Podcast Summary: Threat Vector by Palo Alto Networks
Episode: "Attackers Have Agents. Do You?"
Release Date: April 9, 2026
Host: David Moulton
Guest: Elad Karad, VP of Product Management, Cortex Cloud

Episode Overview

This episode delves into the paradigm shift in cybersecurity operations brought about by AI-driven agents, particularly focusing on Palo Alto Networks' agentic-first approach within Cortex Cloud. Host David Moulton and guest Elad Karad discuss why reactive, manual security is failing, the necessity of building security at machine speed, and how agentic architectures will reshape SOC (Security Operations Center) teams. Key topics include the evolution beyond staffing shortages, the promise and risks of autonomous agents, the emerging "agent identity" challenge, and what the future holds for human analysts and their AI counterparts.

Key Discussion Points & Insights

1. From Manual Triage to Agentic Security (00:30–06:56)

• Manual triage is obsolete: Elad observes a major industry shift; everyone now acknowledges that hiring more people cannot keep up with adversaries and data volume.
  • "Manual triage is basically dead... it's more about the signal processing shortage and hiring more will not solve the problem." (01:32 – A)
• Capacity, not headcount, is the future: Simply increasing teams leads to inefficiencies and coordination overhead (see "Brooks' Law"). Instead, force multipliers (AI agents) are needed to scale analytically, not just numerically.
• AI as the only viable response: Both attackers and defenders are escalating automation; defenders must use AI to maintain parity, as attack and business velocities increase.

2. What is Agentic-First Security? (06:56–11:50)

• Agentic-first vs. AI add-ons:
  • Agentic-first systems are natively architected around AI agents making decisions and automating workflows, not just layering AI on top like "lane assist" to a car.
  • "Instead of taking existing systems and just applying AI on those systems, we thought AI first... you're thinking on the agents as part of the architecture." (07:31 – A)
• Practical day-to-day difference:
  • AI add-ons rely on the user to ask or instruct. Agentic-first environments proactively automate and optimize, offering intelligent dashboards, suggesting further automation, and continuously learning from user behavior.
  • "It is an AI agent that runs in the background and analyzes all the actions done by the analysts manually and basically says, hey, ... Would you like me to automate that for you?" (09:39 – A)

3. Impact on Analysts and Their Evolving Role (11:50–18:09)

• Job enrichment—not replacement:
  • With agents offloading repetitive and basic triage, analysts shift into higher-order analytical, investigative, and orchestration roles.
  • "What if all the AI agents could do all these basic things... and they would actually turn a Tier 1 analyst to a Tier 2, Tier 3 analyst just by being there for them... It's allowing them that mind share ... to do the more complex things." (12:37 – A)
• Analysts' emotional response:
  • Curiosity is the prevailing sentiment, mixed with relief, skepticism, and some fear. Trust-building and familiarity with new workflows are key barriers to adoption.
  • Memorable moment: An analyst asks for old manual controls and is told, "you don't have to... it's already done for you." (15:09 – A)
• Innovation through agentic support: Analysts propose new efficiencies once they understand agentic capabilities, e.g., automated AI summaries of investigation cases (16:50 – A).

4. The Paradox of Automation: Input and Engagement (18:09–20:57)

• Betty Crocker analogy: People prefer some involvement; total automation—even if desirable—may create suspicion or disengagement. A balance of user input and automated assistance is psychologically optimal.
• Shift left and virtuous cycles: By freeing up analysts, talent can be redeployed earlier in the software lifecycle, preempting issues, and making security more proactive and pervasive.

5. Headcount Implications and Organizational Innovation (20:57–27:03)

• No surplus of people—just opportunity:
  • Karad reports never seeing overstaffed security teams; efficiency gains from agents enable teams to finally meet growing demands, expand their remit, and innovate instead of shrinking headcount.
  • "Every meeting I had... I have never, not even once heard a security leader saying, 'Oh, I have all the people I need.' ... These teams can remain at the same size... and do more." (20:57 – A)
• Cross-industry effects: Massive productivity increases (e.g., rapid prototyping with minimal teams) are expected in product engineering and beyond.
• Innovation versus cuts: Smart companies will use agents to fuel growth, not to reduce workforce, leveraging institutional knowledge and empowering people with virtual teams of agents.

6. The Evolving SOC: Future Predictions (27:03–31:11)

• SOC convergence with other functions:
  • The SOC (Security Operations Center) will merge with product, engineering, and architecture roles, requiring security pros to be versed in infrastructure, code, and incident response.
  • "I think we'll start seeing more and more convergence between the SOC and other areas where a person will not necessarily just understand the incidents, they'll understand the infrastructure, they'll understand the security architecture..." (27:03 – A)
• Role of AI agents: Analysts will manage teams of agents, operate at increased speed and depth, and focus on orchestration, investigation, and proactive security design.

7. Practical Agent Design and the Agent Identity Challenge (31:11–33:41)

• Three levels of agent autonomy:
  1. Data-gatherer: Collect info and present to user.
  2. Recommendation: Suggest actions for approval.
  3. Full automation: Take corrective or preventive action without intervention.
  • "I did that for you. Here are all the fixes I applied." (31:11 – A)
• Agent identity and permissions:
  • Agents function like advanced service accounts, requiring rigorous authentication, authorization, and guardrails. Users can create agents with privileges limited to their own role, mitigating risk.
  • "No person can create agents that can do more than that person can do... Think of that as an extension of the permissions..." (32:45 – A)

8. Data Lakes and Contextual Security (33:41–35:34)

• Revival of data lakes:
  • Data lakes are experiencing a renaissance due to AI's hunger for data context. Modern implementations focus on multidimensional relationships, not just aggregating points.
  • "For us, we had to continue and push our data lake into a new era where it's not just connecting the points, it's actually providing full context..." (33:59 – A)
• Benefits: Enables blast radius analysis, attack path mapping, and risk prioritization.

9. Customer Mindset: The Right Questions (35:34–38:04)

• Customers’ current asks: Many still focus on better hygiene and vulnerability management, not on how to automate and shift left efficiently or defend against advanced threats with both machine and human agents.
  • "Too many customers ask how can I make my environment more secured by fixing hygiene and posture things, but not enough for asking how can I protect that from zero days and breaches..." (36:14 – A)
• Right mindset: Focus on automating the basics, empowering analysts, and enabling proactive, agent-orchestrated security.

10. The Next 12–18 Months: Agent Security (38:04–39:46)

• Most overlooked capability:
  • Securing the agents themselves—identity, deployment, guardrails—is an emerging priority that few security leaders actively address.
  • "I don't think many security leaders are thinking of how to secure those agents and the security, the identity of those agents..." (38:40 – A)

Notable Quotes & Memorable Moments

• "Manual triage is basically dead... it's more about the signal processing shortage and hiring more will not solve the problem." (01:32 – A)
• "You’re thinking on the agents as part of the architecture." (07:31 – A)
• "What if all the AI agents could do all these basic things for all of these analysts and they would actually turn a Tier 1 analyst to a Tier 2, Tier 3 analyst just by being there for them..." (12:37 – A)
• "You don’t have to [do those manual things]... it’s already done for you." (15:09 – A)
• "Every agent needs to have that identity, authenticating and ... authorizing what they can or cannot do... limited to the scope... of that person that operates them." (32:45 – A)
• "I don't think many security leaders are thinking of how to secure those agents and the ... identity of those agents and how to properly deploy them..." (38:40 – A)

Timestamps for Important Segments

• 01:32 – Industry shift: From staffing shortages to signal processing
• 06:56 – Defining "agentic-first" vs AI add-ons
• 09:39 – How agentic-first changes analyst workflows
• 12:37 – The evolution of the analyst role with agents
• 15:09 – Analyst trust and emotional reactions to change
• 20:57 – Headcount and the impact of automation
• 27:03 – Future SOC predictions (2029–2031)
• 31:11 – Levels of agent autonomy and design within Cortex
• 32:45 – The agent identity problem and new attack surfaces
• 33:59 – Data lakes’ resurgence and AI fueling
• 36:14 – The right and wrong questions for security customers
• 38:40 – The overlooked importance of agent security and guardrails

Conclusion

This episode frames the arrival of security agents as a necessary and inevitable evolution for defending at machine speed, making a compelling case for adopting agentic-first architectures. Elad Karad walks listeners through the practical and cultural changes this entails—from altering daily analyst workflows to confronting new risks surrounding agent identity and autonomy. The future, according to Karad, is not just about automating the old, but using agents to empower teams to fundamentally rethink and expand what's possible in security operations.