In this interview from RSAC 2026, Anand Oswal, executive vice president for AI and network security at Palo Alto Networks, joins theCUBE's Dave Vellante and Christophe Bertrand to discuss how the rapid rise of autonomous AI agents is forcing a fundamental rethink of enterprise security architecture. Oswal details the launch of Prisma AIRS 3.0, the company's comprehensive solution for securing AI applications and agents across the full life cycle. With agents now connecting to unauthenticated MCP servers, third-party code repositories and internal systems like Jira and Confluence, he explains why the resulting risks don't simply multiply — they mutate. Central to the new architecture is an agent gateway that provides identity and access controls, runtime policies, governance and end-to-end observability.
The conversation also explores how Palo Alto Networks is addressing the broader cryptographic reset — a dual challenge combining quantum computing threats with the dramatic shortening of public TLS certificate life cycles from roughly 400 days to 200, on track for 47 days by 2029. Oswal unpacks the company's cipher translation proxy, which allows legacy applications to achieve quantum compliance through the firewall without an immediate rip-and-replace migration. He also pushes back on the perception that Palo Alto Networks is primarily acquisition-driven, highlighting that a majority of its AI security capabilities — including runtime security, posture management and the new agent gateway — are homegrown innovations layered into a unified platform. From automated certificate lifecycle management to fine-grained agent governance controls, Oswal provides a roadmap for how platformization is reducing operational complexity and delivering better security outcomes as every application becomes an AI application.
Forgot Password
Almost there!
We just sent you a verification email. Please verify your account to gain access to
RSAC 2026 Conference. If you don’t think you received an email check your
spam folder.
In order to sign in, enter the email address you used to registered for the event. Once completed, you will receive an email with a verification link. Open the link to automatically sign into the site.
Register for RSAC 2026 Conference
Please fill out the information below. You will receive an email with a verification link confirming your registration. Click the link to automatically sign into the site.
You’re almost there!
We just sent you a verification email. Please click the verification button in the email. Once your email address is verified, you will have full access to all event content for RSAC 2026 Conference.
I want my badge and interests to be visible to all attendees.
Checking this box will display your presense on the attendees list, view your profile and allow other attendees to contact you via 1-1 chat. Read the Privacy Policy. At any time, you can choose to disable this preference.
Select your Interests!
add
Upload your photo
Uploading..
OR
Connect via Twitter
Connect via Linkedin
EDIT PASSWORD
Share
Forgot Password
Almost there!
We just sent you a verification email. Please verify your account to gain access to
RSAC 2026 Conference. If you don’t think you received an email check your
spam folder.
In order to sign in, enter the email address you used to registered for the event. Once completed, you will receive an email with a verification link. Open the link to automatically sign into the site.
Sign in to gain access to RSAC 2026 Conference
Please sign in with LinkedIn to continue to RSAC 2026 Conference. Signing in with LinkedIn ensures a professional environment.
EVP and GM, AI and Network SecurityPalo Alto Networks
In this interview from RSAC 2026, Anand Oswal, executive vice president for AI and network security at Palo Alto Networks, joins theCUBE's Dave Vellante and Christophe Bertrand to discuss how the rapid rise of autonomous AI agents is forcing a fundamental rethink of enterprise security architecture. Oswal details the launch of Prisma AIRS 3.0, the company's comprehensive solution for securing AI applications and agents across the full life cycle. With agents now connecting to unauthenticated MCP servers, third-party code repositories and internal systems like...Read more
exploreKeep Exploring
What did Palo Alto Networks announce at RSAC 2026 regarding securing AI applications and agents?add
What security challenges arise from the rapid adoption of developer "agents" on workstations, and what solutions are needed to address the resulting increased attack surface?add
How should enterprises secure and govern agentic AI (autonomous agents and their agent-to-agent traffic), and what architecture or solution (e.g., an agent gateway/registry) addresses those risks?add
What is the approach to AI security and platformization: how are risks like agent hijacking and data leakage addressed, which capabilities are developed in-house, and how are individual security products integrated to reduce customers' operational complexity?add
When you acquire companies and integrate them into your platform, does that require architectural work and engineering during due diligence, and how do you approach APIs, open ecosystem/partnerships (especially given AI), and the need to prepare customers for quantum/post‑quantum cryptography—who should be worried and when?add
>> All right, we're back with our live coverage from RSAC 2026 here at Moscone West. We're on the ground floor, stop by and see us. I'm Dave Vellante, this is Christophe Bertrand. Jon Oltsik is also here, he's out with the reporter's notebook. He comes back at the end of the day, so you don't want to miss that, 5:00 Pacific Time. Anand Oswal is here, he's the Executive Vice President for AI and Network Security at Palo Alto Networks, a great guest. Awesome to see you again. Thanks so much for your time.
Anand Oswal
>> Thanks for having me. Good to see you again.
Dave Vellante
>> This is like a Super Bowl of security, Cyber Week for Palo Alto. You guys got so much going on. You got the evening events, customers all day long. But let's go through what you guys are talking about this week. What's new? There's a lot.
Anand Oswal
>> There's a lot going on. And as you know, the biggest architecture shift in the enterprise is AI. Right? And you see AI and agents now synonymously being talked about, but agents are moving, doing things. They're updating your CRMs, they're exiting all autonomously. And think about your AI apps and agents, they're really in four digital services. Enterprise apps, enterprise agents, they're on your workstation, your developers are using them, they're in the browser. So, we need to make sure that we secure all of these various assets, the risks associated with unknown, and the security imperatives are addressed. And that's really what we launched today, Dave, with Prisma AIRS 3.0. The most complete and comprehensive solution to secure your AI apps and your AI agents across your life cycle.
Dave Vellante
>> So, it's the full envelope, right?
Anand Oswal
>> Yes.
Dave Vellante
>> That's the umbrella. It's funny, two years ago, I sat here with your Founder, Nir Zuk, and he said, "Everything's changing. Throw out the old, we got to re-architect everything." And he was right. It's probably happened faster than maybe we thought that it is. What has surprised you? What has not surprised you?
Anand Oswal
>> Look, I think the pace of adoption of all of these things in some sense has been amazing to watch. If you think about a year ago, we didn't talk much about agents. This time, it's all about agents, right? And people are using them. Majority of developers today are using agents on their workstation, vibe coding agents. Right? We have every single Palo Alto Networks employee are developers using those agents. They're using it to design, to build, to test software. And we are seeing amazing levels of productivity. But things that we need to understand is that as they use these newer tools, these tools require more privileges. They need to write to local file system, read and write. They need to access to system tools. They need to connect to the internet. They need to connect to cloud services. They have to connect your internal systems, your Jira, your Confluence, and so on and so forth. So your attack surface increases, and you need a solution that can address all of these newer attacks, newer types of threats you see, comprehensively.
Christophe Bertrand
>> So let's follow up on that, because I think that's a fundamental shift, and that's created a gap.
Anand Oswal
>> Yes.
Christophe Bertrand
>> Significant gap. Meaning, now you have all of these agents doing things for you and that's great, they're an extension of the human. But are they doing things that maybe they shouldn't be doing? How do you control that an agent doesn't go rogue? How do you manage what could be hundreds of thousands of agents? And the minute, of course, you start coding, who knows what that's going to do? And we've heard a couple already. So, how do you approach it from a systemic perspective as a business, and then what do you recommend customers do? And if you don't mind focusing on obviously the core business, the securing the environment.
Anand Oswal
>> I think you hit on a really good point. Look, we are finding that agents are easy to develop and deploy because they're built on these pro code platforms, low code platforms, no code platforms. So, it's easy to get them up and running in the enterprise. Now when these agents are running in the enterprise, what are they doing? They're talking to unauthenticated MCP servers. They're using newer protocols, MCP, A2A, and so on and so forth. They're connected to third party code repositories like third party GitHubs, they may have prompt injection attacks. Now when you have these kind of agents at scale in the enterprise, your risk will not multiply, they'll mutate.
Dave Vellante
>> Right.
Anand Oswal
>> Right? Then you see these agent to agent communications happening that increases the runtime risks. So, what you really need is a security architecture that makes sure that you don't want to have these ungoverned AI agents and this unsecured agentic traffic, and it cannot be an edge use case anymore. It is the core of the enterprise use case to solve. Well, that's happening today.
Christophe Bertrand
>> Okay, so-
Anand Oswal
>> So now let me come to a solution, because I just told the problem to you. You need to make sure that all your agent and agentic traffic is, you can't secure something if you can't see it. So, they need to funnel in through what we call an agent gateway. That agent gateway with a central repository to do agent registry. I need to apply runtime policies there. I need to have identity and access controls right there. I need to have agent governance. I need to build an end to end agent observability. It's also the right place to have all my risk assessments done on a periodic basis for agent artifacts. And that is the heart of what we announced, Prisma AIRS 3.0, is all these newer capabilities and the agent gateway to provide identity, runtime security, governance and observability, end to end.
Christophe Bertrand
>> So, we went from the sandbox to full production in what, a year or two years?
Anand Oswal
>> Yeah, maybe nine months.
Christophe Bertrand
>> Nine months?
Anand Oswal
>> Yeah.
Christophe Bertrand
>> Okay. So, I like this idea of the repository. So you talked about governance, are we also in a process redefining what governance really means beyond just data management? It's really now governing a whole lot of new employees who happen to be agents.
Anand Oswal
>> Yes. You're creating a new identity of these in your enterprise, these agents, right? And the governance means different things.
I was just talking to a customer earlier today and they said, "Will we have a kill switch to shut the agent down?" I said, "That's good, but that's not enough." Because I may want to... If I have say a claims processing agent, I may want it to shut down for everybody else, but for this department, I may want to shut it down for certain types of activities. I may say, "Don't send third party data to so-and-so bank or so-and-so location." So, you need to be more granular in the kind of controls you can have, and this needs to be done in an autonomous manner. That's only how you'll scale.
Dave Vellante
>> So you got those fine grain controls. I want to ask you the tough question because you... There's an article, I think it was in The Wall Street Journal the other day about, it was making fun of San Francisco because everybody's a builder. What's that mean? Now you're a builder. I know what a builder is. In our industry, builders build products that are innovative and of value, but people say about Palo Alto, "Oh, it's acquiring all these companies and puts them together and it's not an innovative company." I know you're an engineering driven company, you head products. Address that criticism that you guys are just cobbling together a bunch of acquisitions like talent for browser, whatever it was. What do you say to that? How do you ensure that you're able to get that fine grain capability across the entire portfolio? Convince the audience that you guys aren't just like Cisco used to be or EMC, just cobbling together a bunch of acquisitions to try to get growth, but you're actually designing and architecting a platform, that can do platformization.
Anand Oswal
>> Yeah. So look, a majority of what we've done is through homegrown innovation. Let's take the example of the browser. That was a category we didn't play before. When we acquired talent two and a half years ago, we said it was solving three problems. Ensure secure access of applications of the corporate from any device. Make sure every single web transaction, web traffic is secure. And don't compromise the user experience. What we've done is that we built on top of that. So if you think about attackers, they're getting more sophisticated. Your phishing attacks, your malware attacks in the browser, that's hard to detect. We added our best in class security capabilities right in the browser. And what we announced yesterday was taking it to the next level. We said that we have to be ready for the agentic era. We allow you to bring an LLM of your choice. You can bring in OpenAI, Anthropic, Gemini. You want that autonomous behavior. You want to have the productivity for your employees, but you cannot compromise on security and governance. So, we brought those things together, bringing an LLM of your choice, an agent of your choice, putting the right guardrails of security, the governance controls, and making sure every agentic transaction is secure. Because you don't want agent hijacking, you don't want the data to be leaked. But that's one with browser. Now let's take the example of AI security. A majority of what we did in AI security has been homegrown. What we did with Protect AI was that we got model scanning and red teaming, things that we had not really developed before. Our signature runtime security is all developed in-house. Our posture management, all done in-house. What we're adding with identity and gateway is all done through our innovation that we're having. But we're making sure that all of these various pieces are putting together seamlessly. Best in class individual products, brought together, delivered via platform is the only way we can deliver platformization. Nobody wants good enough products. We want to reduce the operational cost for the customer, reduce their complexity, and not the goal of reducing costs. Costs, they will reduce for sure, but our goal is to reduce the operational complexity and give them a better security outcome, and that's what we'll deliver through our platforms.
Dave Vellante
>> So when you acquire a company, you will do the architectural work to make sure it fits into that platform, which presumably that's part of the due diligence. But it may require, often will require actual engineering, is that true?
Anand Oswal
>> Yes, 100%. So, I think Nikesh has talked to us many times. When we acquire companies, we make sure that we close on the architecture approach, the roadmap, with the founders. We let them own it, because it's very hard to do it after the fact. Right? And we do this in terms of not only fitting in seamlessly into the framework we have, but also finding out, how can we differentiate overall, where one plus one is equal to three? We want to bring in these capabilities, but add additional value. Right? So for example, if you bring in a capability like talent, but I add in my best in class security capabilities, now I'm able to stop threats that you've never seen before. But I got the simplicity of the browser, so that's what we're doing with the things that we have from innovation perspective.
Christophe Bertrand
>> Let me ask you a quick question. Now that you're re-architecting, changing, or re-engineering some of these solutions, recreating this platform, to me, the value of a platform, it's also going to be to an extent the value of the ecosystem around it and the partnerships. How do you approach APIs? And what does that even mean anymore? Because so much is changing with AI. So, tell us about the ecosystem, your current partners, and what you're looking to build versus what you're looking to partner for.
Anand Oswal
>> Look, I think when we talk of platformization, we talk about best of these components, we talk about them integrated really well, but we also talk about open ecosystem. Because we understand that there will be things that we are not able to get in our own ecosystem. Let me give you an example of what we announced yesterday around quantum. Look, Quantum is not a question of if, it's a question of when. We know that large scale migrations in cryptography, they're time-consuming, they're expensive, it can take years. We also know that customers require a comprehensive view of quantum, not just what's happening that's going through this point or that application infrastructure component. We've done third party integration of variety of different vendors to give us customers a complete and comprehensive view of cryptography assets across the enterprise. Applications, infrastructure, endpoints, browsers. And not just that, we also give them remediation capabilities to get there. Right?So, that's the value of what we do with the platform, is that we will of course be best of breed, we'll of course be tightly integrated, but we'll also apply an open ecosystem wherever needed for our customers. Absolutely have to.
Dave Vellante
>> And the end game there is to protect against post quantum cryptographic hacks, essentially? Or so-
Anand Oswal
>> Yeah. I mean, there are experts in Gartner and McKinsey that's saying, Dave, that by the end of this decade, there will be a quantum computer that's viable, that will break standard encryption. We relied on that for decades for all our communication and data. At the same time, you have attackers doing technique like harvest now and decrypt later. So, when they have a quantum key, they can see your data. So, we have to get on this journey of being quantum safe now and we are doing not only third party integrations, but we also innovated. So we have a cipher translation proxy, which means that you have a legacy app, it may take you a while to rip and replace, it's not easy. Get the data through a Palo Alto firewall, we do cipher translation of non PQC to PQC, make sure you're quantum compliant now until you get time to go and remediate it. So, we want to be able to solve our customer's problems today because not everything is just , it's hard.
Dave Vellante
>> I mean, your partner, IBM, is obviously, you're singing to the choir for them. I mean, they're being very aggressive about that timeframe. And so, okay, so which kind of customers have to be worried about that today? Is it everybody? Is it more regulated industries? How would you advise? Because they're juggling so much, they have AI, they got to worry about their existing estate. When and who should be worried about quantum now?
Anand Oswal
>> Everybody. I tell you that there's a larger thing happening called the cryptographic reset. Quantum is one half of the equation. The other half of the equation is digital trust. Now, last Sunday was a very important day, 15th of March. The CA/Browser Forum said that the life cycle of public facing TLS certificates went down from 400 odd days to 200. On track with 47 days by 2029. Think about it, if you had a certificate on your VPN gateway you only need once every 400 days, now you're doing it events once every month. Automated certificate lifecycle management is the only way to enforce that digital trust. And the network is the ultimate source, not only of visibility, but also control. And so, these two things are happening in parallel. You have quantum and you have this whole notion of trust. And we want to make sure that the integrity and trust of the organizations from a digital perspective are always maintained and top of line. And that's why we extended a platform to support both of these things. So we future-proof our platform so our customers can future-proof their business.
Dave Vellante
>> So, we're starting to see some light in the tunnel on platformization. I mean, you guys see it because you're advanced, you're working with the largest customers, you're coined the term platformization. In the survey data, I want to get your reaction, we're seeing now, we've done this survey with our partner, ETR, over the last three years. 2024, 37% said the number of vendors in their cybersecurity stack are going to stay the same. Now it's up to 52%. The number that are decreasing, up a little, still small, but the number that is staying the same has grown a lot. The number that has increased has shrunk from 51% down to 35%. So, we're starting to see evidence that the strategy is working. What would you say would be the sort of milestone in the macro market that you'd like to see that's a kind of proof point that platformization is happening? Not your advanced visibility, you see before the others, but for observers like ours, what should we be watching?
Anand Oswal
>> I think it's very important to first understand. We all have seen some breach reports in our thing, right?
Dave Vellante
>> Yeah, yeah.
Anand Oswal
>> And every breach report has one thing in common, it's complexity. Complexity that customers see everyday. Every breach report says, "If you did A, B, and C, you could have avoided this." Which begs the question, then why didn't we do it? The reason is because it's hard. You have 20, 30 different tools. You're trying to make sure that all of these are configured, maintained, scaled. It's hard to get expertise in a few tools than many of them. What we are seeing a lot, I was just a large customer today in the morning. They said that, "We walked the flow, we saw a bunch of product features. But we want you to add, if you have most of these in the platform, some are coming, let's work together. We want to be this design partner," because they cannot have this thing done in a piecemeal. For example, if I say I'm going to secure your AI application, but the AI application has the same threats that I've had for the last 15 years on regular applications, I can't have it separate. Every application will be an AI application in the future. So I can't just say, "I'll stop your AI threats, but your non-AI thread that existed will vanish tomorrow." So, you need all of those things together. We are seeing more and more customers understand that. Now, it takes time, right? Customers have a variety of different vendors. Those vendors have timelines on when their contracts expire. They have teams that are owned by different org structures which are coming together. But I'm seeing more and more, just like your data says, customers saying, "Let's talk about it. We want to simplify our operations. We want to reduce the operational complexity. We are not getting the right outcomes we want. We want to get better outcomes, and let's work together."
Dave Vellante
>> So your point about feature is interesting because a platform to me, you should be able to see a feature and say, "I can now add that feature into my platform." You don't have to buy another tool, maybe it's a module or maybe there's an extra charge. .
Anand Oswal
>> 100%, think about it. You think of quantum safe security. You think of certificate lifecycle management. These are massive markets. For us, it's extensions through platform.
Dave Vellante
>> I don't want to buy another tool-
Anand Oswal
>> You don't need to buy....
Dave Vellante
>> to manage that.
Anand Oswal
>> So if you have the network security platform, you want to get visibility into quantum assets, it's a single click. You want to automate your certificate lifecycle management? An easy module. You don't need to onboard a new point product, add new sensors, get discovery, build your tools, tied with the policies. It's too painful.
Dave Vellante
>> Yeah, yeah.
Christophe Bertrand
>> In closing, I have just a quick question and we're going to take a step back here and just look at the macro sort of environment. What's your take on what's going on with current regulations? And again, I'm not asking for a position, but do you think that in general, governments are doing the right thing, encouraging the right partnerships, the public-private partnerships? You're talking about quantum, encryption is a big issue. It's a national security issue, as a matter of fact.
Anand Oswal
>> 100%.
Christophe Bertrand
>> Okay. Are you ahead of the game? Are you talking to various governments? Are you helping with crafting regulations? What's your take on what's going on?
Anand Oswal
>> On quantum, the good thing is that we've been partnering with both CISA, with NIST, and all the standard bodies globally, so to ensure that all the solutions we are building today are future-proof for tomorrow. We want to have this notion of what we call crypto agility, because we are able to change these things fast. We can't take two years or three years to migrate your cryptographic assets, it's just too long in the past. So we're building in that, we're working very closely with a variety of different standard bodies to ensure that to happen. The same thing we're doing with regulator bodies for certificate lifecycle. Look, shrinking of the life cycle is a good thing for security because it minimizes the window of exposure if keys are exposed. But it also means that you can't do this manually anymore. I was meeting with a customer said that, "It takes us four to eight hours when you have to update a certificate for an application. I get the PKI admin, I get the firewall admin, I get the load balance admin, and the app admin on a Zoom call. And it takes me four to eight hours." Think about doing that every month now. It's not going to work. You got to have automation to the problem to get that done.
Christophe Bertrand
>> So should it be a government mandate? I mean-
Anand Oswal
>> It's a regulated compliance now. By 2020, it became 200 days last Sunday. By 2029, March 15th, again, it'll be 47 days. It's 30 days for the grace period. So that's the compliance coming in, and we are working with them to ensure that we are solving the problems. Yeah.
Dave Vellante
>> Last question. How would you define Palo Alto Networks? Today, you're obviously evolving. The gold standard I've written in the cybersecurity industry. How should we think about Palo Alto Networks today?
Anand Oswal
>> Look, AI is the biggest architectural shift that we are seeing in the enterprise. We're seeing AI being used across four key digital services. AI applications, enterprise agents, including SaaS agents, agentic endpoints, your laptop, and browsers. At the same time, we're also having this massive thing called cryptographic reset, a combination of quantum and shortening of public certificate life cycles. We're innovating at a pace faster than ever before. We are making it easy for customers to consume the solutions, where simplified by the platform. Everything I talked about today is the same platform they've been using for last couple of years. Right? So we are thrilled to be the cyber security partner of choice for so many customers, and continue to ensure that we are securing their tomorrow. And that's our mission right now.
Dave Vellante
>> Legendary company started by a legendary founder. Anand, thanks so much for coming back in theCUBE. It was great to see you.
Anand Oswal
>> Thank you, Dave. Appreciate it.
Dave Vellante
>> Yeah, you're very welcome. All right, and thank you for watching. This is Dave Vellante for Christophe Bertrand. RSAC 2026, we're live at Moscone. Moscone West, stop by and see us. We'll be right back, right after this short break.
Dave Vellante
Christophe Bertrand