The Platform Story Meets Privilege Reality: CyberArk as Palo Alto’s Missing Control Plane

Palo Alto Networks has closed its acquisition of CyberArk, strengthening its identity security portfolio as part of a broader platform strategy. 

For many security leaders, the logic is straightforward. Enterprises have invested heavily in network security, endpoint controls, cloud security, and detection and response. Yet identity and privilege still tend to be uneven across environments, and that inconsistency shows up in incident response and audit findings. Attackers keep going after credentials because they remain one of the fastest paths from an initial foothold to broader control.

Why Buyers Pushed Identity and Privilege to the Top

Over the past few years, in continuous conversations with CISOs and security leaders, a consistent pattern has emerged. Security programs have matured across network defenses, endpoint controls, cloud security, and detection and response. Yet when incidents happen, when auditors dig in, or when teams run tabletop exercises, the same gaps keep resurfacing. Identity and privilege sit at the center of those gaps because they determine what an attacker can do after the first compromise.

Zero Trust initiatives keep hitting the privilege wall: Many organizations have strengthened authentication and workforce access, but standing privilege and overly broad entitlements remain common. Privileged access tends to accumulate through exceptions, inherited permissions, and “temporary” access that never gets removed. After an initial foothold, escalation and lateral movement often become a permissions problem rather than a malware problem. Security teams can detect suspicious activity, but they struggle to rapidly remove privilege in a way that does not break operations.

Non-human identities have outgrown governance: Cloud adoption and automation have created a sprawling layer of service accounts, workload identities, API keys, tokens, and certificates. These identities often lack clear owners, have weak lifecycle processes, and persist long after the original workload or project changes. Secrets end up scattered across code, build systems, scripts, and integrations. This is one of the most common sources of hidden risk because it is hard to inventory and even harder to keep current.

Automation and AI amplify the impact of misuse: Whether the “actor” is a script, a pipeline, or an autonomous agent, permissions can now translate into actions at machine speed. The most immediate failures are predictable: over-privileged identities, weak guardrails, poor monitoring of what was accessed or changed, and slow revocation when something goes wrong. The result is a higher probability that a single compromised credential can trigger a chain of actions before humans notice and intervene.

These problems are not new in concept, but they have become more urgent as organizations push more critical workflows into cloud services, automation, and AI-assisted operations. Identity and privilege moved to the top because they have become the practical limiter on both breach containment and safe adoption of automation.

CyberArk Brings the Privileged Identity Depth Palo Alto Was Missing

Palo Alto Networks already had breadth across major security domains. Deep privileged identity security remained a gap as a first-party pillar.

CyberArk’s strength has been privileged access and the operational machinery behind it: vaulting and rotating privileged credentials, brokering and recording sessions, reducing standing privilege, and enforcing least privilege for identities that can cause the most damage when misused. Those controls cut across IT operations, DevOps, audit, incident response, and the practical reality of exception-heavy enterprise environments.

CyberArk also started moving early on securing AI agents with privilege controls. In November 2025, CyberArk announced an identity security solution purpose-built to protect AI agents with privilege controls and visibility. That aligns with where buyers are heading: agents and automation that need controlled access, clear lifecycle ownership, and fast revocation when behavior deviates.

A second advantage is trust with identity teams. Identity security programs tend to fail when vendors gloss over auditability, operational workflows, or exception handling. CyberArk’s footprint in privileged access gives Palo Alto a more credible entry point for those discussions.

What Buyers Should Do Next

Whether you are a Palo Alto customer, a CyberArk customer, or both, the next steps can stay practical.

If you run CyberArk today

• Ask for a clear “continuity and change” roadmap: what stays stable this year, what gets integrated, and what gets retired. Tie it to commercial terms and support commitments, not just product messaging.
• Protect interoperability: Confirm that the integrations you depend on remain supported even if you do not standardize on the broader Palo Alto platform.
• Expand scope beyond admin PAM: Prioritize non-human identities: service accounts, secrets, pipelines, and workload access.

If you run Palo Alto today

• Treat identity as an outcomes program: Prioritize reduction of standing privilege, tighter secrets handling, and measurable blast-radius reduction through drills and metrics.
• Push for operational integration: Ask how identity signals feed detections and how response actions can drive access changes quickly.
• Keep your IAM ecosystem intact: Many enterprises will continue to rely on identity stacks and partners outside Palo Alto for the foreseeable future. Palo Alto has partnered with Okta on identity-driven security integrations, and customers will watch whether that approach continues after the acquisition closes.

If you are both

• Use your leverage to demand integration milestones that show up in operations: fewer consoles, less manual correlation, and faster containment when identity risk increases.

How Palo Alto Can Deliver on the Promise for Buyers

Integration success will be judged in workflows and control improvements that buyers can measure.

1. Preserve privileged identity depth: Maintain audit trails, session controls, credential protections, and operational rigor that make privileged identity security credible in regulated and complex environments.
2. Build closed-loop control paths: Buyers want identity risk to drive actions such as step-up authentication, session termination, privilege removal, secrets rotation, and rapid revocation. Make those paths reliable across SecOps and identity operations.
3. Remain ecosystem-friendly: Many customers will keep identity providers and governance platforms that are not Palo Alto. Strong interoperability reduces adoption friction and keeps the focus on risk reduction.
4. Publish an “agentic identity” operational blueprint: Provide a reference model that covers discovery and inventory, privilege boundaries, secrets handling, monitoring, and emergency revocation for agents.

Palo Alto’s announcement sets expectations that identity, including machine and agentic identities, is central to its platform strategy. Buyers will judge the outcome based on execution quality, packaging clarity, and whether integration reduces friction without weakening control.