Cybersecurity giant Palo Alto Networks has launched Cortex AgentiX, which it is terming the next generation of Cortex XSOAR, and which the company says combines the power of agentic AI with the safety of enterprise-grade guardrails. As a result, Palo Alto Networks considers Cortex AgentiX the industry’s most secure platform to build, deploy and govern the AI agent workforce of the future.
As enterprises race to adopt agentic AI for productivity gains, Palo Alto Networks says that they are challenged with complex ecosystem integrations and a lack of control, a problem that Cortex AgentiX directly addresses.
“Everywhere you look, AI is taking the driver’s seat,” Gonen Fink, EVP of Products, Cortex, Palo Alto Networks, wrote in a very recent blog. “But as this new era of productivity unfolds, so does a new class of threat. AI-driven attacks are now moving at speeds up to 100X faster than any human-driven operation can hope to counter.”
This is the new speed gap, the company declared. “For too long, security and IT teams have been locked in a losing battle. Automation, our trusted tool, saved countless hours on repetitive tasks. But rigid playbooks, built for known routines, flatline against the dynamic, AI-powered threats of today. To win this race, you don’t just need to be faster. You need a new operational model.”
Starting with the SOC, the company says that AgentiX is revolutionizing automation to counter adversaries who can launch attacks up to 100 times faster with AI. Its powerful prebuilt agents are able to dynamically plan, reason and execute solutions just as an expert would, giving security analysts a decisive advantage. Ultimately, AgentiX delivers up to a 98% reduction in Mean Time to Respond [MTTR] with 75% less manual work, freeing time up for strategic initiatives.
“Unleashing autonomous agents without tight control is a recipe for disaster,” Fink stated. “That’s why we built AgentiX on our proven Cortex platform, delivering the full power of agentic AI with the control, traceability and permission management every enterprise demands. When applied to security teams, this isn’t just automation; it’s the end of manual toil. We’re freeing your experts to transform the SOC, not just chase alerts.”
“We’re delivering the foundation for a new era, built on the AI-driven Cortex platform,” Fink said. “Meet Cortex AgentiX, the industry’s most secure platform to build, deploy, and govern the AI agent workforce of the future. As the next generation of Cortex XSOAR, AgentiX is our answer to the autonomous future, built to revolutionize both security and IT operations. We are starting where the need is most urgent: the Security Operations Centre (SOC).”
“This isn’t just automation; it’s the end of manual toil,” Fink stated. “We are freeing your experts to transform the SOC, not just chase alerts. AgentiX delivers a decisive advantage, enabling you to achieve up to a 98% reduction in MTTR with 75% less manual work, freeing your team for high-value strategic initiatives.”
Since Palo Alto Networks has no desire to create disasters by unleashing autonomous agents without tight control, they headed this issue off at the start.
“That’s why we built AgentiX on our proven Cortex platform, delivering the full power of agentic AI with the control, traceability and enterprise-grade permissions you demand,” Fink emphasized. Unlike siloed tools that automate single tasks, AgentiX delivers end-to-end workflow autonomy. This new AI workforce is not built from scratch; it is trained on the battle-tested expertise of 1.2 billion real-world playbook executions from over a decade of security automation leadership. The result is a workforce of intelligent agents that can dynamically plan, reason and execute complex solutions just as a human expert would – but at machine speed.
While siloed approaches focus on automating individual SOC tasks, AgentiX delivers end-to-end workflow autonomy, and is trained on those 1.2 billion real-world playbook executions. Additionally, to help ensure seamless support for all critical enterprise tools, AgentiX comes with over 1,000 prebuilt integrations and native Model Context Protocol (MCP) support.
With Cortex AgentiX, organizations can:
Go beyond rigid playbooks with prebuilt agents that work as a seamless extension of your operations, with the first set including:
- Threat Intelligence Agent: Aggregates and enriches threat intelligence to uncover related cases and emerging adversary techniques.
- Email Investigation Agent: Automates a full-spectrum email threat response, from search and analysis to containment, across all platforms.
- Endpoint Investigation Agent: Delivers rapid analysis, forensics collection and host containment across every major EDR platform.
- Network Security Agent: Orchestrates threat response, policy control and network management across Palo Alto Networks and third-party firewalls.
- Cloud Security Agent: Secures cloud environments end-to-end, from posture and application protection to detection and response.
- IT Agent: Streamlines enterprise IT operations by automating upgrades, patching, troubleshooting, and user onboarding.
You can also build your own custom no-code powerful agents with an elegant GenAI builder that leverages over 1,000 prebuilt integrations, native MCP support as well as robust guardrails for total control.
As well, you can orchestrate complex workflows across the entire enterprise and launch context-aware agents directly from any Cortex product or orchestrate complex, enterprise-wide actions from the standalone AgentiX platform.
Finally, you can govern autonomous action with enterprise-grade guardrails and safely operate AI agents with role-based access controls and require human-in-the-loop approval for impactful actions, helping ensure agentic workflows are safe and reliable. Every agent action comes with full auditability to support the strictest compliance and security requirements.
“Cortex AgentiX stands apart by building its agentic workforce on Palo Alto Networks existing SecOps backbone and a decade of SOAR maturity,” said Francis Odum, Founder of Software Analyst Cyber Research (SACR). “This foundation is crucial: It ensures agents operate within a fully governed automation framework, unlike newer entrants that often lack enterprise-grade policy enforcement and traceability. By deploying natively across XSIAM, XDR and Cortex Cloud, Palo Alto Networks is uniquely positioned as the leader in agentic AI, delivering the scale, breadth and compliance standards required for the autonomous enterprise.”
Cortex AgentiX is available today in Cortex Cloud and Cortex XSIAM. Cortex XDR and the standalone AgentiX platform will be available in early 2026.