Attackers Have Agents. Do You?

Apr 9, 2026

Elad Koren, VP of Product Management for Cortex Cloud and AI agents expert, explains agentic-first security and why machine agents are already running. Short takes on how agents automate analyst basics, change SOC roles, and require identities, guardrails, and new data approaches. He also outlines concrete agent tasks and why defenders must plan for agent security now.

Ask episode

AI Snips

Chapters

Transcript

Episode notes

ADVICE

Automate Repetitive Analyst Tasks Proactively

Do design agents to run background tasks, surface dashboards, and proactively suggest automations so analysts get value without asking.
Elad describes agents that spot repeated manual actions and offer to automate them for reviewers.

INSIGHT

Agents Shift Analysts Toward Higher Value Work

Agents raise analyst capability by freeing cognitive bandwidth so tier-one analysts can perform tier-two tasks and tier-three can orchestrate defenses.
Elad argues AI lets humans focus on complex pattern recognition and proactive threat work.

ANECDOTE

Analyst Surprised By Built In Automation

A lead analyst expected to rebuild old manual rules in the new platform and was surprised to find Cortex already automated those tasks.
Elad recounts smiling and telling them, You don't have to — it's already done for you.

Get the Snipd Podcast app to discover more snips from this episode

Get the app

What happens when your security analyst isn't a person?

Elad Koren, Vice President of Product Management for Cortex Cloud at Palo Alto Networks, returns to Threat Vector to pull back the curtain on what an agentic-first security experience actually looks like in practice. This isn't a vision deck. The agents are already running.

When Elad joined the show for Why Proactive Security Can't Wait, he made the case that reactive security can no longer keep up with adversaries who move from initial compromise to data theft in under five hours. This episode picks up where that conversation ended, with host David Moulton and Elad discussing the tools built to close that gap.

You'll learn:

What "agentic-first analyst experience" means and why it changes the SOC fundamentally
How Cortex is deploying autonomous agents across the platform and what they actually do
What XDL 2.0 is and why defenders need to understand it now
How product leaders are making security faster without making it reckless

Elad brings over two decades of experience in security, spanning RSA, PerimeterX, Salt Security, and now leading product for Cortex Cloud at Palo Alto Networks. He holds a CISSP and a patent in autonomous risk monitoring.

This episode is essential listening if you're: a security leader evaluating agentic AI tools, a product-minded practitioner curious how AI is reshaping cloud defense, or a CISO trying to figure out what's hype and what's already in production.

#AI #Cloud #autonomous

Related Episodes:

#AIAgents #CloudSecurity

About Threat Vector

Threat Vector by Palo Alto Networks is your premier podcast for security thought leadership. Join us as we explore pressing cybersecurity threats, robust protection strategies, and the latest industry trends.

The podcast features in-depth discussions with industry leaders, Palo Alto Networks experts, and customers, providing crucial insights for security decision-makers.

Whether you're looking to stay ahead of the curve with innovative solutions or understand the evolving cybersecurity landscape, Threat Vector equips you with the knowledge needed to safeguard your organization.

Palo Alto Networks

Palo Alto Networks enables your team to prevent successful cyberattacks with an automated approach that delivers consistent security across the cloud, network, and mobile.⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ ⁠http://paloaltonetworks.com.⁠⁠