Palo Alto Networks CEO Nikesh Arora published an op-ed on March 30 titled “Weaponized AI: Rethinking Security for the Agentic Era.” Two months later, the company is executing on that thesis with acquisitions, product launches, and a disclosure strategy that doubles as a marketing instrument. The question for the agent ecosystem is whether PANW is building genuine security infrastructure or repackaging existing capabilities under an “agentic” label to capture a new TAM.
The Moves
The evidence for the supercycle thesis is accumulating across several fronts.
Palo Alto Networks agreed to acquire Portkey, an AI infrastructure startup that processes trillions of tokens per month through its AI gateway, with the deal expected to close in fiscal Q4 2026. “You cannot build an agentic enterprise without a centralised control plane to secure it,” Arora said in the announcement, according to the Economic Times. Portkey gives PANW a token-level monitoring and routing layer that sits between enterprises and the AI models their agents call.
At its Ignite on Tour event in New York, the company unveiled Idira, a rebranded identity security offering built on the $25 billion CyberArk acquisition completed in February. Dan Campbell, president of North America sales, framed the stakes: “However fast you’re going to secure your environment, relative to AI models and agentic [technologies], I promise you, you’re not going fast enough,” he told CRN.
As a participant in Anthropic’s selective Project Glasswing initiative, Palo Alto Networks has had access to the Claude Mythos Preview model. The company used Mythos and other frontier models to scan its own code and disclosed 26 CVEs on May 13, compared to its typical monthly release of five or fewer. The disclosure is both a genuine security action and a signal to enterprises: if frontier models find this many vulnerabilities in PANW’s own products, imagine what they find in yours.
The Market Bet
24/7 Wall St analyst commentary frames the positioning in market terms. PANW shares recently hit all-time highs. The analyst argues the “proactive security + agentic systems value proposition” is resonating with both investors and enterprise buyers.
The supercycle thesis works like this: as agentic AI tools proliferate and agents gain more autonomy, enterprises face attack surfaces that legacy security tools cannot address. Agent compromise, data exfiltration via autonomous systems, prompt injection cascades across multi-agent workflows: these threats require new detection and enforcement capabilities, not incremental updates to existing products.
Optiv CRO John Hurley, whose firm is a top PANW partner, validated the integration pitch: “Their focus is around speed and being able to solve bigger customer challenges because they have a tighter ecosystem based on the pieces they’re putting together,” he told CRN. “They’re trying to get ahead of [the threats]. And I think they’re doing all the right things to do that.”
The Crowded Field
PANW is not alone in making this bet. Zscaler announced Project AI-Guardian with six global systems integrator partners this week. Xage Security launched Zero Trust for AI with Agent Sentry for jailbreak prevention. CodeIntegrity just raised $5M for deterministic agent controls. CrowdStrike, Microsoft, and the cloud providers are all circling the same opportunity.
The difference is scale. PANW already has the enterprise relationships, the platform architecture, and the $25 billion CyberArk identity stack integrated. Whether that advantage holds against purpose-built startups and cloud-native competitors depends on whether “agentic security” becomes a feature of existing platforms or a standalone category.
The Uncomfortable Question
Every cybersecurity vendor in the market has an incentive to frame agentic AI as an existential threat that only their platform can address. That does not mean the threat is manufactured. The 26-CVE disclosure from frontier AI scanning is real. The prompt injection problem is real. The attack surface expansion from autonomous agents is real.
But “security supercycle” is vendor language for “spend more with us.” The test is whether enterprises can distinguish between genuine capability gaps in their agent security posture and vendor-driven fear cycles designed to accelerate purchasing decisions. For agent builders and operators, the practical question is simpler: does your deployment have a runtime enforcement layer between your agents and your systems? If the answer is no, someone is going to sell you one.