[](https://www.paloaltonetworks.com/?ts=markdown) * Sign In * Customer * Partner * Employee * [Login to download](https://www.paloaltonetworks.com/login?ts=markdown) * [Join us to become a member](https://www.paloaltonetworks.com/login?screenToRender=traditionalRegistration&ts=markdown) * EN * [USA (ENGLISH)](https://www.paloaltonetworks.com) * [AUSTRALIA (ENGLISH)](https://www.paloaltonetworks.com.au) * [BRAZIL (PORTUGUÉS)](https://www.paloaltonetworks.com.br) * [CANADA (ENGLISH)](https://www.paloaltonetworks.ca) * [CHINA (简体中文)](https://www.paloaltonetworks.cn) * [FRANCE (FRANÇAIS)](https://www.paloaltonetworks.fr) * [GERMANY (DEUTSCH)](https://www.paloaltonetworks.de) * [INDIA (ENGLISH)](https://www.paloaltonetworks.in) * [ITALY (ITALIANO)](https://www.paloaltonetworks.it) * [JAPAN (日本語)](https://www.paloaltonetworks.jp) * [KOREA (한국어)](https://www.paloaltonetworks.co.kr) * [LATIN AMERICA (ESPAÑOL)](https://www.paloaltonetworks.lat) * [MEXICO (ESPAÑOL)](https://www.paloaltonetworks.com.mx) * [SINGAPORE (ENGLISH)](https://www.paloaltonetworks.sg) * [SPAIN (ESPAÑOL)](https://www.paloaltonetworks.es) * [TAIWAN (繁體中文)](https://www.paloaltonetworks.tw) * [UK (ENGLISH)](https://www.paloaltonetworks.co.uk) * ![magnifying glass search icon to open search field](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/search-black.svg) * [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown) * [What's New](https://www.paloaltonetworks.com/resources?ts=markdown) * [Get Support](https://support.paloaltonetworks.com/SupportAccount/MyAccount) * [Under Attack?](https://start.paloaltonetworks.com/contact-unit42.html) ![x close icon to close mobile navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/x-black.svg) [![Palo Alto Networks logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)](https://www.paloaltonetworks.com/?ts=markdown) ![magnifying glass search icon to open search field](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/search-black.svg) * [](https://www.paloaltonetworks.com/?ts=markdown) * Products ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Products [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown) * [AI Security](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown) * [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown) * [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown) * [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown) * [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown) * [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown) * [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown) * [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown) * [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Enterprise Device Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown) * [Medical Device Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [OT Device Security](https://www.paloaltonetworks.com/network-security/ot-device-security?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) * [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown) * [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown) * [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown) * [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown) * [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown) * [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown) * [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown) * [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown) * [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown) * [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown) * [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown) * [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown) * [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown) * [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown) * [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown) * [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown) * [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown) * [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown) * [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown) * [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown) * [Cortex AgentiX](https://www.paloaltonetworks.com/cortex/agentix?ts=markdown) * [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown) * [Cortex Exposure Management](https://www.paloaltonetworks.com/cortex/exposure-management?ts=markdown) * [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown) * [Cortex Advanced Email Security](https://www.paloaltonetworks.com/cortex/advanced-email-security?ts=markdown) * [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown) * [Unit 42 Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown) [![](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cyberark/Seamless_IDs_small.jpg) Identity Security](https://www.paloaltonetworks.com/identity-security?ts=markdown) * Solutions ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Solutions Secure AI by Design * [Secure AI Ecosystem](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown) * [Secure GenAI Usage](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown) Network Security * [Cloud Network Security](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown) * [Data Center Security](https://www.paloaltonetworks.com/network-security/data-center?ts=markdown) * [DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown) * [Intrusion Detection and Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown) * [Device Security](https://www.paloaltonetworks.com/network-security/device-security?ts=markdown) * [OT Security](https://www.paloaltonetworks.com/network-security/ot-security-solution?ts=markdown) * [5G Security](https://www.paloaltonetworks.com/network-security/5g-security?ts=markdown) * [Secure All Apps, Users and Locations](https://www.paloaltonetworks.com/sase/secure-users-data-apps-devices?ts=markdown) * [Secure Branch Transformation](https://www.paloaltonetworks.com/sase/secure-branch-transformation?ts=markdown) * [Secure Work on Any Device](https://www.paloaltonetworks.com/sase/secure-work-on-any-device?ts=markdown) * [VPN Replacement](https://www.paloaltonetworks.com/sase/vpn-replacement-for-secure-remote-access?ts=markdown) * [Web \& Phishing Security](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown) Cloud Security * [Application Security Posture Management (ASPM)](https://www.paloaltonetworks.com/cortex/cloud/application-security-posture-management?ts=markdown) * [Software Supply Chain Security](https://www.paloaltonetworks.com/cortex/cloud/software-supply-chain-security?ts=markdown) * [Code Security](https://www.paloaltonetworks.com/cortex/cloud/code-security?ts=markdown) * [Cloud Security Posture Management (CSPM)](https://www.paloaltonetworks.com/cortex/cloud/cloud-security-posture-management?ts=markdown) * [Cloud Infrastructure Entitlement Management (CIEM)](https://www.paloaltonetworks.com/cortex/cloud/cloud-infrastructure-entitlement-management?ts=markdown) * [Data Security Posture Management (DSPM)](https://www.paloaltonetworks.com/cortex/cloud/data-security-posture-management?ts=markdown) * [AI Security Posture Management (AI-SPM)](https://www.paloaltonetworks.com/cortex/cloud/ai-security-posture-management?ts=markdown) * [Cloud Detection \& Response](https://www.paloaltonetworks.com/cortex/cloud-detection-and-response?ts=markdown) * [Cloud Workload Protection (CWP)](https://www.paloaltonetworks.com/cortex/cloud/cloud-workload-protection?ts=markdown) * [Web Application \& API Security (WAAS)](https://www.paloaltonetworks.com/cortex/cloud/web-app-api-security?ts=markdown) Security Operations * [Cloud Detection \& Response](https://www.paloaltonetworks.com/cortex/cloud-detection-and-response?ts=markdown) * [Security Information and Event Management](https://www.paloaltonetworks.com/cortex/modernize-siem?ts=markdown) * [Network Security Automation](https://www.paloaltonetworks.com/cortex/network-security-automation?ts=markdown) * [Incident Case Management](https://www.paloaltonetworks.com/cortex/incident-case-management?ts=markdown) * [SOC Automation](https://www.paloaltonetworks.com/cortex/security-operations-automation?ts=markdown) * [Threat Intel Management](https://www.paloaltonetworks.com/cortex/threat-intel-management?ts=markdown) * [Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown) * [Attack Surface Management](https://www.paloaltonetworks.com/cortex/cortex-xpanse/attack-surface-management?ts=markdown) * [Compliance Management](https://www.paloaltonetworks.com/cortex/cortex-xpanse/compliance-management?ts=markdown) * [Internet Operations Management](https://www.paloaltonetworks.com/cortex/cortex-xpanse/internet-operations-management?ts=markdown) * [Extended Data Lake (XDL)](https://www.paloaltonetworks.com/cortex/cortex-xdl?ts=markdown) * [Agentic Assistant](https://www.paloaltonetworks.com/cortex/cortex-agentic-assistant?ts=markdown) Endpoint Security * [Endpoint Protection](https://www.paloaltonetworks.com/cortex/endpoint-protection?ts=markdown) * [Extended Detection \& Response](https://www.paloaltonetworks.com/cortex/detection-and-response?ts=markdown) * [Ransomware Protection](https://www.paloaltonetworks.com/cortex/ransomware-protection?ts=markdown) * [Digital Forensics](https://www.paloaltonetworks.com/cortex/digital-forensics?ts=markdown) [Industries](https://www.paloaltonetworks.com/industry?ts=markdown) * [Public Sector](https://www.paloaltonetworks.com/industry/public-sector?ts=markdown) * [Financial Services](https://www.paloaltonetworks.com/industry/financial-services?ts=markdown) * [Manufacturing](https://www.paloaltonetworks.com/industry/manufacturing?ts=markdown) * [Healthcare](https://www.paloaltonetworks.com/industry/healthcare?ts=markdown) * [Small \& Medium Business Solutions](https://www.paloaltonetworks.com/industry/small-medium-business-portfolio?ts=markdown) [![](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cyberark/Seamless_IDs_small.jpg) Identity Security](https://www.paloaltonetworks.com/identity-security?ts=markdown) * Services ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Services [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown) * [Assess](https://www.paloaltonetworks.com/unit42/assess?ts=markdown) * [AI Security Assessment](https://www.paloaltonetworks.com/unit42/assess/ai-security-assessment?ts=markdown) * [Attack Surface Assessment](https://www.paloaltonetworks.com/unit42/assess/attack-surface-assessment?ts=markdown) * [Breach Readiness Review](https://www.paloaltonetworks.com/unit42/assess/breach-readiness-review?ts=markdown) * [BEC Readiness Assessment](https://www.paloaltonetworks.com/bec-readiness-assessment?ts=markdown) * [Cloud Security Assessment](https://www.paloaltonetworks.com/unit42/assess/cloud-security-assessment?ts=markdown) * [Compromise Assessment](https://www.paloaltonetworks.com/unit42/assess/compromise-assessment?ts=markdown) * [Cyber Risk Assessment](https://www.paloaltonetworks.com/unit42/assess/cyber-risk-assessment?ts=markdown) * [M\&A Cyber Due Diligence](https://www.paloaltonetworks.com/unit42/assess/mergers-acquisitions-cyber-due-diligence?ts=markdown) * [Penetration Testing](https://www.paloaltonetworks.com/unit42/assess/penetration-testing?ts=markdown) * [Purple Team Exercises](https://www.paloaltonetworks.com/unit42/assess/purple-teaming?ts=markdown) * [Ransomware Readiness Assessment](https://www.paloaltonetworks.com/unit42/assess/ransomware-readiness-assessment?ts=markdown) * [SOC Assessment](https://www.paloaltonetworks.com/unit42/assess/soc-assessment?ts=markdown) * [Supply Chain Risk Assessment](https://www.paloaltonetworks.com/unit42/assess/supply-chain-risk-assessment?ts=markdown) * [Tabletop Exercises](https://www.paloaltonetworks.com/unit42/assess/tabletop-exercise?ts=markdown) * [Unit 42 Retainer](https://www.paloaltonetworks.com/unit42/retainer?ts=markdown) * [Respond](https://www.paloaltonetworks.com/unit42/respond?ts=markdown) * [Cloud Incident Response](https://www.paloaltonetworks.com/unit42/respond/cloud-incident-response?ts=markdown) * [Digital Forensics](https://www.paloaltonetworks.com/unit42/respond/digital-forensics?ts=markdown) * [Incident Response](https://www.paloaltonetworks.com/unit42/respond/incident-response?ts=markdown) * [Managed Detection and Response](https://www.paloaltonetworks.com/unit42/respond/managed-detection-response?ts=markdown) * [Managed Threat Hunting](https://www.paloaltonetworks.com/unit42/respond/managed-threat-hunting?ts=markdown) * [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown) * [Unit 42 Retainer](https://www.paloaltonetworks.com/unit42/retainer?ts=markdown) * [Transform](https://www.paloaltonetworks.com/unit42/transform?ts=markdown) * [IR Plan Development and Review](https://www.paloaltonetworks.com/unit42/transform/incident-response-plan-development-review?ts=markdown) * [Security Program Design](https://www.paloaltonetworks.com/unit42/transform/security-program-design?ts=markdown) * [Virtual CISO](https://www.paloaltonetworks.com/unit42/transform/vciso?ts=markdown) * [Zero Trust Advisory](https://www.paloaltonetworks.com/unit42/transform/zero-trust-advisory?ts=markdown) [Global Customer Services](https://www.paloaltonetworks.com/services?ts=markdown) * [Education \& Training](https://www.paloaltonetworks.com/services/education?ts=markdown) * [Professional Services](https://www.paloaltonetworks.com/services/consulting?ts=markdown) * [Success Tools](https://www.paloaltonetworks.com/services/customer-success-tools?ts=markdown) * [Support Services](https://www.paloaltonetworks.com/services/solution-assurance?ts=markdown) * [Customer Success](https://www.paloaltonetworks.com/services/customer-success?ts=markdown) [![](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/logo-unit-42.svg) UNIT 42 RETAINER Custom-built to fit your organization's needs, you can choose to allocate your retainer hours to any of our offerings, including proactive cyber risk management services. Learn how you can put the world-class Unit 42 Incident Response team on speed dial. Learn more](https://www.paloaltonetworks.com/unit42/retainer?ts=markdown) * Partners ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Partners NextWave Partners * [NextWave Partner Community](https://www.paloaltonetworks.com/partners?ts=markdown) * [Cloud Service Providers](https://www.paloaltonetworks.com/partners/nextwave-for-csp?ts=markdown) * [Global Systems Integrators](https://www.paloaltonetworks.com/partners/nextwave-for-gsi?ts=markdown) * [Technology Partners](https://www.paloaltonetworks.com/partners/technology-partners?ts=markdown) * [Service Providers](https://www.paloaltonetworks.com/partners/service-providers?ts=markdown) * [Solution Providers](https://www.paloaltonetworks.com/partners/nextwave-solution-providers?ts=markdown) * [Managed Security Service Providers](https://www.paloaltonetworks.com/partners/managed-security-service-providers?ts=markdown) * [XMDR Partners](https://www.paloaltonetworks.com/partners/managed-security-service-providers/xmdr?ts=markdown) Take Action * [Portal Login](https://www.paloaltonetworks.com/partners/nextwave-partner-portal?ts=markdown) * [Managed Services Program](https://www.paloaltonetworks.com/partners/managed-security-services-provider-program?ts=markdown) * [Become a Partner](https://paloaltonetworks.my.site.com/NextWavePartnerProgram/s/partnerregistration?type=becomepartner) * [Request Access](https://paloaltonetworks.my.site.com/NextWavePartnerProgram/s/partnerregistration?type=requestaccess) * [Find a Partner](https://paloaltonetworks.my.site.com/NextWavePartnerProgram/s/partnerlocator) [CYBERFORCE CYBERFORCE represents the top 1% of partner engineers trusted for their security expertise. Learn more](https://www.paloaltonetworks.com/cyberforce?ts=markdown) * Company ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Company Palo Alto Networks * [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown) * [Management Team](https://www.paloaltonetworks.com/about-us/management?ts=markdown) * [Investor Relations](https://investors.paloaltonetworks.com) * [Locations](https://www.paloaltonetworks.com/about-us/locations?ts=markdown) * [Ethics \& Compliance](https://www.paloaltonetworks.com/company/ethics-and-compliance?ts=markdown) * [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown) * [Military \& Veterans](https://jobs.paloaltonetworks.com/military) [Why Palo Alto Networks?](https://www.paloaltonetworks.com/why-paloaltonetworks?ts=markdown) * [Precision AI Security](https://www.paloaltonetworks.com/precision-ai-security?ts=markdown) * [Our Platform Approach](https://www.paloaltonetworks.com/why-paloaltonetworks/platformization?ts=markdown) * [Accelerate Your Cybersecurity Transformation](https://www.paloaltonetworks.com/why-paloaltonetworks/nam-cxo-portfolio?ts=markdown) * [Awards \& Recognition](https://www.paloaltonetworks.com/about-us/awards?ts=markdown) * [Customer Stories](https://www.paloaltonetworks.com/customers?ts=markdown) * [Global Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown) * [Trust 360 Program](https://www.paloaltonetworks.com/resources/whitepapers/trust-360?ts=markdown) Careers * [Overview](https://jobs.paloaltonetworks.com/) * [Culture \& Benefits](https://jobs.paloaltonetworks.com/en/culture/) [A Newsweek Most Loved Workplace "Businesses that do right by their employees" Read more](https://www.paloaltonetworks.com/company/press/2021/palo-alto-networks-secures-top-ranking-on-newsweek-s-most-loved-workplaces-list-for-2021?ts=markdown) * More ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) More Resources * [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown) * [Unit 42 Threat Research](https://unit42.paloaltonetworks.com/) * [Communities](https://www.paloaltonetworks.com/communities?ts=markdown) * [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown) * [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown) * [Tech Insider](https://techinsider.paloaltonetworks.com/) * [Knowledge Base](https://knowledgebase.paloaltonetworks.com/) * [Palo Alto Networks TV](https://tv.paloaltonetworks.com/) * [Perspectives of Leaders](https://www.paloaltonetworks.com/perspectives/?ts=markdown) * [Cyber Perspectives Magazine](https://www.paloaltonetworks.com/cybersecurity-perspectives/cyber-perspectives-magazine?ts=markdown) * [Regional Cloud Locations](https://www.paloaltonetworks.com/products/regional-cloud-locations?ts=markdown) * [Tech Docs](https://docs.paloaltonetworks.com/) * [Security Posture Assessment](https://www.paloaltonetworks.com/security-posture-assessment?ts=markdown) * [Threat Vector Podcast](https://unit42.paloaltonetworks.com/unit-42-threat-vector-podcast/) * [Packet Pushers Podcasts](https://www.paloaltonetworks.com/podcasts/packet-pusher?ts=markdown) Connect * [LIVE community](https://live.paloaltonetworks.com/) * [Events](https://events.paloaltonetworks.com/) * [Executive Briefing Center](https://www.paloaltonetworks.com/about-us/executive-briefing-program?ts=markdown) * [Demos](https://www.paloaltonetworks.com/demos?ts=markdown) * [Contact us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown) [Blog Stay up-to-date on industry trends and the latest innovations from the world's largest cybersecurity Learn more](https://www.paloaltonetworks.com/blog/) * Sign In ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Sign In * Customer * Partner * Employee * [Login to download](https://www.paloaltonetworks.com/login?ts=markdown) * [Join us to become a member](https://www.paloaltonetworks.com/login?screenToRender=traditionalRegistration&ts=markdown) * EN ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Language * [USA (ENGLISH)](https://www.paloaltonetworks.com) * [AUSTRALIA (ENGLISH)](https://www.paloaltonetworks.com.au) * [BRAZIL (PORTUGUÉS)](https://www.paloaltonetworks.com.br) * [CANADA (ENGLISH)](https://www.paloaltonetworks.ca) * [CHINA (简体中文)](https://www.paloaltonetworks.cn) * [FRANCE (FRANÇAIS)](https://www.paloaltonetworks.fr) * [GERMANY (DEUTSCH)](https://www.paloaltonetworks.de) * [INDIA (ENGLISH)](https://www.paloaltonetworks.in) * [ITALY (ITALIANO)](https://www.paloaltonetworks.it) * [JAPAN (日本語)](https://www.paloaltonetworks.jp) * [KOREA (한국어)](https://www.paloaltonetworks.co.kr) * [LATIN AMERICA (ESPAÑOL)](https://www.paloaltonetworks.lat) * [MEXICO (ESPAÑOL)](https://www.paloaltonetworks.com.mx) * [SINGAPORE (ENGLISH)](https://www.paloaltonetworks.sg) * [SPAIN (ESPAÑOL)](https://www.paloaltonetworks.es) * [TAIWAN (繁體中文)](https://www.paloaltonetworks.tw) * [UK (ENGLISH)](https://www.paloaltonetworks.co.uk) * [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown) * [What's New](https://www.paloaltonetworks.com/resources?ts=markdown) * [Get support](https://support.paloaltonetworks.com/SupportAccount/MyAccount) * [Under Attack?](https://start.paloaltonetworks.com/contact-unit42.html) * [Demos and Trials](https://www.paloaltonetworks.com/get-started?ts=markdown) Search All * [Tech Docs](https://docs.paloaltonetworks.com/search) Close search modal [Deploy Bravely --- Secure your AI transformation with Prisma AIRS](https://www.paloaltonetworks.com/deploybravely?ts=markdown) [](https://www.paloaltonetworks.com/?ts=markdown) Podcast # Threat Vector | How Do Security Teams Keep AI from Becoming a UX Nightmare? Apr 17, 2025 ![podcast default icon](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/resources/podcast-icon-white.svg) ![podcast default icon](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/resources/podcast-icon-white.svg) Threat Vector | How Do Security Teams Keep AI from Becoming a UX Nightmare? Seek Slider 15s 30s volume-slider *00:00* *00:00* *** ** * ** *** AI is transforming cybersecurity at a rapid pace, but how do we ensure security without compromising usability? In this episode of Threat Vector, host David Moulton sits down with Christopher DeBrunner, VP of Security Operations at CBTS, and Ryan Hamrick, Manager of Security Consulting Services. They explore how AI-driven security is improving threat detection, the risks of over-reliance on automation, and the challenges of maintaining data privacy in AI-enabled environments. The conversation dives into the future of AI governance, how organizations can balance security and user experience, and the role of ethical AI use in cybersecurity. Tune in for expert insights on keeping security effective and seamless. Looking for more episodes that discuss the intersection of user experience (UX), and security? Check out the following episodes: * [Episode 54 -- Unlocking Cybersecurity ROI with Platformization Special Episode -- Live! From Philly](https://www.paloaltonetworks.com/resources/podcasts/threat-vector-unlocking-cybersecurity-roi-with-platformization?ts=markdown) * [Episode 53 -- Rethinking Cloud Security Strategies](https://www.paloaltonetworks.com/resources/podcasts/threat-vector-live-from-philly?ts=markdown) * [Episode 39 -- Balancing Security with Usability in Cybersecurity Further reading: CBTS resolves incidents in seconds with platformization, featuring Cortex XSIAM](https://www.paloaltonetworks.com/resources/podcasts/threat-vector-balancing-security-with-usability-in-cybersecurity?ts=markdown) *** ** * ** *** *Protect yourself from the evolving threat landscape -- [more episodes of Threat Vector are a click away](https://www.paloaltonetworks.com/podcasts/threat-vector)* *** ** * ** *** **Transcript** \[ Music \] **Ryan Hamrick**: Don't be afraid of using AI, but understand that there is a responsible and a safe way to use it. There is a risk associated with everything you're doing, and ' so be intentional about what you're doing with AI. **Chris DeBrunner**: Yeah. As the kids say, be a little sus, \[laughter\]. Think about some of the ramifications of putting certain pieces of data in, or asking it certain questions, or whatever the case may be. You do also have to have accountability and responsibility in what you're using it for as well. This is exciting. It's also ' **Ryan Hamrick**: Potentially dangerous. **Chris DeBrunner**: Very, potentially. **Ryan Hamrick**: No cap. \[ Music \] **David Moulton**: Welcome to 'Threat Vector', the Palo Alto Networks podcast where we discuss pressing cybersecurity threats and resilience, and uncover insights into the latest industry trends. I'm your host, David Moulton, director of thought leadership for Unit 42. \[ Music \] Today I'm speaking with Chris DeBrunner, vice president of security operations at CBTS, where he leads teams focused on helping customers protect themselves and reduce risk through managed services, strategic security operations, and automation. Chris brings over 14 years of experience at CBTS, with deep expertise in product strategy, compliance, and service delivery. I'm also joined by Ryan Hamrick, manager of security consulting services and cohost of the 'No More Secrets' security podcast. Ryan brings more than two decades of experience in offensive security, incident response, and malware analysis. At CBTS, he leads Red Team operations in professional services, helping organizations test their defenses by thinking and acting like an attacker. Today we're going to talk about AI-driven security, what it means for user experience, how organizations can balance risk and usability, and what guardrails are necessary to implement these technologies responsibly. We'll also dig into the ethics of AI, emerging governance structures, and how red-teaming AI tools might be the next big thing in offensive security testing. \[ Music \] Chris and Ryan, welcome to 'Threat Vector. ' I am so excited to have you here today. **Chris DeBrunner**: Thanks for having us. **Ryan Hamrick**: Yeah, thank you so much. Excited about it. **David Moulton**: Chris, I'll start with you. Can you give me a quick snapshot of your role at CBTS, and maybe something that people would be surprised is on your remit? **Chris DeBrunner**: Sure. My name's Chris DeBrunner. I work at CBTS. I'm the vice president of security operations, and my purview is helping our customers protect themselves and reduce their risk. **David Moulton**: How about you, Ryan? Can you give us a snapshot of a usual day and your remit? **Ryan Hamrick**: Sure, yeah. Ryan Hamrick. I manage the security consulting services group and professional services team here at CBTS, and my time does Red Team offensive operation, and it's really fun for us to be able to go into customers' networks, find things as the good bad guys for them, and be able to tell them exactly how we did those things. **David Moulton**: Alright. Let's, let's get into security topics for a little bit here, anyway. How can organizations balance between implementing AI-driven security measures and maintaining a seamless user experience? **Chris DeBrunner**: So AI for AI, right? So, you know, what we're trying to do, obviously, is use that to its advantage, right? It would enhance the behavioral anomalies that we currently are using in tools, you know, like Palo Alto today. You know, it can enhance the response by feeding it protocols, playbooks, remediation, actions. It helps us to dynamically keep things more protected, and obviously from a user experience perspective, it would improve that dramatically. You would see efficiencies, I would think, almost immediately, starting in the 20% range or even higher as things mature, for sure. **Ryan Hamrick**: And you kind of get that input of conversational chatbots from a security perspective too. We're starting to see some of that. And we're starting to think about how to implement that in our organization. How can an end-user go and have a conversation with a security tool, quote on quote. **Chris DeBrunner**: Right. **Ryan Hamrick**: To find out, you know, what ' why is this bad, why can't I get approval for this? Can I get approval for this? That sort of thing. That interaction, I think, is going to be pretty nice. **David Moulton**: And so Ryan, I think you were talking about it a little bit, but can you give us a specific example where AI has successfully enhanced security without compromising usability? **Ryan Hamrick**: Sure, well one of our use cases is, and this isn't necessarily, like, right away, threat in your face kind of situation, but we are building an internal AI chatbot that allows people to query our security policies. So what is our corporate policy for AI? Usable AI? What is the AI tools we're allowed to use? They can query that AI chatbot and get that answer back. One of the things we come across often is, we just don't know as the user where to find our security corporate policies, where to ' what is in those policies, and those sorts of answers are going to be more readily available to end-users. **Chris DeBrunner**: Yeah. And even from an integration, automation, and obviously user experience, like we're talking about. We're starting to dip our toe into some other technologies as well, to enhance our response, our process automation, take the simple tasks, if you will, of correlation, and pulling things, and running queries, and then handing those to the analyst, so they have all the information that they need right in front of them, as accurately as possible, and then being able to take that, obviously from multiple data sources, you know, looking for the needle in the haystack, in a lot of cases. **David Moulton**: As you're talking about that, it seems like there's two forms. There's the AI that allows somebody to do more, and then there's AI that does more for you, before you even know about it, and I like this idea of AI enhancing the user experience. Former designer, by the way. I spent about 20 years designing software, and a lot of times, to me, the best design is one that you don't even notice it's happening. **Chris DeBrunner**: Right. **Ryan Hamrick**: Mm hmm. **David Moulton**: It's out of your way. And if you're thinking wow, that was really delightful, I think it's cute one or two times, and then after that, you're kind of, you're over it. You don't want to see the animation. You don't want to see the, you know, the build of how the page comes together, whatever it is that you were doing in design. And I think the same is true with AI, where you're going, get out of my way, and make this task that I'm working on simpler and easier. Have you seen it go the other way though, where you're seeing examples where the UX is made worse by the AI, and what should we do about that, because it seems to me that things that are hard to use are going to be things that people avoid, even if they're more secure. **Chris DeBrunner**: Yes. And so, I did want to touch on the design concept. So I guess my idea for an AI-enhanced revitalization of Clippy would be a bad idea. **David Moulton**: \[Laughter\]. **Chris DeBrunner**: For some of the older listeners in the crowd, \[laughter\]. **Ryan Hamrick**: I mean, I always thought Clippy was, like, the awesome little joke that only certain people know about. **Chris DeBrunner**: Right. **Ryan Hamrick**: Because I've brought it up, and I'm like, well, you know, I've got a case of the olds. **Chris DeBrunner**: Yeah. **David Moulton**: Yeah. **Chris DeBrunner**: Clippy was ahead of its time. **Ryan Hamrick**: I like Clippy, and stay off my lawn, those are probably the two phrases that should go together, \[laughter\]. **David Moulton**: Yeah, so it can absolutely get in the way of a user experience. You know, bad design choices make bad user experiences. And if you've got an AI interface where the prompting is so difficult to figure out, the right way to get the right answer, that's a bad user experience. So that's, that's both a design choice and an architecture choice. **Chris DeBrunner**: Mm hmm. **David Moulton**: That causes a problem to the user experience. **Chris DeBrunner**: Yep, I agree with you. I personally have not run into, you know, I would say, AI that makes the experience worse, but that's just me personally. **Ryan Hamrick**: I've come across frustrations where I know kind of what I want to get out of it. **Chris DeBrunner**: Mm hmm. **Ryan Hamrick**: But I'm struggling to put the right words together in the right way to get the right thing out of the AI. **David Moulton**: It's not a security solution, but if you try to make AI image generators, you know, give you a person that is left-handed, you can't do it. **Chris DeBrunner**: Right. David Hamrick: Right. **David Moulton**: The training model is there. And it seems to me that there are going to be some of those same frustrations within AI-driven tools in security, where we ask, we prompt, we push, and without some sort of normalized data, you know, because it's coming from different sources, you're going to run into issues. **Chris DeBrunner**: Mm hmm. **David Moulton**: Where it ' what you're putting together doesn't talk to each other right, and then the outputs seem a couple degrees off, and then that's frustrating, and you want to move away from the tool that could be powerful, but the UX is just ' it makes you think, oh man, this is as bad as Clippy. **Ryan Hamrick**: \[Laughter\]. **Chris DeBrunner**: Yeah, we've seen that, where disparate data sources, you have a poor experience. We have seen that, obviously, with some of the early dealings and things that we've been doing here at CBTS. Having multiple data sources or things not in the right place does yield a poor experience initially, for sure. **Ryan Hamrick**: Yeah, like if I have got an event that I want to respond to, and the remediation for that event is fixing a registry entry, AI tool gives me the output of the GPO command or WMI command that I'm going to run to fix that registry entry across the organization, and it's not exactly right, or it's so far away that we have to do a lot of revision on it anyway to fix it. So I have to be knowledgeable enough to know that it's wrong, and know that ' how to fix it, despite the fact I'm sort of depending on this AI tool at that point to do that work for me. **David Moulton**: So, how important is it to have AI normalize the data from multiple sources on the back end? **Ryan Hamrick**: Very important, as long as you can tell it which one source is ' or give it a metric on how trusty each source is, I think. **Chris DeBrunner**: Yeah. **Ryan Hamrick**: Like, I ' this source, yeah, it's Wikipedia, great. Thank you, I trust it 50%. **Chris DeBrunner**: Mm hmm. **Ryan Hamrick**: But this source is Exploit-DB, and I'm going to trust that 90%. **Chris DeBrunner**: Right. **Ryan Hamrick**: I'm not saying those numbers are accurate in any way, shape, or form, but that sort of lever in the back end would be very helpful for me to trust the output that it has. \[ Music \] **David Moulton**: So, with the increasing complexity of AI-driven security systems, how do we effectively educate users without overwhelming them? **Chris DeBrunner**: I think it goes direct to training. I would treat it just like security awareness training. We try to be creative. You know, you can have videos, but also maybe interactive training would be very, very helpful. It would take maybe the scariness of it, but it would also ' you could also use that to enhance your AI to a certain extent. If you were using AI to train the userbase, to help in its effectiveness for an organization. **Ryan Hamrick**: I think there's also an opportunity for training enhanced by using it. So let's talk about this concept. We're going to train you on this concept, whether it's a self-driven training or a video. Now you go and do the thing that we said you could do with the system. You see how it works. And that's sort of, like, training backed up by actual use of the system will help build that trust, I think. **Chris DeBrunner**: Great. **Ryan Hamrick**: Familiarity. **Chris DeBrunner**: Yeah, it's just using it, getting familiar. **Ryan Hamrick**: Yeah. **Chris DeBrunner**: That would definitely help. **David Moulton**: Yeah. A lifetime ago, I was with Salesforce, and I went through the training, and then went through the trailhead, and you had to actually build on the platform. **Chris DeBrunner**: Mm hmm. **David Moulton**: To pass the training. And the academic exercise of reading and looking at the pictures, or watching the videos, versus actually going into the system and building it, worlds apart, but at the end I had that level of confidence that I could get Salesforce to do what I wanted, and I think what you're talking about really makes some sense, where it's not just abstracted out to, did you read or watch this video, as quickly as possible, and then answer two questions, and move on. **Ryan Hamrick**: Right. Yeah, that more practical application of the concepts you just learned has always worked better for me, personally, and I know it works better for a lot of people. **Chris DeBrunner**: Absolutely. **David Moulton**: So we've talked about the guardrails a little bit. Do you see any governance structures that need to be in place, to ensure that ethical use of AI in security? **Ryan Hamrick**: Yeah, so Chris touched on, like, the auditing the use. You have to go back and check. You do want to come up with rules, and those rules should be a written security policy that's put into place over the ethical use of AI. Here are our company policies for ethical use of AI. If you violate these, and we find out about it, something's going to happen, bad, probably, to you. But you can also programmatically put those guardrails in place up front. There's tons of different AI models you can grab out there, some without guardrails, some with way too many guardrails. Maybe we'll get to that later, but you just ' you really have to define what that means for you as an organization, and write it down, for god's sakes. **Chris DeBrunner**: Yeah. **Ryan Hamrick**: Put it down somewhere so people can read it. **Chris DeBrunner**: Yep, for sure. And we did talk about oversight committees. The other thing is making sure you have a good, diverse group of stakeholders. **Ryan Hamrick**: Yes. **Chris DeBrunner**: That would also absolutely ensure that that ' those structures, that governance is in place. **Ryan Hamrick**: Don't just feed it Urban Dictionary. **Chris DeBrunner**: \[Laughter\], that would be a bad idea. **Ryan Hamrick**: That would be a bad idea. Give it some good sources. **Chris DeBrunner**: That would ' I think the guardrail would be don't even entertain, or block that. **Ryan Hamrick**: Yeah, stop. But how do we make sure it keeps up with things like skibidi and rizz? **Chris DeBrunner**: It's a great question. **Ryan Hamrick**: We'll figure ' we'll work on that and get back to you. **David Moulton**: I mean, it sounds like this is a lot of time and resources in the prep work. Have you seen that in the projects that you're leading? **Ryan Hamrick**: I have seen that in projects that I'm involved in, internally. Yeah, for sure. A lot of upfront thinking about, what data do we want to allow people to have access to? What constraints are we going to put on the model, and what things are we going to feed into the model to make sure it doesn't go too crazy? But I have also seen the reverse, models that are out there where they don't do any of that, and the model gets weird real fast. **Chris DeBrunner**: Yeah, I wasn't, you know, part of those discussions, but I can't even imagine, you know, having the first stakeholder meeting that you guys had in that, right? That, I'm sure a light went off and said, oh man, you know, we have to ' first of all, the possibilities are endless, and then how do you ensure good ethical responses? How do you ensure accurate responses? That would be a ' I would have loved to been in the room when you guys went through that process. **Ryan Hamrick**: Luckily it wasn't ' it's with a very good group of very reasonable people. **Chris DeBrunner**: Correct, absolutely. **Ryan Hamrick**: So we didn't really have to be specific about that sort of thing, \[laughter\]. We, you know, we weren't like, make sure you don't say this word in the LLM. We weren't that specific about it, so ' **David Moulton**: I did want to ask you guys, have you come across Noelle Russell ever, in your, in your networking or? **Ryan Hamrick**: No. I have not, no. **David Moulton**: So she's the CEO at the AI Leadership Institute. And I want to ask you guys a question about it, but I wanted to give you a little bit of context on where that's coming from. So about a year ago, Noelle Russell came and spoke at one of our events, and one of the concepts she raised was the need for an AI Red Team to go in and really see how far they could push the AI tool, no matter its business application. Is that type of team something that you've seen some success with? **Ryan Hamrick**: We have created an offering for customers to do that sort of thing for their situation. So they stand up an LLM. Copilot, Gemini, whatever it is, Hugging Face model that they put out there. We have come up with an offering. We came up with it, at least the barebones concepts of it, about a year ago, so that timing is pretty auspicious, to do that very thing. Okay, great. You've got an LLM, you've defined your rules, you've got it set up. Now we're going to come in. We're going to go through the OWASP Top Ten for LLMs, because there is an OWASP Top Ten for LLMs. Here are the top ten vulnerabilities we're going to test for. You know, prompt injection, data misuse. So it's us coming in as acting bad guys, trying to mess with your LLM solution. Yep. We see value in that. We haven't had a lot of customers latch onto that yet. **Chris DeBrunner**: Yeah. **Ryan Hamrick**: But I think we ' that's something that's coming. **Chris DeBrunner**: Yeah, we definitely have customers that are still trying to imagine the possibilities, and what can we do, and how do we get setup, and what are the things we should be, you know, thinking about. But yeah, Ryan and his team, they put together an offering, months and months ago, and I'm sure you've tested that on our internal stuff. **Ryan Hamrick**: Yes, \[laughter\]. **Chris DeBrunner**: How'd that go? **Ryan Hamrick**: Pretty ' I mean, we use, internally, mostly Copilot. **Chris DeBrunner**: Right. **Ryan Hamrick**: And that is a pretty good model. It works pretty well. Really what we're testing for in there is overexposure of data. **Chris DeBrunner**: Mm hmm. **Ryan Hamrick**: I should not know everybody's salary in the company. Can I find that information in our LLM by tricking it to try and tell me that? Copilot does a good job of keeping the model up to date and fighting against those sort of injection attacks or data misuse. So, not a lot of success yet, but we're still there, we're still testing it. I like the concept better, sure, we'll go into your Copilot, but I like the concept better where they've set up a model that they either trained themselves or downloaded from Hugging Face, and they're applying it, for us to come in and do that, because there will be a lot less good configurations in that, \[laughter\]. More opportunities to break it. **David Moulton**: Ryan, you were just mentioning salary data that you shouldn't have access to. **Ryan Hamrick**: Right. **David Moulton**: And it makes me think about data privacy in general. How is AI influencing data privacy practices, and do you see any challenges, back to that idea of usability? **Ryan Hamrick**: I think we're having a lot more conversations internally, and with customers now, about data classification and proper controls than we ever have, because they understand that if they're going to stand up Copilot on their 365 instance, it's going to chew up all the data that's in 365, if you let it, and you should. But that data may not be properly secured. You may not have done the right role-based access controls because you need 50 people in your company to have access to this file, so you just say, let everybody have access to it. So we are starting to have a lot more of those conversations, and I think it's a very critical thing to think about in your risk conversation about, should we deploy AI? What data are we going to feed into it? What controls do we have around it already? Are they effective, because if they aren't, we're going to expose data. **Chris DeBrunner**: Right. Data's so important ' so important. I mean, if you look at all the, you know, GDPR, all the regulations, the compliance throughout the globe, that is the thing that, for me, scares me the most, when dealing with AI, and making sure those controls are there, and making ' ensuring data minimization, is that a word? **Ryan Hamrick**: Minimization? **Chris DeBrunner**: Data minimization. **Ryan Hamrick**: Yeah, cool, we'll call it, coined it right here. Now, my conversation ' my example was around Copilot, where we haven't even touched on the use of external AI sources, external to a company, where you're feeding it in, maybe even proprietary company data that goes into the model. And so we have made decisions internally, here are the acceptable AI solutions. We block the access to everything else, because we don't ' we want to be able to control that. We recommend that to other companies as well. Make specific decisions about what AI tools you want to allow in your environment, and make sure that you block access to anything else, through whatever means necessary. We do it using GlobalProtect, honestly, to disallow access to the domain URLs for those sorts of things, or the categorization of those things. But, you know, the exposure is, I upload ' I want ' I have two sales documents with lots of financial data in them. I'm going to upload them to ChatGPT, give me a comparison of these two files. Tell me the good and the bad, and give it to me in a table output. You can do that. But that data then goes into the model for someone to come back later and say, what is CBTS' latest financial models? And it comes right back out to whoever has access to the model. **David Moulton**: So I'm going to date myself and flip this around just a little bit. There was a time when getting music was hard legally, but easy illegally. **Ryan Hamrick**: Yes. **David Moulton**: There was a website. And then Apple came along, and they said hey, we've made it pretty easy to get legal music, and a UX of that experience was so simple and clean, and I didn't have to worry about the download actually being something I didn't expect. And I think others found that to be true, right? Like, we followed where it's easy. When you talk about a disallow list for AI tools, that makes a lot of sense. There's some places ' some alleyways we should not visit, right? **Ryan Hamrick**: Yep. **David Moulton**: But you were talking about a chat tool earlier that said, these are the tools that are allowed, and I sometimes think it's easier to lead people to where they can go than to frustrate them and block them. What's the balance that you strike between a disallow list and an education of, here's where you go for legal downloads, except it's AI tools. **Ryan Hamrick**: Yeah, I mean, we ' in security we try to tell people we are an enablement group, and we aren't trying to disable you from doing your job. We want to enable you to use the best tools in the safest way possible. And so, we have a block list. We basically, the way we do it is we have acceptable AI tools. Anything else is outside of that. So the messaging we can put out there is, here are the ones we can use. Here are the ones that we encourage you to use. Here's training on how to use those particular tools, like we mentioned earlier. Training them will help them trust the tool a little bit more. We use Copilot internally, great, but do people know how to use it? If they don't know how to use it, they're going to go to the one that is the easiest to use, like you mentioned. Apple came out with this great interface that was easy to use, and so people went to that. It was easier than those other tools that we probably shouldn't name, that we maybe all used before, \[laughter\]. **David Moulton**: Yeah, we all know what we're talking about. **Chris DeBrunner**: Yeah, we sure do. **Ryan Hamrick**: Thanks Shawn, appreciate it, \[laughter\]. **Chris DeBrunner**: Yeah, but I mean, to Ryan's point, right, we want to enable people, we try to give proper guardrails, and then we also try to put the proper exception processes or approval processes in, to hopefully enhance, so we don't slow things down too much, or we're able to, you know, help our constituencies perform the work that they need to perform. **Ryan Hamrick**: Yeah, let's use a specific use case, DeepSeek. So DeepSeek came out, it hit the market hot here in the United States, not too long ago. We don't know enough about it right now to say yes, you can use it. Now, I have a specific opinion on that, that we should not use it. There's reasons for that. We can get to that later, maybe, but ' **David Moulton**: Yeah, we released research on it as well. **Ryan Hamrick**: Yeah. **David Moulton**: And I don't think we would recommend it. **Ryan Hamrick**: Right. **David Moulton**: From Unit 42's point of view. **Ryan Hamrick**: Correct. I would agree with that research, \[laughter\]. However, people may ask about it, and we want to make sure that we have the right conversation with them, and it isn't like, no, you can't use it because it's bad. It is more like, we're doing the research on it. Here's what we've found out. Here's what Unit 42 has put out about it. Here's what this other company has put out about it. Here's our own research about it. Here's why. I think the why is really the best way to get that message out to organizations, rather than just saying no. No, but why? **Chris DeBrunner**: 100%. That's every reason to give a why, for sure. **Ryan Hamrick**: Yep, yep. \[ Music \] **David Moulton**: So guys, I want to shift gears a little bit, talking about AI in threat detection. How is AI changing the landscape of threat detection, and what do you think the implications are for the end-users? **Chris DeBrunner**: I mean, from my perspective, it's efficiency. It's time. It's real-time, it's the potential for identifying patterns that are indicative to new threats that are, you know, we're just learning about within potentially minutes or hours, through the various feeds. And you know, being able to hand, you know, the analyst that information, right out of the gate, in a much quicker fashion. Instead of days, it's now minutes, is pretty much a game-changer. You know, and by doing that, obviously, you know, you have a chance for preventing breaches sooner rather than later, and then when you start really getting into, you know, the auto-remediation of those things, it's pretty exciting, quite honestly. That AI has the potential to really help us find those needles in the haystack for each one of our customers that we provide services to. So it, you know, that's what ' I'm super excited. That's where we're driving towards. That's where we want to be. **Ryan Hamrick**: And as much as automation helps in threat detection, having AI bolster your automation processes. **Chris DeBrunner**: Mm hmm. **Ryan Hamrick**: Is also going to help a lot with the speed of threat detection for new threats. **Chris DeBrunner**: Right. **Ryan Hamrick**: Because, you know, stuff can ' there's hundreds of new threats a day. **Chris DeBrunner**: Yeah. For sure, and it gives us higher confidence, right? **Ryan Hamrick**: Right. **Chris DeBrunner**: Less, you know, we'll be able to sniff out the false positives, benign positives, and really get to the things that we need to really worry about much, much faster. **David Moulton**: So you've talked about this idea of blending together AI and automation, right? It's the cookies and cream of technology right now. **Ryan Hamrick**: Yeah. **David Moulton**: But as these systems become more autonomous in their decision-making, how do you make sure that users maintain that appropriate control over the security settings? **Ryan Hamrick**: We have to follow Asimov's three rules. **Chris DeBrunner**: Yeah, that's, 'I, Robot' came to mind. **Ryan Hamrick**: Yeah, \[laughter\]. **Chris DeBrunner**: Am I allowed to say that? **Ryan Hamrick**: I'll allow it, and I have no authority here, but I'll allow it. So that's where watching for bias in the model and shift in the model becomes pretty important. You have to continue to ' your capabilities to see a false positive for what it is, as a human, continues to be a valuable part of that whole feedback process. Now, you may have a thousand false positives that the AI system takes care of for you, but you still want to go back and check, and make sure that the model is doing what it needs to do. It can be ' it's spot checking. You shouldn't trust an AI solution to go back and check the efficacy of the AI solution you have in place. For efficiency's sake, you still need to go back through manually and do that stuff, but that's, again, that's where you look at the bias in the model and continue to make sure it's being fair and trustworthy, and all of those fun metrics that are now part of our lives. **David Moulton**: Can you talk about the potential consequences for overreliance on AI for security decisions? **Ryan Hamrick**: Yes. Yeah, so one of the things we actually talked about, Chris and I were just kind of sitting and chatting about this, I think yesterday, is we're going to start to see a generation of folks coming into IT that started with AI as enablement tools. And AI tools that can generate code for you, that you put into production, that you run on your systems, and you do these things. Hopefully they have the wherewithal, and they get the training to be able to interpret the code that AI is generating for them, to be able to make sure that it is right and effective, and not even accidentally malicious, but I'm worried about that. **Chris DeBrunner**: Yeah. Let me talk about the guardrails, and exception handling, and making sure that things are properly vetted before you move right. Yeah, it is something that does make us think and worry a little bit, for sure. **Ryan Hamrick**: Yeah. **Chris DeBrunner**: And it's not just going to be from a coding perspective, you can quickly extrapolate into other, not just IT areas, but you could quickly look into healthcare, and financial, and other verticals. **Ryan Hamrick**: Yeah. **Chris DeBrunner**: Government, military. **Ryan Hamrick**: Any decision-making point. **Chris DeBrunner**: Right. **Ryan Hamrick**: Driven by AI is going to have to be vetted until it's ultimately bullet-proof. **Chris DeBrunner**: Right. So we talked about crawl, walk, run. **Ryan Hamrick**: Right. **Chris DeBrunner**: We really need to crawl for a really long time, I think, to really make sure that this is safe. **Ryan Hamrick**: And that crawl is going to be difficult when we get to the point of more ubiquitous quantum computing. **Chris DeBrunner**: Right. And then that's a whole another -- **Ryan Hamrick**: It's a whole. **Chris DeBrunner**: That's a whole another show. **Ryan Hamrick**: Maybe a whole another episode, I don't know. **David Moulton**: I was going to say, we only got one episode planned for today, but maybe we'll have to come back on that. **Ryan Hamrick**: \[Laughter\]. **David Moulton**: So let's look ahead a little bit. How do you envision the relationship between security and usability evolving with the advancements in AI or some of these other technologies? **Ryan Hamrick**: I think it's still kind of ' it's not a different conversation than we're having today with end-users. The difference between security and availability, right? We always ' it always seems like it's a struggle between us being able to patch systems versus them needing to have 1000, 3000 days of uptime, which is, don't do that. Thank you. That's my soapbox. Thank you for coming to my very short TED Talk. So I think it's the same conversation. It's around, we want to make sure it's usable, and as invisible ' the security controls around it are as invisible as possible to the end-user, but you have to understand that we have to put some controls around it. Now, everything we do is to make sure to enable you to use the tool, and we're here to help address the risks that maybe we understand and maybe you, as the end-user, don't, but at some point you do have to trust us, and more than happy to take feedback. More than happy to hear, you put this control in place and it has made the platform unusable for me because of this use case that I have. Let's figure out how to make that work. It's a back and forth conversation about how do we balance those two things, but it ' I don't think it's significantly different than the conversations we have today around system availability and security. **Chris DeBrunner**: Right, and I agree. It's still the CIA. **Ryan Hamrick**: Yeah. **Chris DeBrunner**: Triad there. I agree with everything you said there, Hammer. **Ryan Hamrick**: Thank you. That's why we work so well together, because you just agree with whatever I say. **Chris DeBrunner**: That's correct. **Ryan Hamrick**: Perfect, \[laughter\]. \[ Music \] **David Moulton**: Chris and Ryan, thanks for an awesome conversation today. I really appreciate you sharing your insights on AI systems, some of the things that are exciting in security, some of the things that are dangerous about these tools. It gives me optimism that smart guys like yourselves are thinking about this and keeping your clients, our clients very safe. **Chris DeBrunner**: Yeah, thank you so much for having us. We had a great time. **Ryan Hamrick**: Yeah, absolutely. Thank you for having us. **David Moulton**: That's it for today. If you like what you heard, please subscribe wherever you listen. Leave us a review on Apple Podcast or Spotify. Your feedback really does help me understand what you want to hear about, and if you want to reach out to me directly about the show, email me at threatvector at paloaltonetworks.com. I want to thank Michael Heller, our executive producer, our content and production teams, which include Kenne Miller, Joe Bettencourt, and Virginia Tran. Elliott Peltzman edits the show and mixes the audio. We'll be back next week. Until then, stay secure, stay vigilant, goodbye for now. \[ Music \] ![Share page on facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/resources/facebook-circular-icon-grey.svg) ![Share page on linkedin](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/resources/linkedin-circular-icon-grey.svg) [![Share page by an email](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/resources/email-circular-icon-grey.svg)](mailto:?subject=Threat%20Vector%20%7C%20How%20Do%20Security%20Teams%20Keep%20AI%20from%20Becoming%20a%20UX%20Nightmare%3F&body=AI%20is%20transforming%20cybersecurity%20at%20a%20rapid%20pace%2C%20but%20how%20do%20we%20ensure%20security%20without%20compromising%20usability%3F%20at%20https%3A//www.paloaltonetworks.com/resources/podcasts/threat-vector-how-do-security-teams-keep-ai-from-becoming-a-ux-nightmare) Related Resources Access a wealth of educational materials, such as datasheets, whitepapers, critical threat reports, informative cybersecurity topics, and top research analyst reports [See all resources](https://www.paloaltonetworks.com/resources?ts=markdown) {#footer} ## Products and Services * [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown) * [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown) * [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown) * [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown) * [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown) * [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown) * [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown) * [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown) * [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown) * [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown) * [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) * [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown) * [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown) * [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown) * [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown) * [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown) * [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown) * [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown) * [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown) * [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown) * [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown) * [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown) * [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown) * [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown) * [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown) * [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) * [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown) * [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown) * [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown) * [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown) * [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown) * [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown) * [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown) * [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown) * [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown) * [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown) * [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown) * [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown) * [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown) * [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown) * [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown) ## Company * [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown) * [Careers](https://jobs.paloaltonetworks.com/en/) * [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown) * [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown) * [Customers](https://www.paloaltonetworks.com/customers?ts=markdown) * [Investor Relations](https://investors.paloaltonetworks.com/) * [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown) * [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown) ## Popular Links * [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown) * [Communities](https://www.paloaltonetworks.com/communities?ts=markdown) * [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown) * [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown) * [Event Center](https://events.paloaltonetworks.com/) * [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center) * [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown) * [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown) * [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown) * [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown) * [Tech Docs](https://docs.paloaltonetworks.com/) * [Unit 42](https://unit42.paloaltonetworks.com/) * [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd) ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg) * [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown) * [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown) * [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) * [Documents](https://www.paloaltonetworks.com/legal?ts=markdown) Copyright © 2026 Palo Alto Networks. All Rights Reserved * [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks) * [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown) * [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/) * [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks) * [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks) * EN Select your language