Palo Alto Networks introduced Prisma AIRS 3.0, positioning the platform as a unified security layer for AI applications and autonomous agents across discovery, risk assessment, and runtime protection. The company said enterprises now face a shift from monitoring what AI systems say to controlling what AI agents actually do, including how they access tools, data, and services across cloud, SaaS, endpoints, and browser environments.
The new release adds three main pillars: broader discovery of AI agents, continuous assessment of agent risk, and real-time controls for runtime governance. Palo Alto Networks said Prisma AIRS 3.0 can inventory agents, models, MCP servers, plugins, and related connections across enterprise environments; scan agent artifacts and code for vulnerabilities and unsafe permissions; and simulate context-aware attacks through AI red teaming. The company also said its AI Agent Gateway, now in limited preview, serves as a centralized control plane for runtime security, identity, governance, and observability.
Palo Alto Networks tied the launch to its broader agentic AI security strategy. The company said that, after the proposed acquisition of Koi Security closes, it plans to add Agentic Endpoint Security to improve visibility into AI-enabled endpoint applications such as coding agents. Palo Alto Networks announced its intent to acquire Koi Security on February 17, 2026, and disclosed in its February 2026 quarterly filing that the transaction carries total consideration of $300 million in cash and replacement awards, subject to adjustments.
- Prisma AIRS 3.0 targets the full agentic AI lifecycle: discover, assess, and protect.
- Discovery covers agents running in cloud environments, SaaS platforms, local endpoints, and browser-based environments.
- Assessment features include agent artifact scanning, architecture mapping, vulnerability analysis, and AI red teaming for agentic attacks.
- The AI Agent Gateway is in limited preview and is designed as a central runtime enforcement and observability layer.
- Palo Alto Networks said Agentic Endpoint Security will follow the close of the proposed Koi acquisition.
- Palo Alto Networks says it serves more than 70,000 customers and is using Prisma AIRS as part of a broader AI security platform strategy.
“Agentic AI represents a massive leap forward, moving beyond simple conversation to autonomous action that will redefine productivity,” said Anand Oswal, Executive Vice President of AI & Network Security at Palo Alto Networks. “But this shift from ‘AI that talks’ to ‘AI that acts’ introduces new risks – from unmanaged agentic identities to unpredictable runtime behaviors. Prisma AIRS 3.0 provides a comprehensive platform to discover, assess and protect agentic AI, giving our customers the unique ability to confidently, and securely, scale the AI-powered enterprise.”
🌐 Analysis: Palo Alto Networks is moving quickly to build a broader control plane for agentic AI security, combining model and application protections with identity, runtime governance, and endpoint visibility as autonomous software starts to act more like a workforce than a tool. The launch also fits a wider March 23 product push that included agentic browser and SASE announcements, while the planned Koi integration suggests Palo Alto wants tighter control over the endpoint layer as competitors such as Cisco, Zscaler, CrowdStrike, Microsoft, and Wiz sharpen their own AI security and identity narratives.
