Why AI will be hard for Palo Alto Networks (and other cloud security companies)
The developer is a tricky persona
Disclaimer: Opinions expressed are solely my own and do not express the views or opinions of my employer or any other entities with which I am affiliated.
Like everyone else in the security world, I saw the rumors about Palo Alto Networks potentially acquiring Protect AI for a staggering $700 million. Given Palo Alto Networks’ recent acquisition track record under CEO Nikesh Arora, this wouldn’t be too surprising. Their latest acquisition, Talon and Dig, were clearly bets on the future: enterprise browsers and data security.
You have to give them credit. Palo Alto Networks has done a remarkable job reinventing itself for the cloud era, especially considering how late they were to that party. Through smart, strategic acquisitions (rather than organic development), they’ve managed to stay competitive with cloud-native upstarts like Wiz. That’s no small feat—acquisition integration is hard, and they’ve done it better than most.
So, what’s the deal with Protect AI, and why would Palo Alto be interested?
What is Protect AI?
Palo Alto Networks is a well-known brand that started in the firewall market but is now primarily in the cloud security market, so it needs no introduction.
Protect AI is a Seattle-based cybersecurity startup focused on securing AI/ML systems. Their platform appears to have three core offerings: model scanning, runtime security, and red teaming.
Let’s unpack that.
Model scanning strikes me as a shrinking opportunity. The trend is moving away from organizations training their own models, and toward using hosted LLMs like OpenAI or Anthropic, with fine-tuning. Kevin Weil, Chief Product Officer at OpenAI, made this point on Lenny’s Podcast, emphasizing that most teams should have an ML engineer fine-tune a hosted model, not build from scratch. If that’s the direction things are going, most companies won’t have proprietary models to scan—limiting the market for standalone model scanning tools.
Runtime security is more promising. As developer velocity increases and application architectures get more complex, having runtime visibility and protection for AI workloads will matter. But again, this feels like a feature that belongs within broader cloud or infrastructure security platforms—not something that stands on its own.
Red teaming for AI is the most ambiguous of the three. Most security issues in AI today are still general application or infrastructure flaws—not model-specific vulnerabilities. That makes me think this should be a capability folded into existing security validation or exposure management platforms like SafeBreach or Cymulate, rather than a separate product line.
The Bigger Picture
Overall, Protect AI’s platform feels like a niche play in a space that’s still defining itself. I don’t see a long-term standalone market for “AI security” as a separate category… at least not yet. More likely, the real opportunities will be absorbed into existing cloud, infra, or application security markets.
If Palo Alto Networks does go through with this acquisition, it might be a signal more than anything else: a bet that AI security will eventually break out as its own category, or at least become a “checkbox” capability that cloud security vendors need to offer. Whether that bet pays off remains to be seen.
What are my thoughts on this potential acquisition?
tl;dr: If the deal goes through, it’s a win for Protect AI, but a strategic yet uncertain bet for Palo Alto Networks.
For Protect AI, this is a great outcome. The company is operating in a nascent and somewhat volatile space, likely facing market risk and pressure to raise more capital to stay afloat. Getting acquired at a rumored $700M valuation is an impressive return for early traction in an uncertain market.
For Palo Alto Networks, my initial reaction was that this seemed like a bad move. But as I’ve been writing this post, I can see how it could make sense.
Sure, $700M is steep, but we’re in an environment where anything AI-adjacent commands a premium. Protect AI raised a $60M Series B just under a year ago, suggesting Palo Alto is paying a serious premium for early traction. Just look at compensation packages for AI roles, or the bidding war for AI-savvy talent. From that lens, the price tag isn’t that wild.
More importantly, this might be Palo Alto trying to get ahead of a new trend, rather than playing catch-up like they did with cloud security. They’re already positioning their products as more AI-driven, and this acquisition could be a way to build credibility in the AI security segment, a category in which they currently don’t have much of a foothold.
So how might Protect AI fit in?
The runtime security product is probably the cleanest fit. It could slot nicely into Palo Alto’s cloud security portfolio.
The red teaming product might be integrated into Cortex Xpanse (from the Expanse acquisition), especially if it evolves into a more general exposure management tool.
The model scanning product feels like the odd one out. Palo Alto doesn’t have a strong product security or vulnerability management offering, and frankly, I think this is the weakest part of Protect AI’s lineup anyway.
But maybe the biggest win here is talent. Hiring AI security experts is hard and expensive. If Palo Alto wants to build more AI-driven features across its portfolio, this gives them a solid team with real-world experience.
They’ve also been relatively quiet on the AI security front—probably because their core customers are in IT security, where AI hasn’t (yet) made a huge impact. Acquiring Protect AI could help them break into that conversation and start building for the next wave.
Cloud vs. AI: Two Very Different Markets
This isn’t just about Protect AI. It’s about a broader shift, and why it’ll be hard for cloud security companies to pivot to AI.
AI security is fundamentally different from cloud security, especially when you look at when Palo Alto and others entered the cloud market. At that time, cloud use cases were clear: companies were cutting data center costs, improving elasticity, and preparing for scale. That made it relatively easy for security vendors to follow the money and the tech.
It’s a totally different story for AI. The use cases are still emerging. It’s not even clear where the biggest value is yet. One promising area is developer productivity, i.e. vibe coding. And that might be the sleeper use case that reshapes both the AI application stack and the security industry along with it.
The personas are also different.
Cloud adoption was driven by infrastructure engineers and DevOps teams—many of whom had transitioned from traditional IT. This made cloud security a natural extension of IT security. Palo Alto and others were able to sell to familiar buyers with familiar motions.
AI, on the other hand, as of right now, is developer-led. And selling to developers is a totally different game. It’s a bottoms-up motion built on adoption, trust, and influence, not enterprise sales.
Palo Alto Networks has never had to win over developers. Most security companies haven’t. Contrast that with CrowdStrike, which has stayed quiet on AI-specific acquisitions. Even Wiz, which has started dabbling in application security with Wiz Code, hasn’t nailed this market yet.
And yes, there’s an infrastructure angle to AI security, but it’s limited. The real action will be in application security as AI fundamentally changes how software is written, tested, and shipped. This shift could be bigger than the transition from waterfall to agile.
But here’s the catch: if cloud security vendors want to win in AI, they’ll need to deeply understand developers. Not just sell to them but also build for them. That’s a cultural shift most of these companies aren’t ready for.
Security has long been infrastructure-first. But AI is product-first. And that’s where the future is heading.
Palo Alto Networks acquiring Protect AI, if it happens, is a smart signal to the market that they’re not sleeping on AI. But beyond the headlines, it highlights a broader tension: legacy security companies are trying to bolt on AI capabilities without rethinking who their users are and how they buy.
Winning in AI security won’t just require new products. It’ll require new thinking and a new relationship with developers.
Some open questions:
Will this kick off a wave of AI security acquisitions?
Will the developer-focused security companies in appsec, such as Snyk and Semgrep, dominate the AI security market going forward, or will the next great AI security company come from outside the traditional security stack entirely?