Threat Vector by Palo Alto Networks

Elad Koren, VP of Product Management for Cortex Cloud and AI agents expert, explains agentic-first security and why machine agents are already running. Short takes on how agents automate analyst basics, change SOC roles, and require identities, guardrails, and new data approaches. He also outlines concrete agent tasks and why defenders must plan for agent security now.

Wendi Whitmore, Chief Security Intelligence Officer and veteran incident responder from Mandiant, CrowdStrike and IBM X-Force. She talks about AI-driven attack speeds and why defenses must operate at machine pace. She contrasts Volt Typhoon and Salt Typhoon motivations. She outlines building resilient teams, operational telemetry sharing, and the need for both AI for security and security for AI.

Sailesh Mishra, AI security practitioner and founder with experience at Uber's Advanced Technologies Group and AI startups. He explores autonomous agents that act, not just answer. He warns about agents with persistent memory, logic-bomb style attacks, and indirect prompt injection in the wild. He stresses scoping agent identity and monitoring every tool call to catch time-shifted, stateful threats.

Jeremy D. Brown, Consulting Director at Unit 42 with extensive ransomware negotiation and incident response experience. He recounts how initial contact yields forensic clues and which attacker playbooks are most common. He explains timing, who should be at the table, why politeness helps, and which groups are too risky or sanctioned to engage.

Erica L. Shoemate, former FBI and U.S. intelligence leader turned AI and policy strategist, explores how AI compresses decision timelines and reshapes security. She discusses governance built alongside innovation. Short, sharp takes cover human-centered design to avoid cognitive overload, the strategic role of trust, and why policy should be guardrails rather than brakes.

Brandon Hogle, Consulting Director experienced in Zero Trust architecture across commercial, federal, and defense; LeeAnne Pelzer, Senior Consulting Director who operationalizes Zero Trust for business outcomes. They discuss why Zero Trust often stalls, visibility and asset inventory gaps, outcome-driven quick wins, dynamic access by user and device context, breaking silos for shared outcomes, and pragmatic steps to sustain Zero Trust over time.

Andy Piazza, Senior Director of Threat Intelligence with 20+ years in ops, and Justin Moore, Senior Manager with intelligence and rapid‑response experience, walk through Unit 42’s Iran threat brief. They discuss active hacktivist groups and which claims are unverified. They explain how Iran’s outages shift activity worldwide. They highlight dispersed operators, TTPs to watch, and immediate defensive priorities.

Evan Gordenker, Director-level investigator of DPRK operations and AI security, reveals how North Korea embeds fabricated identities and accomplice networks into legitimate hiring pipelines. He discusses deepfakes, interview stand-ins, and AI-assisted deception. He also covers how roles are chosen, facilitator infrastructures, detection gaps in HR and security, and the shift from wage theft to extortion.

Steve Elovitz, incident response leader for Unit 42 with 15+ years at Mandiant, PwC, and Booz Allen, breaks down what 750+ breaches reveal. He discusses shrinking detection windows and autonomous containment. Identity as the top attack surface and overprivileged SaaS integrations get focus. High-ROI defensive priorities like segmentation, identity hardening, and visibility are highlighted.

Birat Niraula, a security leader who protects enterprise, network, on-prem, and cloud systems. He digs into how poor security UX creates backdoors. He contrasts protective friction like MFA with harmful friction that drives workarounds. He warns of AI repeating cloud security mistakes and urges embedding seamless security in design to keep velocity without adding risk.