Palo Alto Networks announced several major updates today. You could say that there are three version updates. This is literally true for Cortex Cloud and Prisma AIRS, which are getting version 2.0, relatively quickly after their first versions. For Cortex XSOAR, this is true in a slightly more fundamental way. Cortex AgentiX will replace Cortex XSOAR. In this article, we explain the various updates, which naturally have a lot to do with AI.
It is not always easy to make sense of Palo Alto’s offering. You could say that it is a colorful collection of many smaller platforms that together form one large platform. However, you can quickly get lost on the company’s website if you are looking for logic in the naming. Broadly speaking, there is a large network security platform and a large SecOps platform. The various components of the Prisma suite are spread across all kinds of sub-areas of both larger platforms. The components that fall within the Cortex suite all belong to Palo Alto’s SecOps platform.
Palo Alto is announcing updates for both the Prisma suite and the Cortex suite today. These can be divided into two categories: AI for security and security for AI. We will first discuss the updates for the Cortex suite, which fall into the first category. Then we will look at the update for Prisma, which falls into the second category.
AI for security: Cortex AgentiX
Without a doubt, the biggest update is that of Cortex AgentiX. It takes the now somewhat outdated and out of favor (but still relevant) SOAR (Security Orchestration, Automation, and Response) and puts it in a new, agentic guise. During a call with Nikesh Arora, CEO of Palo Alto Networks, he also refers to it as “the next iteration of SOAR.” Cortex AgentiX will eventually replace Cortex XSOAR.
Automating workflows has, of course, always been part of SOAR. With the launch of Cortex AgentiX, Palo Alto wants to make it possible to add agents to carry this out. The idea is that these agents can conduct research and do much of the groundwork. Palo Alto has not rushed into this, that much is clear. Palo Alto trained Cortex AgentiX on 1.2 billion actual and real playbooks.
The agents that are part of Cortex AgentiX can be agents built by Palo Alto. A number of them are already available at launch. Among others, Threat Intelligence, Email Investigation, Endpoint Investigation, and Network Security Agents are available starting today. However, customers (and partners) can also build their own agents. This is possible within the Palo Alto environment in a no-code builder. Of course, this also uses AI. Palo Alto has made more than 1,000 integrations available in that builder. In addition, there is native MCP support, and the company promises robust boundaries and total control.
Palo Alto Cortex AgentiX is currently available in Cortex Cloud, XSIAM, and XDR. The company expects the fully standalone version, which will replace Cortex XSOAR, to be available in early 2026. This standalone version is more important than you might initially think. AgentiX within existing Cortex environments is limited to Palo Alto environments. However, customers can connect full AgentiX platform to other platforms and products. Palo Alto wants to create an “industry platform” with this, in the words of Arora. It is not specifically for Palo Alto environments alone.
Finally, it is worth noting that every action an agent takes within AgentiX is fully auditable. According to Palo Alto, this makes it a fit for even the most stringent compliance and security requirements.
AI for security: Cortex Cloud 2.0
Cortex Cloud is Palo Alto’s CNAPP, or cloud security, offering. Earlier this year, we discussed the challenges of cloud security at length at one of our roundtable discussions. One of the conclusions at the time was that cloud security is everywhere. The complexity of the resulting (hybrid) environments is increasing to such an extent that it is becoming very difficult to maintain an overview and address all critical risks in a timely manner.
With Cortex Cloud 2.0, Palo Alto wants to provide customers with additional help in this area. This second version comes eight months after the company launched the first version on the market. One of the most important innovations in Cortex Cloud 2.0 is the integration of the Cortex AgentiX. This frees up security personnel from pedestrian tasks. They can focus on more important matters instead.
In addition to the agents available through Cortex AgentiX, Cortex Cloud 2.0 can call on an improved Cloud Detection and Response (CDR) agent. This agent works in real time, but now uses 50% less processing power than the previous one.
The other innovations in Cortex Cloud 2.0 seem mainly cosmetic to us. For example, the Command Center has been revamped. This should provide faster and better insight into the assets in the cloud, critical risks, and active threats. Furthermore, the recently launched Application Security Posture Management (ASPM) module is now available in Cortex Cloud 2.0.
Security for AI: Prisma AIRS 2.0
The latest update today is Palo Alto Prisma AIRS 2.0. This component has its own category on the Palo Alto website, namely AI security. With AIRS, the company is not focusing on the use of AI in its own products, but on securing AI used by customers. Six months ago, Palo Alto launched the first version of AIRS. This coincided with the announcement that it wanted to acquire Protect AI. That acquisition closed at the end of July 2025. The announcement of AIRS 2.0 should therefore be seen primarily as the full integration of Protect AI into the new offering.
The goal of Prisma AIRS 2.0 is to provide end-to-end security for AI. This means, among other things, that it inspects AI agents and AI models down to the deepest layers during their development. It must also protect the agents that are running in production. This includes protection against prompt injection, agents that behave badly, and misuse of tools. According to Palo Alto, AIRS can independently find and rank all AI agents, including agents that are part of Shadow AI.
To stay up to date, Cortex AIRS 2.0 must also continuously test its own platform. It does this with the help of agents and more than 500 specialized attack methods. Palo Alto’s goal is to discover vulnerabilities in AI systems before they are exploited. The fact that this happens continuously should keep the attack surface for AI agents and models relatively small.
According to Palo Alto, Prisma AIRS 2.0 can dive very deep into AI models to detect malicious code in the deeper layers of a model. AI Model Security provides a complete list of ingredients of the model it has examined. This should greatly improve visibility, which in turn should have a positive effect on issues such as governance, risk, and compliance.
Availability
Palo Alto Cortex AgentiX is available immediately within Cortex Cloud, XSIAM, and XDR. The full AgentiX platform (the successor to Cortex XSOAR) will be available in early 2026. Cortex Cloud customers will receive the update to version 2.0 in the first half of 2026. Prisma AIRS 2.0 is available starting today.