Even with the surge in automated cyberattacks, cyber defense teams still have a chance to gain the upper hand using AI and agentic, Klarich tells CRN.
Palo Alto Networks is increasingly driving improved security outcomes with the utilization of AI such as through accelerated cyber remediation—providing a strong indication that a more-automated approach can in fact give defenders the bigger AI advantage over threat actors, according to Palo Alto Networks CTO Lee Klarich.
In an interview with CRN, Klarich, who also serves as chief product officer at the cybersecurity giant, said that security operations offerings such as the company’s AI-powered Cortex XSIAM are “starting to see mean-time-to-remediation go from days to single-digit minutes.”
[Related: Channel Has ‘Huge’ Role In Securing AI Agent Revolution: Top Execs At RSAC 2026]
It’s just one example illustrating why, even with the surge in automated cyberattacks, cyber defense teams still have a chance to gain the upper hand using AI and agentic, he said.
When it comes to AI-powered attacks, “the first wave of this is not feeling great, because the number of attacks is increasing, the speed of attacks is increasing,” Klarich said during an interview at the RSAC 2026 conference in San Francisco.
On the defender side, the clear answer is that “we need to start shifting from these workflows that were very human-centric, toward machine- and agentic-centric workflows,” he said. “We’ve already proven this out in a number of places. We proved this out with XSIAM.”
Without a doubt, the dramatic reduction in mean-time-to-remediation that XSIAM has enabled is thanks to increased leveraging of AI, he said.
“So how do we then apply that same logic to cloud security, to network security, to secure access, to the browser? And identity of course. That is the opportunity for defenders,” Klarich said.
Ultimately, “if we get that right, I do believe that [AI] can benefit defenders more than it benefits attackers. That’s the area, in some ways, that I’m most hopeful for,” he said. “But it will play out over the next few years.”
During the interview with CRN, Klarich also discussed the connection between platformization and secure usage of AI, how Palo Alto Networks’ $25 billion acquisition of CyberArk is helping to enable agentic adoption and the major opportunity for partners to become “trusted security architects” for their customers in the AI era.
What follows is more of CRN’s interview with Klarich.
How is security shifting in response to the fact that organizations are now grappling with agentic, whereas a year ago it was mainly about more basic forms of LLMs?
I think [right now] everyone is talking about what’s coming, as if it’s already here. The reality, at least as I see it, is that the real here-and-now in production is what we were talking about last year—which is adding AI to applications and the risk that brings. Where do your models come from? And are they safe, secure, etc.? What does that full supply chain look like? The posture of the application, the AI red teaming to test it, the prompt injection attack to protect it—those types of things. A year ago, that’s what we were talking about. And now, that is what everyone is dealing with in production.
At the same time, everyone’s thinking about, “Where am I going to be in production in six, nine, 12 months from now?” And everyone’s [thinking that] all this AI stuff is going to become a lot more autonomous. It’s going to start looking like agents. And as it looks like agents, what does that then mean? Obviously some bleeding edge organizations are already there. But for a lot of people, they’re running pilots, they’re doing testing, they’re doing all this kind of stuff to get ready for production.
[With] Prisma AIRS 3.0, a lot of the enhancements to it are oriented toward AI becoming more agentic in nature. So you saw us add to model scanning and the ability to look at other aspects of the supply chain. You saw us talk about additional protection mechanisms which are oriented toward agentic attacks, which are different than traditional AI applications. And we’re also expanding the posture capabilities to assess the posture of these agentic platforms. And then we pre-announced the agentic gateway, which will allow us to actually sit in the flow of agent-to- agent communication and secure that traffic. Because there, the key is not only do we have to be able to control that traffic—we also have to be able to inspect it, secure it and inject identity into it using the CyberArk agentic identity. But the gateway becomes the place to inject that and enforce that.
In terms of what you’re hearing from CISOs, are you hearing greater concern about agentic than with the LLMs we’ve had up until this point?
I would describe the concerns I hear from CISOs as, the promise and benefits of AI in general are so great that the business can’t say no. And so the concerns from CISOs are, how am I going to be able to say yes and stay secure? If you think about past cycles—after the first SaaS application went online, how long was it before SaaS applications were mainstream in the enterprise? It took a while. It was many, many years. Think about cloud adoption—when was the first time you heard about the cloud versus when it was mainstream in the enterprise? It was quite a few years, actually. With AI, we’ve had three years to get to the point where we are now. And every enterprise is using it to some extent, in three years. I don’t think that’s ever happened that fast before. The reason why the driving force is there is because the promise is so high to the business. That forcing function basically says, “Thou shalt adopt—now just tell me how secure we can be.” So we’re trying to be there for our customers to say, “Actually, we think you can be pretty secure.” And we’re going to be there as your partner, not just [by] offering you a security solution today—but we’re going to be adding to that in a very rapid fashion, and adapting as these AI architectures change. I don’t know exactly how AI is going to be architected 12 months from now. So I better make sure that our solution for securing it is adaptable enough that, as we see that evolution, we will be able to quickly add that next thing.
What are some of the biggest challenges you see coming for partners on these issues?
In the partner context, I think the biggest challenge is architectural and deployment-oriented. I’m a product person, so it’s not to say that that part is not important. But I see this huge opportunity for our partners to become the trusted security architects for the customer. Because these are complex designs. They are changing rapidly, and that creates need and opportunity. The need from the customer is to have a partner that can help them understand this. The opportunity is for partners to actually become those experts and the trusted advisor to the end customer. And that, in itself, is a business opportunity. Then in addition to that, being that trusted advisor means that as we [work] with our partners with the solution, they’re not just showing up saying, “You should do something”—they’re showing up saying, “This is what you should do. And working with Palo Alto Networks, here is that solution that we can implement.” So that’s what I believe. It’s not that dissimilar [compared to] looking at past cycles. When cloud adoption first happened, a lot of these companies went and looked and said, “Who can I go partner with, who is going to help me on this journey?” The same thing is happening again with AI.
How big of a boost is CyberArk bringing to what you’re doing with AI and agentic?
As we go from AI as a helper, to AI with more autonomy, AI and agents talk to other AI agents and applications. And so as that happens, identity becomes incredibly important. CyberArk is very well-positioned, because they have both the human identity side and the non-human identity side. Today, a lot of agents are actually effectively delegated from a specific person. If you look at vibe coding as an example, a developer is delegating permissions to the vibe-coding solution to go do things on the developer’s behalf. What we pre-announced with CyberArk is their ability to perform what’s called “on behalf of” identity—where they can understand the agent is working on behalf of a user. That allows us to understand the relationship between the user and the agent. It also allows us to perform authentication and permissioning oriented toward that agent—importantly, to make sure that agent has to always go through proper authentication permissions. And then that will tie into our agentic gateway. So those things will work in concert.
Over time, when you get to true autonomy of agents, they’re going to be machines not delegated from a human. So if a machine is taking a trigger from some signal in the infrastructure—and it’s not being triggered by a person—well, now you need non-human identity paired with agentic identity. And if you look at CyberArk, they’re a leader in non-human identity. What we liked about them was they have both the human and the non-human pieces. And so, as we deliver on agentic identity, it will be plugged into, effectively, both of those infrastructures. That puts us well-suited to solve what will be one of the critical aspects of securing agentic deployments.
How much more important do you believe platformization is going to become as we move forward in AI?
Let me start with the aspect of how platformization will aid in AI adoption. If you’re a cybersecurity team, everything else that you have to deal with [besides AI] is not going away. All your network security and SASE and cloud and SOC—all of those things you still have to run. And now you have this new thing. So the first way the platformization helps with AI adoption is, it frees up time—because instead of running 100 different point products for all your other things, you’re running a set of platforms. Now it might be a set of platforms with some select technologies built in. I don’t subscribe to this [idea that] an enterprise is going to have three vendors. But it can’t be 100. So the first way is, we can dramatically reduce the strain on all of the existing security things that need to be dealt with—hopefully then freeing up the teams to spend more time on the new, changing AI space. The second is, platformization helps with AI adoption in security. So before we talk about how to secure your AI adoption, platformization helps with adopting AI capabilities to help the security practitioners be more efficient. Because we can build things like AgentiX and AI workflows into our platforms, which then actually further help with tackling the operational burden that most organizations are dealing with. The third way is, when it comes to AI security, Prisma AIRS and our approach to platformizing AI security for our customers is super powerful. Because then, instead of [introducing] the next 20 security tools for AI—which just perpetuates the problem of point products—we can say, “Here’s our AI security platform. Here’s all the things that we can do natively, best of breed, but delivered in the form of a platform.” So then you don’t have to go try to figure out how you’re going to stitch all these other point products together, which is just the same problem repeated over and over.
What would be something you still feel uncertain about when it comes to how AI and agentic will impact cybersecurity going forward?
I’m still optimistic that AI will benefit defenders more than it benefits attackers, but that is still uncertain. If you think about attackers using AI, most of what they’ve done so far is using it to do, roughly speaking, the same attacks, but faster or at a higher scale. So yes, they’ve used AI to write malware. They’ve used AI to find vulnerabilities in code. They’ve used AI to automate certain things. But we had all those problems before. Now, the first wave of this is not feeling great, because the number of attacks is increasing, the speed of attacks is increasing. So that’s why I say, this is still somewhat uncertain.
But then the question is, why do I think that it could benefit defenders more than attackers? Well, if you think about the biggest challenges in defending against attackers, often it’s having these little, tiny gaps in your security infrastructure. The attacker found the one identity that was not configured properly, was not locked down properly. And historically, the solution for that is people reviewing configurations and data. But these environments are so complex. Think about a company with 200,000 employees spread around the world and different business units and different cloud environments and data centers and on-prem. And then you go and say, “Hey, can you make sure that all your identities are configured correctly?” It’s like, “Oh my God, how am I going to do that?” And, “Oh, by the way, I need you to do that on a continuous basis.” So if we imagine bringing AI to that problem and saying, “Hey, AI, I want you to analyze my identities across 200,000 employees and cloud and on-prem and this environment and that environment, and I want you to [do this] on a continuous basis” — [the answer would be] “Sure, no problem.” So we need to, No. 1, actually get our security stacks or platforms up so they’re able to have AI components to them. So this gets back to how platformization can help.
Second, we need to start shifting from these workflows that were very human-centric, toward machine- and agentic-centric workflows. We’ve already proven this out in a number of places. We proved this out with XSIAM. We’re starting to see mean-time-to-remediation go from days to single-digit minutes. That is the result of automation and AI. So how do we then apply that same logic to cloud security, to network security, to secure access, to the browser? And identity of course. That is the opportunity for defenders. And if we get that right, I do believe that [AI] can benefit defenders more than it benefits attackers. That’s the area, in some ways, that I’m most hopeful for. But it will play out over the next few years.
