Attackers Have Agents. Do You?

A

You're listening to the Cyberwire Network powered by N2K. The future is going to be very different than what we are experiencing today. And everyone needs to be prepared for that future. Foreign.

B

I'm David Moulton and this is Threat Vector. Today I'm back with Ilan Karad, Vice president of Product management for Cortex Cloud at Palo Alto Networks. When Elad joined me the first time, we talked about why reactive security can no longer keep pace with adversaries who move from initial compromise to data theft in under five hours. Today we're building on that foundation. You, Elad walks me through what it looks like to build security that runs at machine speed, including the new agentic first analyst experience inside Cortex Cloud. What's changed with XDL 2.0 and why? The agent identity problem may be the next big challenge defenders aren't ready for. Elad, welcome back to Threat Vector. Good to have you here again.

A

Hey David, thank you. Great to be here again.

B

Talk to me a little about what's changed since we last spoke. You know, last time we were digging into why reactive security was breaking down. What shifted in how you're thinking about the problem?

A

I think the biggest thing that changed is that there's an acceptance of this gap. It's no longer a question. Right. I think everyone knows that manual triage is basically dead. I think what stayed in the game is more of the fact that leaders, they understand that it's no longer a staffing shortage. I think the industry has widely adopted the concept that it's more about the signal processing shortage and hiring more will not solve the problem. I think that is the fundamental change from that point and that means that we're seeing more receptiveness and more wide understanding that to fight AI and to fight machines, you need the proper machines on your side as well. I think that is the biggest thing.

B

Elad, last time you were on, you talked about the gap between how fast adversaries move and how slow security teams can respond. And since that conversation, have you seen a change? You know, are things getting better? Are adversaries getting slower and or have things stayed really stubbornly the same?

A

I think we are seeing the shift in many, many things. Adversaries are actually moving way faster than they moved in the past. I think we are seeing how the complexity of the organization also changes and moves much faster. With fib coding and everything we've seen coming up, all of this combined creates an even bigger problem and the gap only widens. It's not slowing down. This is why most organizations as I mentioned already accepting the fact that this gap is unsolvable with more humans. Even if you had, you have to have those machines in place just because everybody's moving so fast. Adversaries, engineering, the business, and you have to catch up. Right. So I think this is definitely a huge leap forward.

B

You know, it's a different context, but I think it's the same problem. I spent the first half of my career on design teams, and a lot of times as a consultant coming in to work with engineers and design. A client would say, just add more designers, just add more engineers, and it'll go faster. Right. You could build a thing with a small team in nine months, and if you double the team size, you could do it in half or maybe even faster. And what we always realized was that math doesn't work. There's a communication overhead. There's more people working in different directions, not always together. And at a certain point, more people makes you go slow. So it seems like there's gotta be a fundamental architecture or systematic change that you would look at. Is that a valid way of thinking about the problem space of, you know, just keep adding more, if they exist, doesn't actually move your speed curve in the direction you want to?

A

Yeah, I think this is not something that is feasible. One, if they exist. I think the other question is think about the challenge that a team, if you increase the size by 4, the level of coordination and the ability to grasp the simpler and more complicated concepts of everything they need to do, fundamentally changes. You increase the team, you increase the complexity, you increase the way they need to operate with each other. So by design, no pun intended, you have a problem, new problem in this equation. So the larger the team is, the lower the efficiency of that team. And you see that in every single case. So there's no linear growth there. I think if you think about it, the. The only way to have the proper force multipliers, if you add more capacity. And notice that I'm not saying more employees or humans, I'm saying capacity when designing this. Capacity to fit to what the team that needs to do the job needs. Right. If you have a group of very smart individuals and they need to do manual effort, you're probably not utilizing their capabilities. If you have a team of individuals that are great at what they do, they analyze data, and you have just more data to analyze, that's great, you can analyze more data. But if you need to gain insights or to make sense of that data or to draw conclusions, that this team, just by increasing the size will probably, probably never achieve. Then you're not really adding the needed capacity that if you tie it back to what ultimately are we trying to achieve? I think that is the right question to ask what are we ultimately trying to achieve if we're trying to get to that conclusion, that job to be done and analyze what's the capacity you need and do that efficiently. And I think that is the right answer. And I think that brings us to the discussion around AI agents and how that fits into the broader picture of teams today, by the way, in security and any other industry to that matter.

B

Well, let's dig into that a little bit. You know, I keep hearing this phrase, the agentic first analyst experience really rolls off of my tongue. That's the kind of term that I think could mean anything or nothing, depending on who's using it. And maybe you can help me understand what does that actually mean the context of what you're building here and, and what does it, you know, why does that matter for the experience for those defenders that are out there looking to grow their capacity?

A

Great, great question. I think, I think a good way to think about it is probably a good analogy would be cars for a second, right? When we think of agentic first environments, agentic first systems, platforms, you should think a self driving car type of thing, right? It's not just that bolted AI or integrated AI on top of something that is more of lane assist or cruise control. That is something adaptive cruise control. You measure the speed from your car in front of you and you can adjust the speed accordingly or lane assist as well. But if you think about self driving cars, that means that somebody thought of the entire process. You need to navigate, you need to plan, you need to have the traffic analysis. This is the agentic first experience. You're thinking on the agents as part of the architecture. You're not um, you're not building this on, on top of that. This is, this is where we flipped the, the, the order of things. Instead of taking existing systems and just applying AI on those systems, we thought AI first and, and being agentic first be it saw cloud exposure management, you know, what have you. You're thinking of how you can automate things with AI agents and help them do things in a more efficient way to increase the virtual size of any customer's team, any company's team that's using that. And I think that is the fundamental change and difference between just a AI bolted on or integrated with agentic first experience.

B

Well, talk to me about what that looks like for like a Security analyst in their day to day when they have that agentic first versus AI was just added on as a feature or, you know, kind of a layer tucked in.

A

Yeah. So let's, let's think about what happens when you have an AI layered on top. You may have a copilot or some interactive layer that you can, you can ask questions, you can ask for data, you can maybe even tell it, you know, what, generate a script that will do X for me. Something that means that it has access to the data, it can analyze things, it can help you get the data, it can, with the right API, probably do additional things, but it stops there. And when you try to improve this, it still remains an external piece of that system. When you think of agentic first experience, this means that when you go in and you look at a dashboard, it can be a dashboard generated by AI based on all the things that are interesting for you, even before you thought about that. It can also be the agents that run in the backend because of all the things that you've instructed the system to solve automatically for you. It is an AI agent that runs in the background and analyzes all the actions done by the analysts manually and basically says, hey, in the last couple of days you've done these things automatically. Would you like me to automate that for you? Do you want me to do that instead of you going in and doing that yourself? And based on that, you know, do you want me to also find other ways just like you'd, you'd think of an employee, right, in a way that would work for you and find more things that it can do for you, not the one that you need to tell them, hey, do this for me or do that for me, then that is what we're building here. Ideally, I think the North Star of how we are thinking about it is more of secured by design, by design with everything that happens in the background. And ideally you come in and you say, hey, what did you do for me in the last couple of days? If you didn't get that already? This is where, you know, we are working towards.

B

So help me understand something. You know, I'm imagining. I'm a SOC analyst, I'm sitting in front of my console today. Normally I'd be handling triage or correlation or, you know, even initial response, but now that's something that I've said, yes, right? Or maybe I don't. Maybe there's some of those things where what you're imagining is, you know, I've seen you do this. Would you like me to take care of it. And there's some autonomy at the human, but you know, imagining that you've offloaded some of that work, maybe, maybe all of it. What's left for the person to do and what is that job? Is it better? Is it just very different? I'm trying to paint that picture.

A

Yeah, I think it's a great, great discussion because I think many people out there are thinking, oh, so you know, what will we do if AI agent, will they replace us? Are they complimenting us? I think what people tend to forget is that and I think anyone encounter that if not encountering that as we speak, we never get to the more complicated higher level tasks that we want to do. Right. Those that require deep thinking because we are caught in the day to day answering hundreds of emails or doing all the regular things. Think about security analysts analyzing so many data points and trying to connect the dots and trying to make sense of certain things, triage. What if all the AI agents could do all these basic things for all of these analysts and they would actually turn a Tier 1 analyst to a Tier 2, Tier 3 analyst just by being there for them and allowing them to identify the patterns that they are required to identify. What if tier 3 analysts could orchestrate all of those? And to say hey, what about those new MOs or what about this potential new threat that I have? I think this is where specifically in security, but also generally in software, we're enabling with the AI agents or the agentic era agentic first platforms, we're enabling humans to do more not just by using the AI agents that's given, they'll do more things. It's allowing them that mind share or that attention span that many, many times is not something we can achieve to do the more complex things, to invest and investigate those things that require the human mind because well, let's face it, we are still very much needed in the process. I think now we can utilize our brains to the right task. That's how I view this.

B

Sue Elad, you talk to analysts, maybe not their managers, but the analysts themselves. And I'm curious, what's their emotional response to this picture you're painting? Is it relief? Is it maybe some skepticism? I've noticed that in our industry. Is it fear?

A

I think you see a mix of all of those and it heavily relies on or dependent on their state of mind, where they are in their career, where they are in the way they see how AI complements what they do. I think in general, the more common reaction that I see is curiosity. It's the understanding that something's going to change. Some of them adopt change really fast. Some of them don't. I think ultimately what we are seeing with analysts is that they need to trust the system. They need to become more familiar with the new ways of operating. There's an interesting thing that happened this one time. We were interacting with a customer and one of their lead analysts said, well, I need all of these things to be done in your system. And all the things that they listed are things that they've done with the old system that was a legacy system, that they did things manually, they built rules. And they said, well, where can we do all of these things in your platform? And I was looking at them and smiling and saying, you don't have to. You understand it's already done for you. Yeah, you can review all of these things here. So some of them are looking at those things and the smart policies created the behavioral indicators of compromise that are available in the system, and they're looking at that and they understand that all the things that they've done in the past, building this in a very specific way, you need to maintain those. And now they're going into a system that many of the things they did in the past is doing that for them. So I could see that inflection point of realizing, hey, I can become more efficient now, I can do more. And once you turn around someone that is very fixed on how they used to do things, that's the biggest win. So I see a lot of that. I also see a lot of innovation. Some of them actually come back to us and say, oh, if you could do this for us, that'll be great. Because once they start that wheels running of thinking of the new, how can they do things more efficiently? They come back and they ask, for example, one of the things that we built for them, the ability to understand the cases and the things that they need to investigate way better. They said, if you could provide me with an AI summary of everything that I'm looking at. I was smiling and saying, yeah, we already have that available in beta. Do you want to see that? So I think these things, we see more of those from analysts these days, and I'm excited about that.

B

Well, there's a bunch of things running through my head, and I'm sure our listeners are having some of those same reactions right now. I don't know that everyone's gonna go where I'm about to head, but that's okay. In the 1950s, Betty Crocker released a Cake mix. And he just added water. And what should have been this like, incredible thing, you just add some water and you get cake. People didn't like it. They didn't feel like they had any input. They didn't like the fact that it was too easy. They felt guilty. So Betty Crocker removes the egg powder and they tell you, now you gotta add an egg and some water and the sales take off. And I wonder if there's something in here where, if we make it too easy, too unbelievable, where there's no input. You know, there's always that like, suspicion. But if there's a little bit of a moment where you can go, okay, I had my input and I felt like there was a partnership here. If we get there, maybe that's that bridging moment to a fully agent driven world. The other thought that comes to mind and you've made me think this is like, okay, so you get this idea of response being very fast. You get this idea the SoC now has a level of optimistic feeling that they're gonna be able to keep up or maybe get ahead. And this idea that we keep talking about, shift left, shift left, shift left. Like all the talent, all the thinking suddenly has a moment where they can go, okay, what do we do? Shifting left. How do we talk to the product teams that are putting together different experiences, different software, and make sure that what we're delivering on that side has the full complement of security earlier and earlier, so that it's more secure, which reduces the need on the backside to respond. Right. Like it's a virtuous cycle in that world. And I think that what you're describing of like, oh, if I don't have to do that, then I unlock this other opportunity. It's hard to imagine that world, but if you sit back and spend a few minutes, it could be really, really optimistic. That said, I think that there are moments when you're telling us or we're hearing that what used to take an analyst hours or days can now be done in seconds. It's almost instantaneous. And eventually that math does catch up. How do you honestly think about the headcount implications without defaulting to this comfortable answer of, well, you'll just do higher order things. Is this something that you've considered and thought about its implications on security and maybe even broader?

A

Actually, yes. So in every meeting I had, I've been in security for more than 20 years now. Every meeting I had, going all the way back almost two decades ago, I have never, not even once heard a security Leader saying, oh, I have all the people I need. My team is exactly the size I need. It's always now. We never get to all the things that we want. We never get to all the things that we have. All the alerts are noise and all the things that, that we have are killing us. And the analysts or the reps, or, by the way, not only in security, they're tired, we can't keep them. They stay for a year, then they leave and do something else. Think what would happen is the first thing that would happen is that these teams can remain at the same size, exactly where they are, and do more. Now, will they do everything they need to? Probably not. They'll still have to improve the efficiency. I think with more and more use of AI and agents, they'll be able to do that. But when they get a chance to get to all the most important things that they have and they finished with that, the immediate thing that would happen is that team will be able to do more, more than they were designed to. So I'll give you an example. Let's say you have cloud practitioners and you're looking specifically on cloud. It's easier to just imagine that you have a group of five and you need to fix many issues in cloud. So you use the right automated system and the right AI agents in your service and you finish all the basic stuff and then you go to the more advanced stuff, and then this team is able to take on all the daily load that comes in. Think of the next level. They'll be able to actually think of optimizing the cloud usage, of actually reducing some of the complexities, of actually thinking of the architecture. And these are experienced people, right? Because you don't have a team of five that handles hundreds of thousands of issues in cloud and you're, as I mentioned, always understaffed. They'll be able to think proactively on things. And that is what I think would happen. That team will not grow. That team will do so many things, more than they can today. And to be completely honest, I think we'll see that in many, many other industries. I'm talking about product management. What you see today in product management across the board, and I have many, many friends who lead product groups for very large companies, you can do today fast prototyping within a day, a day and a half, to prove the concept of a feature with two people, a product thinker and an engineering person, that they can, together with five coding, build a prototype. Naturally, it's not production grade. You need to do all the things that you'd still need to do, but you can do so many more things. I think the smarter companies out there will think, hey, instead of growing this fast with the number of people I have, the smarter companies will say, I can grow so much faster with the same number of people, maybe hiring a few more here and there as part of the growth. But I think that's the smart play. Some of the others will say, I can do exactly what I'm doing with less. But that's shortsighted because I think the true growth, the true innovation, comes when you have the people that know your system so well. They're so much involved in everything you've done so far, and you empower them. They have each of them a team of anywhere between 10 to 100 agents they can leverage. That's amazing. Think of what can be achieved if you think about that the right way.

B

Well, and even as you're talking through this idea of a know a product thinker and an engineer, those titles are what we call the team today. But that product thinker and an engineer in very short order may not be in your product group or, you know, part of your engineering team because you vibe code. And I can only imagine the. I know you said it's not production grade, but some folks aren't going to look at what they built that does the thing that they want and go production grade, schmucktion grade. Right. Like I'm gonna run this because it's solving a problem today. I can see that being the thing that extends your attack surface. And where those teams that you're talking about today are getting agents to help them out, it may end up being stasis where they're going. Well, we have more going out from the team because we've decided that's what we're gonna do. Or we're finding that the podcaster has decided to release an application and now we've gotta figure out how to make sure that Dave Moulton hasn't caused a big, trou, big problem for the company. So it's an interesting and exciting thing to think about. I think that we're naturally aligned to where's the risk? Where's the harm to us as individuals or as near term. Right. As a species, how we've stayed alive. But there are things where when you start to put a little bit more cycles and thinking on it, it does get really exciting. What could, what could come of this? Take me into the future, you know, four or five years, 30, 31. What does a sock team actually look like in that moment. You know, how many people do you think it's going to stay about the same. Have their titles been frozen in time? Do you think those changed pretty dramatically? And, you know, you've talked a little bit about what they could be spending their time on, but maybe that's the final thing that you paint a picture for the future. Sock.

A

I think the first thing that I'll say is nobody really knows. We can guess. Yeah, I think the future of four to five years, even three, will be determined by the different changes that we'll see in the next couple of months and then following. And I think it's a lot of incremental small changes, not one big one that will just at some point will get introduced and all SOC teams will just align with that. I think we will see much more SOC architects that look at everything that happens with the agentic platforms that we will have as part of the security standard. I think the teams will generally stay roughly the same size, maybe increase a bit. Because if you combine all the factors that we mentioned today, one the bad guys, AI serves them as well. They can create an infrastructure just by a simple prompt. And as long as they're there and they're incentivized to do everything that they need to do to create, generate breaches or attacks on infrastructure, defenders will have, will have a lot to do. And you combine this with the increase of code that's been written by AI agents or vibe coding with humans and the MCP servers that we're seeing spun up in many, many, many organizations that pose a huge risk. You'll see, I think the SOC consolidates with other functions in the organization to create, just like you mentioned, product and engineering. I think we'll start seeing more and more convergence between the SOC and other areas where a person will not necessarily just understand the incidents, they'll understand the infrastructure, they'll understand the security architecture of the organization. So we'll see some more convergence there. How I'm me as a, as a security practitioner, I think for an organization on both the attack surface, how it looks in the code, how it looks all the way up to a potential incident or an attack, and we'll have the data, they'll have the data available at their fingertips, right? You know, just prompt away, give me all the data that kind of looks at all of this, they'll be able to create agents, specified agents that will do things for them, and they'll manage that workforce. So I think we're heading into a future where the SOC will transcend more than just what the SOC is doing today and will converge with other teams and will ultimately orchestrate and architect all the things that happen in the security aspects of the organization. This is how I think things will unfold. Hey, maybe I'm. I don't know what I'm talking about.

B

Well, no, I don't think anyone's going to see, you know, in four years, this episode of Threat Vector where you predicted the future. Do we give you four gold stars? Five gold stars? You know, did you pass the test? But it is interesting to be able to hear from a person who's on the front lines of it and get your perspective. And I appreciate your candor on it, Elad. I know that you're introducing agents across the platform and specifically in Cortex Cloud. Walk me through what those agents are. What are they actually doing? Not at a conceptual level, but the task level. Where do they take action? Where does the human still need to be in the loop? And, um, why should agents be designed in the way that you're describing?

A

The agents that we're designing in Cortex Auden, in the Cortex platform in general, can, can operate on several levels. The first level is, let me just bring you the data and you can decide if you want to create any action. The second level can be, I gather the data. This is the action I'm recommending. Please acknowledge and approve. And the third level is, hey, I went and did that and saved you the time. And everything is fixed. Now on that specific thing, if I want to be specific, let's assume that you have an S3 bucket with problematic permissions. I can tell you, hey, here are all the S3 buckets with problematic permissions. What do you want me to do? And then I can say, hey, here's a set of S3 buckets. And these are the permissions. This is what I can do. Just prove by clicking. And then there's the very, very easy. I did that for you. Here are all the fixes I applied.

B

So as you're talking about that, there's like different levels of autonomy and authority given over to the agent. There's still moments where the human can say, this task, I've gotta be involved at whatever level. And that makes me think, like, okay, the agents are doing more work inside of the platform. And therefore identity has become a different kind of a challenge. Because you don't have a human. You have. You have the robots running loose. And I think those agents are going to need credentials and permission and access. And beyond that creates a new Attack surface?

A

Yes.

B

How are you thinking about securing the agents themselves?

A

Yeah, if you think about it, it's not entirely new. If you look at service accounts of systems that could operate in the past or still can, I think it's pretty much the same. Every agent needs to have that identity, authenticating and, you know, authorizing what they can or cannot do. And no person, this is where guardrails kick in. No person can create agents that can do more than that person can do. Right. Limited to the scope, limited to the role that this person can do. If it's an admin, they can create a super uber agent. But if it's an analyst that is limited to a certain scope, they can create agents that will or operate agents that will be limited to those scopes. Think of that as an extension of the permissions and authentication level of that person that operates them. This is how we're thinking about that. Plus identifying those, you know, you have to ultimately be able to connect it to the source.

B

So I want to talk about data Lakes next. Maybe set some context for listeners who are aren't tracking this topic really closely. Why are data lakes having a resurgence right now? And what did they enable that wasn't possible before?

A

Yeah, data is the fuel of AI ultimately. Right. So data lakes are getting that, you know, golden moment again, just like in the days of machine learning, when machine learning just started, because data is what AI agents can operate on, or AI in general can operate on. For us, we had to continue and push our data lake into a new era where it's not just connecting the points, is actually providing full context and what the different entities are doing for each other or how they interact with each other, more of, if you look at a multidimensional graph view of that, it's not just data points. It's not just, hey, this IP is connected to that IP through that identity that accessed both. It's the ability to understand the multidimensional relationship between all the data points in the data Lake and apply this into our AI to understand blast radius, to understand potential risks, to understand potential attack paths, to understand where an attacker, if they did one thing, what needs to be our next step? Because what may be because of what may be his next step or their next step. This is how we're thinking about Data Lake and how we are leveraging this as part of our solution and as part of our continued growth in how we're thinking of data and how it fuels AI.

B

So I want to ask you a question that really can only be answered by you, you're the VP of product, which means that you're living in that gap between what customers say they want and what they actually need. I'm reminded of the famous Ford quote of people tell me they want a faster horse, right? And yet Ford delivered the Ford Model T. It was very different than a faster horse. When it comes to agentic security, what are the customers asking for that you think is the wrong question? And you know, I guess the counter to that is what's the question they should be asking instead?

A

What is very visible is the different stage of many, many customers out there or organizations out there. There are some customers that are very, very early in that stage and they're, they're still asking, hey, how can I find a deeper misconfiguration? Or how can I identify the vulnerabilities and, and classify them better? Instead of asking, hey, how can I take all the basic things that my analysts used to do and automate all of them? How can I move to the next level? I think many organizations don't do that. We have some that do. We work with some closely that do. And they're asking the right questions. They're focused on how can I automate most of my work, how can I shift left in an efficient way, how can I enable my developers to work more efficiently identifying security issues as early as possible and do that through the use of your observability capabilities, using AI. Right. And I think this is something that we're seeing more and more customers ask. Not enough though yet. But I do see that. I think the other thing, and I'll finish with that. I think too many customers ask how can I make my environment more secured by fixing hygiene and posture things, but not enough for asking how can I protect that from zero days and breaches of really sophisticated attackers with the right agents, not just AI agents, but agents that run on machines and protect machines. I don't think we are seeing enough of that yet. So the combination of those two is what I would answer.

B

I like that. And it's interesting to think about your perspective as you're hearing customers asking how they can do what they were doing before better and that not being the framing that allows them to succeed in the future. All right, final question for you. Looking at where security is heading, what's the capability that defenders need to build or acquire and say like the next year to 18 months that most of them aren't thinking about seriously yet?

A

I think we're running to a short term future where agents do more. But I don't think many security leaders are thinking of how to secure those agents and the security the identity of those of those agents and how to properly deploy them the right guardrails to that extent. I think if I'm looking at how the entire security industry is going to change as a result, the fact that many organizations are still looking at permissions, manually managing those permissions, looking at just observability without the right guardrails and controls in place, this is one of the biggest gaps that I'm seeing right now in many organizations and many security solutions out there.

B

Glad thanks for coming back and talking to me and tolerating some of my odd connections to Cake Mix. It's a little bit of a departure from our usual thread. Last time you helped me understand the old model was breaking. Today it's nice to see where your head's at on what the future could be, and none of our predictions are exactly right, but it is exciting to see what's being built into the platform around agentic security and how thoughtful the product team is. Or at least how thoughtful you are leading that team.

A

Thank you David. Always a pleasure being here and talking to you.

B

That's it for today. If you like what you heard, please subscribe wherever you listen and leave us a review on Apple Podcasts. Your reviews and feedback really do help me understand what you want to hear about. If you want to reach me about the show, email me@threatvectoral networks.com I want to thank our executive producer, Michael Heller. Mix and original music by Elliot Peltzman. We'll be back next week. Until then, stay secure, stay vigilant. Goodbye for now.

A

Sam.