Palo Alto Networks brought together more than 300 clients, partners and experts at the Reina Sofía Museum for the Madrid day of Ignite On Tour 2026the traveling version of the Ignite conference that the company takes to the main capitals of the world. The agenda mixed strategic presentations, technical sessions and demonstrations on how Artificial Intelligence and automation reconfigure the resistance of organizations against increasingly sophisticated and automated threats.
From the beginning of the event, Palo Alto Networks positioned AI as a driver of innovation and, at the same time, as a new vector of risk, focusing on issues such as quantum computingthe Generative AI y agenticthe situation geopolitics and the role of the supply chain as a key attack vector.
The event was also supported by the intelligence of Unit 42Palo Alto Networks’ global threat intelligence, incident response and security consulting team, which acts as the “human arm” that complements and feeds intelligence to all of the company’s technology platforms.
AI-driven economy and the end of “traditional” security
In the opening session, Marc Sarriascountry manager of Palo Alto Networks in Iberia, framed the current moment as the transition towards an economy driven by AI, where applications and agents are capable of “planning, reasoning and acting autonomously”, opening up unprecedented opportunities but at the same time increasing the risk and sophistication of cyberattacks. Marc Sarrias stressed that this context, marked by the speed and scale of threats, means that “traditional security models are no longer sufficient and forces the adoption of new architectures and solutions,” insisting that the company’s innovations and investments are aimed at “accompanying customers in a safe adoption of AI.”
This message connects with the line that Palo Alto Networks has been defending: moving from a defensive model based on silos (network, endpoint, cloud, email, etc.) to a platform architecture where AI is used both to protect the AI models themselves and to orchestrate the response to threats in all domains. The company defends that, without that platform layer and without intensive automation, security teams cannot keep up with attackers who already work with AI tools to accelerate from compromise to data exfiltration, reducing that window from weeks to just days or hours.
Polycrisis, resilience and “jungle” of tools
Helmut Reisinger, CEO for EMEA of Palo Alto Networks, took that diagnosis a step further, framing cybersecurity in a world of “polycrisis” with geopolitical tensions, supply chain disruptions, accelerated digitalization and an “arms race” in AI that has raised the threat level exponentially. In this context, resilience is no longer recommended and becomes a structural business requirement.
Helmut Reisinger spoke about what worries many CISOs, the “jungle” of solutions from dozens of different manufacturers that companies are forced to integrate and operate. He summed it up with a powerful sentence: “Cybersecurity for tomorrow must be real-time, automated and driven by AI and must offer a path of simplification in solutions, instead of an organization having 70 different applications.” The message is consistent with the platformization strategy from Palo Alto Networks, which seeks to consolidate traditionally disaggregated functions (firewall, ZTNA/SASE, CNAPP, XDR, SIEM, SOAR, ASM, identity security…) into a few integrated control planes.
From the “best of breed” to the platform model
At Ignite On Tour Madrid, the company reiterated its commitment to a platform architecture structured around several pillars: Strata (network security and SASE), Prisma (cloud and applications), Cortex (security operations) and now Identity Securityreinforced with the acquisition of CyberArk. The thesis is that fragmentation into dozens of “best of breeds” (which we could translate as “the best of their kind”) creates data silos, visibility holes and an unsustainable operational burden for SOCs (Security Operations Centers), while an integrated platform allows standardizing telemetry, applying advanced analytics and automating end-to-end response.
This platform is based on what the company calls Precision AIthe combined use of domain-specific Machine Learning models, behavioral analytics and large language models for different use cases (threat detection, risk prioritization, automated response, analyst support, etc.). In practice, this translates into capabilities like event correlation at scale, alert noise reduction, and playbook orchestration that close the “detection–containment–remedy” cycle in minutes instead of days.
Identity as a new perimeter
One of the big strategic messages of Ignite On Tour 2026 was that identity has become the dominant avenue of attack in the modern enterprise. As organizations scale their use of cloud, automation, and AI, human, machine, and AI agent identities proliferate and continually operate with privileged access. According to data shared by Palo Alto Networks, machine identities outnumber human identities by more than 80 to 1, while 75% of organizations recognize that their human identities are governed by outdated and overly permissive privilege models, and nearly 90% have already experienced an identity-centric breach.
In this context, the relevance of Palo Alto Networks’ move to complete the acquisition of CyberArk and convert Identity Security into a central pillar of its platform strategy is understood. CyberArk’s platform protects all enterprise identities (human, machine, and agent) and integrates with Palo Alto Networks’ network and security operations blueprints, with the explicit goal of ending identity silos and managing privileged access across the entire hybrid environment from a single provider.
Agentic AI and real-time privilege revocation
The most novel dimension of this identity strategy is the explicit reference to agentic AI, the next wave of AI agents capable of acting autonomously on corporate infrastructures and data. Palo Alto Networks and CyberArk position Identity Security as the mechanism to govern not only traditional users and services, but also those AI agents as a new type of privileged identity.
Market analysts have stressed that the integration opens the door to capabilities such as “real-time privilege revocation,” that is, if the AI-powered SOC (Cortex XSIAM) detects that an AI agent is behaving anomalously, it could automate the revocation of its privileged credentials in milliseconds, limiting lateral movement and stopping identity-based attacks before they escalate. This shifts the focus from credential-only prevention to dynamic, continuous privilege monitoring of any entity (human, machine, or agentic) in the organization.
The SOC as a partner
Thierry Karsentivice president of Technical Solutions EMEA at Palo Alto Networks, focused much of his speech on the evolution of the SOC and how the company conceives its role, since it not only sees it as an internal operations team, but as a committed partner that operates as an extension of the client on a common platform. That vision is materialized in Cortex XSIAM, presented as the “platformized SOC” of Palo Alto Networks.
Cortex XSIAM is defined as an AI-powered security operations platform that consolidates traditionally separated capabilities such as SIEM, The company claims that large clients have gone from average solution times from days to minutes thanks to the combination of advanced analytics, automation and predefined playbooks, which reinforces its discourse that SOCs must operate in “real time.”
XSIAM’s approach is explicitly automation-first, meaning it centralizes data, intelligently stitches it together, applies analytics-based detection, and reduces the amount of manual interaction required to investigate and close incidents. In addition, it incorporates BYOML (Bring Your Own ML) capabilities so that customers can integrate their own models, as well as third-party EDR data ingestion treated as first-class telemetry, something key in environments where multiple legacy solutions coexist.
Proyecto Glasswing
Another of the strategic pieces that Thierry Karsenti highlighted was the participation of Palo Alto Networks in the Proyecto Glasswingan initiative led by Anthropic to “secure the world’s most critical software” in the age of AI. Glasswing brings together players such as Amazon Web Services, Anthropic, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorgan Chase, the Linux Foundation, Microsoft, NVIDIA and Palo Alto Networks itself in a coordinated effort to use AI frontier models for defensive purposes.
The technical core of the project is Claude Mythos Previewan Anthropic model with code analysis capabilities that surpass everyone in finding and exploiting vulnerabilities, and has already discovered thousands of serious vulnerabilities in all major operating systems and browsers. The obvious risk is that these types of models are used for massive attacks, which is why Anthropic has restricted their general access and has promoted Glasswing as a consortium to use these capabilities responsibly in the detection and correction of vulnerabilities in critical infrastructure and open source software.
Palo Alto Networks participates as one of the security partners that integrate Mythos into their defensive work, leveraging usage credentials that Anthropic has compromised to scan both its own and customer systems and OSS communities. For the more technical Ignite On Tour attendees, this point tied directly to concerns about the software supply chain and the need to automate the search for vulnerabilities before attackers do.
Getting ready for quantum computing
Quantum computing was another of the axes that crossed several sessions, including Thierry Karsenti’s intervention on what Palo Alto Networks is doing to prepare for the moment when quantum computers are capable of breaking the current public key encryption. Different industry forums place this time window between two and seven years, which makes the problem a present risk, especially due to the “harvest now, decrypt later” attack model (capturing large volumes of encrypted data today to decrypt it in the future when quantum capacity allows it).
In this context, Palo Alto Networks has presented Quantum Safe Securitya solution designed to accelerate the transition to the post-quantum era. The proposal is articulated in four stages: continuous discovery of the organization’s crypto ecosystem, risk assessment and prioritization, comprehensive solution and a continuous governance and hygiene layer aligned with standards such as NIST, FIPS 140-3 and DORA.
In short, Ignite On Tour Madrid 2026 has served to align Palo Alto Networks’ discourse on several fronts that are of particular concern to CISOs: the explosion of AI agents and machine identities, the “jungle” of point solutions, the threat of the supply chain and the countdown towards the breaking of current encryption.
From the company’s perspective, the answer lies in a single platform, powered by AI, that integrates network, cloud, security operations and identity, and that relies on initiatives such as Glasswing to reinforce the security of critical software and solutions such as Quantum Safe Security to anticipate quantum disruption.
