PANW Spokesperson: Elad Koren, VP of Product Management at Palo Alto Networks
1.Cloud threats are targeting foundational layers like APIs, identity, and traffic. From your vantage point, what’s driving this shift in attacker behaviour?
This shift is driven by the rapid adoption of enterprise AI, which has fundamentally changed what we consider a “target.” In the modern cloud, identity is no longer just a person, but the API key or the service account – and because these are ephemeral, they’ve become the new foundational layer for attackers. We’re seeing a 41% surge in API attacks specifically because agentic AI depends on these interfaces to function, yet legacy point products simply can’t keep up with how fast these connections appear and disappear. This creates a “Cloud Visibility Gap” where standalone tools see isolated events but fail to detect lateral movement in real-time. By exploiting this lack of visibility between identity, APIs, and traffic, adversaries can move across environments undetected, turning a single compromised service account into a major incident that only a unified data lake can truly surface and stop.
2. API attacks reportedly jumped 41%. What’s behind this surge, and why are APIs attracting attention from attackers?
This surge isn’t just about a higher volume of traffic, but also Shadow AI Sprawl. We’re seeing attackers bypass the traditional “front door” of security to target the underlying business logic through unmanaged AI agents and Shadow MCP (Model Context Protocol) servers. In this new landscape, API security is effectively AI security, because these are the connections that allow AI to actually act on your data. The real danger is that these endpoints are often ephemeral and created outside of IT’s oversight, leaving a massive inventory gap. Our platform is specifically designed to discover and inventory these “hidden” connections in real-time, giving security teams visibility into the AI agents that legacy tools can’t even see.
3. 53% of respondents cite lenient IAM practices as a top challenge. Why does identity continue to be such a persistent weakness in cloud security?
While many leaders are focused on user access, the real danger lies in the Non-Human Identity (NHI) Gap. In modern cloud environments, identities like service accounts and API keys now far outnumber human users, yet they are often over-privileged, lack MFA, and operate 24/7 without oversight. Because these “machine identities” are ephemeral and constantly issued across fragmented systems, attackers can exploit them to move laterally without ever triggering a traditional alert. This creates a massive blind spot that legacy tools simply aren’t built to see. Our platform bridges this gap by exposing these hidden, high-risk relationships in real-time, allowing you to secure the automated connections that power your cloud before they become an invisible gateway for data exfiltration.
4. With 97% of respondents prioritising consolidation, what should leaders look for when rationalising their cloud security stack?
When rationalizing the cloud security stack, leaders should look beyond simple tool reduction and focus on eliminating the “Data Silo Tax” – the hidden cost of teams working from disconnected information. Instead of just consolidating vendors, organizations need a unified Code-to-Cloud-to-SOC data mesh. This approach provides every team with a different, high-value view of the same data: developers get the precise context needed for remediation, architects can see real-time blast-radius maps, and the SOC gains full threat provenance to stop attacks faster. By transforming these isolated silos into a shared force multiplier, a unified platform allows your teams to follow a single operational playbook, ensuring that a discovery in one area immediately strengthens the entire defense.
5. Disconnected cloud and SOC workflows are slowing incident response for many teams. Where do you see the biggest breakdowns today?
The biggest breakdown isn’t just about slow data correlation, it’s a massive ownership gap. The reason high-risk issues can linger in production for over 30 days is that once the SOC detects an attack, they are often forced into a “swivel-chair” search to find the specific developer who wrote the code. This context collapse happens because the person seeing the alert doesn’t have the translation layer needed to link it back to the source. By bridging the SOC and DevOps through an agentic remediation approach, we can provide the full context of an attack – linking the threat to the exact line of code or identity responsible instantly. This moves the needle from weeks of manual detective work to minutes of automated remediation, finally closing the speed gap that attackers have been exploiting.
6. How do agentic security approaches fundamentally change how cloud threats are detected and mitigated?
Agentic security approaches shift the paradigm from reactive, human-led monitoring to proactive, machine-speed defense that can match the velocity of AI-driven attacks. While attackers are weaponizing AI to scale their efforts, we use autonomous agents to scale the defense, transforming the security team’s role from reactive “firefighters” to proactive “fire marshals.” This approach fundamentally changes cloud security by eliminating security debt – using agents to identify and fix vulnerabilities in code before they ever reach production. By moving from manual ticketing to autonomous, closed-loop remediation, we finally bridge the gap between development speed and security oversight. This ensures that protection isn’t just a hurdle, but an operational force multiplier for the entire enterprise.
7. Attackers are increasingly using AI to operate at machine speed. Why is human-only defence no longer sufficient in this environment?
Human defenders were already struggling against a massive backlog of security debt, but the “Vibe Coding” revolution has pushed this to an unmanageable scale. When AI generates code at machine speed, it creates a volume of exposures that manual, “human-in-the-loop” processes can simply never clear. This explosion of insecure code, combined with attackers who can now breach an environment in as little as 25 minutes, makes defensive parity impossible through traditional automation alone. By moving to an agentic-first approach, we allow AI agents to handle the “doing” of remediation and real-time response, while humans shift to the higher-level role of governing intent and strategy. This isn’t just about faster automation, but about establishing defensive parity in an AI-driven threat landscape.
Palo Alto Networks
As the global AI and cybersecurity leader, Palo Alto Networks (NASDAQ: PANW) is dedicated to protecting our digital way of life via continuous innovation. Trusted by more than 70,000 organizations worldwide, we provide comprehensive AI-powered security solutions across network, cloud, security operations and AI, enhanced by the expertise and threat intelligence of Unit 42®. Our focus on platformization allows enterprises to streamline security at scale, ensuring protection fuels innovation. Explore more at www.paloaltonetworks.com.
Elad Koren is a seasoned technology executive with over two decades of expertise in security, compliance, fraud, and risk analysis. As Vice President of Product Management at Palo Alto Networks, he leads the Cortex Cloud strategy, driving innovation in cybersecurity and cloud solutions.
Elad has a proven track record of transforming product visions into cutting-edge solutions, having held leadership roles at Salt Security, PerimeterX, RSA Security and Payoneer. His diverse background spans management and leadership, product management, customer success, and risk management, equipping him with a unique blend of strategic foresight and executional excellence.
Beyond his professional role, Elad is a mentor, angel investor, and thought leader passionate about fostering innovation in the cloud, cybersecurity, technology spaces, and especially where all three meet.
