Palo Alto Networks (NASDAQ: PANW) launched Prisma AIRS 3.0 at RSA Conference 2026 on March 25, expanding its AI security platform to cover the full lifecycle of agentic AI in enterprise environments. The press release describes the product as the company’s answer to a specific gap: most enterprises can monitor what an AI says, but they cannot see or control what an AI agent does.
“Agentic AI represents a massive leap forward, moving beyond simple conversation to autonomous action that will redefine productivity,” said Anand Oswal, Executive Vice President of AI & Network Security at Palo Alto Networks, in the announcement. “But this shift from ‘AI that talks’ to ‘AI that acts’ introduces new risks — from unmanaged agentic identities to unpredictable runtime behaviors.”
What Prisma AIRS 3.0 Does
The platform organizes around three capabilities, according to the press release:
Agent discovery. Prisma AIRS inventories AI agents, models, and connections across cloud environments, SaaS platforms, and local endpoints. The pitch is visibility into “shadow AI” — agents deployed without security team awareness.
Continuous risk assessment. Agent Artifact Security maps an agent’s architecture and scans for vulnerabilities. AI Red Teaming for agents simulates context-aware agentic attacks to discover vulnerabilities and recommend runtime security policies.
Runtime protection. The AI Agent Gateway, currently in limited preview, provides a central control plane for agent runtime and identity security, governance, and observability. Following the close of Palo Alto’s proposed acquisition of Koi, Agentic Endpoint Security will add visibility into AI applications running on developer endpoints, targeting the coding agent use case specifically.
The RSA 2026 Competitive Landscape
Prisma AIRS 3.0 is the latest in a wave of agentic AI security launches at this year’s RSA Conference. Cisco announced Zero-Trust Access for AI agents with Duo IAM integration. Databricks entered the cybersecurity market with Lakewatch, an agentic SIEM. IBM, Auth0, and Yubico launched a hardware-backed Human-in-the-Loop framework requiring physical YubiKey taps for high-risk agent actions. 1Password unveiled Unified Access for agent identity management with Anthropic, OpenAI, and GitHub as launch partners.
The pattern is clear: every major security vendor at RSAC 2026 shipped something targeting autonomous AI agents. Palo Alto’s differentiator is scope — Prisma AIRS 3.0 claims to cover discovery through runtime in a single platform rather than focusing on a single layer like identity or detection.
Enterprise Demand Numbers
Futurum Group’s 2H 2025 Cybersecurity Decision Maker Survey (n=1,008) found that 62.1% of security leaders consider AI-powered defensive tools a necessity, according to the firm’s analysis of the launch. A separate Futurum survey (AI Platforms Decision Maker Survey, n=838, 1H 2026) reported that 65% of organizations are piloting or deploying agentic AI, with security and data privacy ranked as the top concern.
Those numbers explain the vendor sprint: enterprises are deploying agents faster than they can secure them, and the security industry sees a new spending category forming in real time.
What to Watch
Palo Alto’s pending Koi acquisition is the piece that turns Prisma AIRS from a cloud-and-SaaS story into an endpoint story. Coding agents running on developer laptops with broad filesystem and network access represent one of the highest-risk agentic AI attack surfaces, and no major security vendor has shipped a production-grade solution for that environment yet. The timeline for Koi’s close and integration will determine whether Palo Alto can deliver on the full-lifecycle promise before competitors catch up.