing latency in retrieval workflows. Effective orchestration and monitoring are required to keep systems secure and efficient. #### Does RAG replace fine-tuning in large language models? Not entirely. RAG reduces the need for frequent fine-tuning but does not eliminate it. Fine-tuning helps models specialize, while RAG keeps outputs current by retrieving external knowledge. They are complementary. #### How does RAG handle sensitive or private data? RAG systems must enforce strong controls, such as access restrictions, sanitization, and monitoring. Without safeguards, sensitive data in retrieval sources could be exposed in outputs. Security-first design ensures private information remains protected. Related content [Report: Unit 42 Threat Frontier: Prepare for Emerging AI Risks Get Unit 42's point of view on AI risks and how to defend your organization.](https://www.paloaltonetworks.com/resources/ebooks/unit42-threat-frontier) [LIVEcommunity blog: Secure AI by Design Discover a comprehensive GenAI security framework.](https://live.paloaltonetworks.com/t5/community-blogs/genai-security-technical-blog-series-1-6-secure-ai-by-design-a/ba-p/589504) [Report: Securing GenAI: A Comprehensive Report on Prompt Attacks: Taxonomy, Risks, and Solutions Gain insights into prompt-based threats and develop proactive defense strategies.](https://www.paloaltonetworks.com/resources/whitepapers/prompt-attack) [Report: The State of Generative AI 2025 Read the latest data on GenAI adoption and usage.](https://www.paloaltonetworks.com/resources/research/state-of-genai-2025) ![Share page on facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/resources/facebook-circular-icon.svg) ![Share page on linkedin](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/resources/linkedin-circular-icon.svg) [![Share page by an email](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/resources/email-circular-icon.svg)](mailto:?subject=What%20Is%20Retrieval-Augmented%20Generation%20%28RAG%29%3F%20An%20Overview&body=Retrieval-augmented%20generation%20%28RAG%29%20is%20a%20method%20for%20improving%20language%20model%20outputs%20by%20adding%20relevant%20information%20retrieved%20from%20external%20sources.%20at%20https%3A//www.paloaltonetworks.com/cyberpedia/what-is-retrieval-augmented-generation) Back to Top {#footer} ## Products and Services * [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown) * [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown) * [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown) * [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown) * [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown) * [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown) * [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown) * [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown) * [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown) * [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown) * [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) * [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown) * [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown) * [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown) * [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown) * [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown) * [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown) * [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown) * [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown) * [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown) * [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown) * [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown) * [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown) * [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown) * [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown) * [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) * [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown) * [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown) * [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown) * [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown) * [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown) * [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown) * [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown) * [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown) * [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown) * [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown) * [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown) * [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown) * [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown) * [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown) * [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown) ## Company * [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown) * [Careers](https://jobs.paloaltonetworks.com/en/) * [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown) * [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown) * [Customers](https://www.paloaltonetworks.com/customers?ts=markdown) * [Investor Relations](https://investors.paloaltonetworks.com/) * [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown) * [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown) ## Popular Links * [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown) * [Communities](https://www.paloaltonetworks.com/communities?ts=markdown) * [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown) * [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown) * [Event Center](https://events.paloaltonetworks.com/) * [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center) * [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown) * [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown) * [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown) * [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown) * [Tech Docs](https://docs.paloaltonetworks.com/) * [Unit 42](https://unit42.paloaltonetworks.com/) * [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd) ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg) * [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown) * [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown) * [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) * [Documents](https://www.paloaltonetworks.com/legal?ts=markdown) Copyright © 2025 Palo Alto Networks. All Rights Reserved * [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks) * [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown) * [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/) * [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks) * [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks) * EN Select your language