Can Prisma SASE Actually Secure Agents It Cannot See?

Can Prisma SASE Actually Secure Agents It Cannot See?

Palo Alto Networks announced expanded agentic AI security capabilities within Prisma SASE, positioning the platform to govern autonomous agents operating across enterprise networks, SaaS environments, and cloud infrastructure [1]. Prisma SASE represents a structural shift in how enterprises approach agentic AI security as deployments accelerate with security as the top concern. The real question is whether SASE architecture, designed for human users and static workloads, can actually enforce policy on agents that spawn dynamically, operate across trust boundaries, and generate their own API calls.

What is Covered in This Article:

  • Palo Alto Networks’ Prisma SASE expansion to cover agentic AI workloads and autonomous agent traffic
  • Structural mismatch between legacy SASE design assumptions and agentic AI behavior patterns
  • Competitive positioning against Microsoft, Zscaler, and emerging AI-native security vendors
  • Execution risks in agent identity, policy enforcement, and real-time threat detection at machine speed

The News: Palo Alto Networks extended Prisma SASE to address what it calls the era of agentic AI, where autonomous agents execute tasks, access sensitive data, and operate across enterprise systems without direct human supervision [1]. The platform now targets agent-to-agent communication, agentic browser sessions, and API-driven workflows that traditional SASE architectures were never designed to inspect [1]. The announcement follows Palo Alto’s simultaneous release of Prisma AIRS 3.0, which targets AI application security across cloud and SaaS environments where developers are building agent-driven applications [2].

According to Futurum Group’s 2H 2025 Cybersecurity Decision Maker Survey (n=1,008), 62.1% of security decision-makers agree AI-powered defensive tools are now a necessity, and relying solely on human analysts is no longer viable. That same survey found 82.3% of organizations experienced at least one significant security incident in the past 12 months. Palo Alto is betting that the next wave of incidents will originate from compromised or misbehaving agents, not compromised users.

Can Prisma SASE Actually Secure Agents It Cannot See?

Analyst Take: Palo Alto is making a structurally sound bet: agentic AI creates a new attack surface that existing security tooling cannot address. The harder question is whether SASE, an architecture built around user identity and network perimeter, is the right foundation for securing entities that have no fixed identity, no predictable behavior, and no human in the loop.

SASE Architecture and Prisma SASE: Built for Humans, Not Agents

SASE architecture assumes a relatively stable set of identities, devices, and access patterns. Agentic AI breaks every one of those assumptions. Agents spawn dynamically, inherit permissions from the applications that invoke them, and generate API calls that look identical to legitimate application traffic [1]. Traditional policy enforcement relies on user context; agents have no user context in the conventional sense. Palo Alto’s claim that Prisma SASE can govern this traffic requires the platform to solve agent identity at a level of granularity that no vendor has demonstrated in production at scale. According to Futurum Group’s 2H 2025 Cybersecurity Decision Maker Survey (n=1,008), 62.0% of organizations have already observed a significant increase in sophisticated AI-driven attacks. Agents that can be hijacked or manipulated represent the next generation of that threat vector, and SASE inline inspection may simply be too slow to catch it.

The GPU Blind Spot Problem and Prisma SASE Limitations

Palo Alto’s Prisma SASE operates at the network and application layer, but agentic AI workloads increasingly execute within GPU-accelerated infrastructure where traditional endpoint and network tools have no visibility. Futurum’s February 2026 research (‘Do AI Factories Signal a New Mandate for Certified Security?’) identified a structural ‘GPU Blind Spot’ where conventional EDR tools monitor only CPU and OS activity, leaving GPU execution opaque to security teams entirely. SASE can inspect traffic flowing between agents and external services, but it cannot observe what an agent is doing inside an AI factory or within a GPU-accelerated inference cluster. Palo Alto’s simultaneous push with Prisma AIRS 3.0 [2] suggests the company recognizes this gap, but the two platforms need to operate as a genuinely integrated control plane, not as adjacent product lines with separate consoles and separate policy engines.

Prisma SASE Consolidation Story Meets a Market Still Expanding Vendor Count

Palo Alto’s platformization strategy for Prisma SASE depends on enterprises consolidating security vendors around Prisma. The data does not yet support that outcome. According to Futurum Group’s 2H 2025 Cybersecurity Decision Maker Survey (n=1,008), 43.0% of organizations plan to expand their security vendor count versus only 34.6% consolidating. The market is in net-expansion mode, which means Palo Alto is selling Prisma SASE consolidation into a buying environment that is actively adding tools. Zscaler, Microsoft Defender for Cloud, and a growing set of AI-native security startups are all positioning for the same agentic security opportunity that Prisma SASE targets [3]. Wall Street’s bullish consensus on PANW reflects confidence in Palo Alto’s execution track record [3], but the competitive window for owning agentic AI security with Prisma SASE is narrow. Whoever establishes the de facto standard for agent identity and policy enforcement in the next 18 months will be very difficult to displace.

What to Watch:

  • Agent Identity Standard: Will Palo Alto commit to open agent identity frameworks such as SPIFFE or emerging A2A protocols, or will Prisma SASE require proprietary agent instrumentation that creates its own lock-in by Q4 2026?
  • AIRS and SASE Integration Depth: Do Prisma AIRS 3.0 and Prisma SASE share a unified policy engine and single control plane, or are they separate products with a marketing wrapper that forces customers to manage two consoles?
  • Zscaler Counter-Move: How quickly does Zscaler extend its Zero Trust Exchange to cover agent-to-agent traffic, and does its cloud-native architecture give it a structural advantage over Palo Alto’s hybrid SASE model?
  • Incident Attribution Test: When the first major breach involving a compromised autonomous agent occurs, will forensic evidence show that SASE-class tools detected or missed it, and what does that mean for the entire category’s credibility?

Sources

1. Securing the Era of Agentic AI with Prisma SASE

2. Securing the AI Enterprise — Introducing Prisma AIRS 3.0

3. Is It Worth Investing in Palo Alto (PANW) Based on Wall Street’s Bullish Views?


 

Declaration of generative AI and AI-assisted technologies in the writing process: This content has been generated with the support of artificial intelligence technologies. Due to the fast pace of content creation and the continuous evolution of data and information, The Futurum Group and its analysts strive to ensure the accuracy and factual integrity of the information presented. However, the opinions and interpretations expressed in this content reflect those of the individual author/analyst. The Futurum Group makes no guarantees regarding the completeness, accuracy, or reliability of any information contained herein. Readers are encouraged to verify facts independently and consult relevant sources for further clarification.

Disclosure: Futurum is a research and advisory firm that engages or has engaged in research, analysis, and advisory services with many technology companies, including those mentioned in this article. The author does not hold any equity positions with any company mentioned in this article.

Analysis and opinions expressed herein are specific to the analyst individually and data and other information that might have been provided for validation, not those of Futurum as a whole.

Read the full Futurum Group Disclosure.

Author Information

FuturumAI

This content is written by a commercial general-purpose language model (LLM) along with the Futurum Intelligence Platform, and has not been curated or reviewed by editors. Due to the inherent limitations in using AI tools, please consider the probability of error. The accuracy, completeness, or timeliness of this content cannot be guaranteed. It is generated on the date indicated at the top of the page, based on the content available, and it may be automatically updated as new content becomes available. The content does not consider any other information or perform any independent analysis.

Related Insights
Kore.ai and Atos Bet on Sovereign Agentic AI, Will UK Enterprises Demand Proof, Not Promises?
July 8, 2026

Kore.ai and Atos Bet on Sovereign Agentic AI, Will UK Enterprises Demand Proof, Not Promises?

Kore.ai and Atos announce a strategic partnership to deliver Sovereign AI solutions to UK organizations, addressing data residency and compliance requirements in the rapidly expanding $181B AI platforms market....
Provisioned Throughput Redefines Open Model Inference Economics and Predictability
July 8, 2026

Provisioned Throughput Redefines Open Model Inference Economics and Predictability

Together AI's Provisioned Throughput offers enterprises reserved inference capacity, token-based pricing, 99% uptime SLA, and up to 90% cost savings, addressing critical production AI concerns....
ServiceNow and Accenture Bet on Migration to Win Enterprise Risk
July 7, 2026

ServiceNow and Accenture Bet on Migration to Win Enterprise Risk

Fernando Montenegro, VP at The Futurum Group, examines the ServiceNow and Accenture cybersecurity offering, and why its AI-powered migration and the Armis acquisition point to a bid to become the...
Will Apple’s New Siri AI Deliver on the Promise of Apple Intelligence?
July 7, 2026

Will Apple’s New Siri AI Deliver on the Promise of Apple Intelligence?

Olivier Blanchard, Research Director at The Futurum Group, examines how Siri AI transforms Apple Intelligence from a feature set into a systemwide layer for apps, workflows, and user experiences across...
Amazon’s Sleep Studio Finally Strengthens the Value of Amazon Kids+
July 7, 2026

Amazon’s Sleep Studio Finally Strengthens the Value of Amazon Kids+

Olivier Blanchard, Research Director at The Futurum Group, examines how Amazon Sleep Studio expands Amazon Kids+ with bedtime content, scheduling tools, parental controls, and Echo device integrations for families....
Can ASUS Bring Data-Center-Class AI Infrastructure to the Deskside
July 7, 2026

Can ASUS Bring Data-Center-Class AI Infrastructure to the Deskside?

Olivier Blanchard, Research Director at The Futurum Group, examines how ASUS is bringing data-center-class AI infrastructure to the deskside with the ExpertCenter Pro ET900N G3 and what its local AI...

Book a Demo

Welcome

The vision behind everything in Futurum’s Custom Research practice is this: research should show you what is happening, what comes next, and what to do about it. It should be personal to each audience, easy for people to grasp, and structured so LLMs can reason over it accurately. And it should be fast and turnkey; you want answers now, not another project to carry for quarters.

Whether you are defining business, channel, or go-to-market strategy; evaluating vendors or justifying ROI; or commissioning research to fill an emerging market need, we have your back, with a program that answers your questions with the objectivity and credibility to drive real decisions.

To do it, we bring unmatched data to bear: Futurum research, surveys, and market projections; validated market feeds; ETR’s 15 years of insight from 10,000 technology decision-makers; G2’s buyer and user data; and what our analysts hear every day. Add leading primary collection, from AI-moderated voice interviews to surveys and analyst-led interviews, all turnkey, and every project comes out credible, nuanced, and actionable.

And we don’t just drop the results in your lap. For internal work, we provide analyst-led sessions, interactive dashboards, and a range of formats. For market-facing work, Futurum delivers turnkey activation and amplification that actually gets seen, by people and by LLMs, through our media and share of voice. This is research that moves decisions and markets.

We will meet you wherever you are, from a fast-turn brief to a multi-year program, and shape the work to your goals, timeline, and budget. The right program for your moment.

If any of this is useful, I would love to talk.

Benjamin Brown, VP Custom Research, Futurum Research

Benjamin Brown

VP, Custom Research · The Futurum Group

Newsletter Sign-up Form

Get important insights straight to your inbox, receive first looks at eBooks, exclusive event invitations, custom content, and more. We promise not to spam you or sell your name to anyone. You can always unsubscribe at any time.

All fields are required






Thank you, we received your request, a member of our team will be in contact with you.