Agentic AI poses a new and growing threat to corporate networks. Palo Alto Networks believes this threat is potentially even greater than the risk posed by humans. We spoke with CEO EMEA Helmut Reisinger about agents as an insider risk and how to anticipate them. Reisinger notes that only a very small proportion of global AI deployments currently have associated AI security.
According to the CEO EMEA of Palo Alto Networks, AI on the dark side has done three things particularly well: speed, scale, and sophistication. As a result, the time between a successful intrusion and the actual theft of data has decreased significantly over the past three years. Whereas three years ago the average period was nine days, it is now one day. The fastest case documented by Palo Alto Networks was even 72 minutes.
Reisinger sees three phases that we went through to reach the current level of AI, which have been completed on both the cyberattack and defense sides. The first phase began in 2014, when Palo Alto Networks increasingly integrated machine learning into its next-generation firewalls. This was mainly deterministic AI. The second phase was the arrival of generative AI in 2022. Now the industry is in the third phase: agentic AI. “I call that production AI,” says Reisinger. “It gives the European economy potential hope, because we are looking for productivity growth.”
But agentic AI also introduces a new security risk. And that risk has a name that everyone in security knows: the insider. The security industry has been focusing on this for some time, but new risks have emerged.
An agent works 24/7 and never sleeps
An AI agent that executes business processes has access to sensitive business data. That access is necessary to perform the task for which the agent is deployed. “An agent is a perfect insider,” says Reisinger. “Because unlike you and me, it doesn’t need sleep. It works 24/7.” The difference with a human employee: an agent is always active, always has access, and never sleeps. A security team that does not specifically monitor AI agents has a blind spot.
Reisinger points out that most companies are not adequately addressing this new risk. Research by Stanford University shows that only 6% of AI deployments worldwide are equipped with appropriate AI security measures. The vast majority of organizations that use AI do so without adequately securing their systems.
To address this, Palo Alto Networks has launched a module within its platform called Prisma AIRS. This stands for AI Runtime Security. Launched after the acquisition of Protect AI in mid-2025, this product offers AI Access (inventory of access to language models), agent security, and red teaming on language models. The latter is necessary because language models are non-deterministic: ask a model the same question three times, and you may get three different answers. Runtime security monitors whether a model’s behavior has changed.
Three acquisitions form the foundation
What you ultimately see at Palo Alto Networks is that it is expanding its platform with its own AI security tools, but it is also looking at the market to identify the best technology for a particular component. This has resulted in a significant number of acquisitions, often involving large sums of money. While Protect AI is estimated to have cost around $500 million, three other parties have come on board with even higher price tags in some cases. They complement the platform perfectly.
The largest was the acquisition of CyberArk for $25 billion, completed shortly before our conversation. CyberArk is a big name in identity security, something that is necessary for the idea of AI agents as perfect insiders. As AI agents increase, machine identities are also exploding. Reisinger outlines that one human identity today is already equivalent to 80 machine identities. That ratio will become even more extreme with the advent of AI agents. “Since this poses a huge internal risk 24 hours a day, we need to ensure that these agents are secured. This is done by securing the AI runtime and the associated identity security. There should be no AI deployments without identity security,” says Reisinger.
On top of that comes Koi, an Israeli startup specializing in endpoint security for AI agents. That acquisition is still very recent, with a confirmed acquisition intention in mid-February. The acquisition of Koi has not yet been completed, so it is not yet part of the Palo Alto Networks platform. However, Koi fills precisely the blind spot that Reisinger describes: monitoring agentic endpoints in real time.
Finally, Chronosphere is part of Palo Alto Networks’ offering. This acquisition, completed on January 29, 2026, for $3.35 billion, brings data observability in-house. This gives companies deep, real-time insights into their applications. According to Palo Alto Networks, organizations currently struggle to gain insight into and secure the large amounts of data they run on. Reisinger points out that Chronosphere excels by offering AI-scalable data analysis at an estimated half the cost of the current market leaders in that segment. The latter argument resonates strongly with European customers, according to Reisinger.
Platformization as a response to fragmentation
The acquisition strategy aligns with the platformization trend Palo Alto Networks is pursuing. Using multiple separate security tools creates gaps. “No two tools communicate perfectly with each other,” says Reisinger. “And every gap is an invitation to the attacker.” Reisinger cites the example of a European automotive company that recently switched from more than a dozen legacy tools to a single platform for network security and zero trust, plus a single platform for the security operations center.
The approach is modular, allowing companies to set their own pace. AI security is not a standalone product within this framework, but a module in the zero-trust network. Zero trust revolves around strong authentication upon login, followed by continuous inspection: is this still the same identity that was previously granted access?
Ultimately, the scale of Palo Alto Networks can also mean a lot. It processes 15.4 petabytes of telemetry data per day from networks, firewalls, endpoints, and cloud assets. That forms the basis of AI-driven security. The more data, the richer the security. With that as the core of a platform approach, it is well positioned for the era of the new insider and AI security.