Late Thursday, Nikesh Arora, Chairman and CEO of Palo Alto Networks communicated with the company’s shareholders, informing them that they are acquiring identity security vendor CyberArk.
“At Palo Alto Networks, we have always endeavored to become the ‘Cybersecurity Partner of Choice’ for our customers,” Arora said. “In my seven-year journey here, we delivered new products in multiple categories, ensuring they are best-of-breed and well-integrated into a platform. We have made sure to build fast, integrate faster, and, if required, acquire innovation to become the platform of choice.
“Our strategy is working, he declared. “We are positioned to become the first cybersecurity company to surpass $10 billion in annual revenue run-rate, while sustaining above-market growth. We’ve paired this with one of the highest free cash flow margins in the industry. This gives us the scale and capacity to continually invest ahead of the curve.
“As we aim to continually serve our customers and double our business again in the next five years, we remain vigilant and recognize our future success will require us to enter and redefine new categories. Our market entry strategy has centred around the fundamental belief that the best time to enter a category is at the inflection point. For example, we entered the SASE category, positioning us to take advantage of the shift towards hybrid work, and we lead the industry today. We invested in endpoint security prior to pioneering the inflection point towards XDR, and have continued to develop a revolutionary platform to disrupt the Security Operations landscape with XSIAM. Our browser bet was ahead of all market players racing to build browsers in the AI era.
“Now, we are witnessing another inflection point driven by the emergence of AI agents, creating new AI security categories and reshaping the way Identity Security is delivered, with a significant proportion of attacks driven by credential theft, we feel Identity Security needs to change,” Arora stressed. “After spending many years observing and studying the Identity Security landscape, the time is now to re-shape the $29 billion Identity Security category and lead from the front.”
Arora said that the company’s belief is centred around three principles.
“First is the convergence of Identity and Security: Identity has historically been separated by Privileged Access Management (PAM) and Identity and Access Management (IAM). Basic hygiene was covered by IAM, while PAM, offering robust security, was limited to a small number of privileged users. Today, PAM can be deployed at the same cost as IAM. With nearly 90% of breaches involving stolen or mismanaged credentials, PAM is no longer a tool solely to monitor a small set of administrators. In the future – every user, machine and AI agent should be considered a “privileged user.”
As the category-defining company in PAM, CyberArk’s reach extends to over 55% of the Fortune 500 and over 8 million privileged end users. With their technology advantage, the right product strategy and strategic partnership with Palo Alto Networks, CyberArk will be able to BOTH (a) deepen their penetration in PAM and (b) target the significantly larger base of global IAM users and machine identities.
The Need for Platformization in Identity Security is also key, Arora said. “The Identity Security category is highly fragmented with over one hundred vendors vying to capture the customer’s attention across multiple functional domains. These domains are converging as the complexity of stitching together disparate solutions and the rise in identity-related breaches push enterprises to favor better integration. We fundamentally believe the future of Identity Security is aligned with the vision that every identity requires the right level of privilege controls, and not the “IAM fallacy” and has to include the principles of Identity Governance and Administration in the same platform.”
CyberArk’s core PAM offering is foundational to a modern Identity Security platform. Importantly, Arora said that “the company also shares our vision for platformization, having expanded from its leadership position in PAM to critical adjacencies in machine identity, IAM and Identity Governance & Administration (IGA). In partnership with XSIAM, together we can enable Identity Security for the age of AI to drive near real-time response against the next-generation of AI threats.”
The rapid proliferation of machine identities is a widespread phenomenon across organizations in all industries, Arora emphasized. Today, the ratio of machines to humans in the enterprise is estimated to be 80:1. The rise of AI agents will only accelerate this further. AI agents can act unpredictably, potentially gaining unauthorized access and even exposing credentials. We firmly believe that AI agents will need to be treated as privileged users, as mere authentication provided by traditional IAM is insufficient.
“CyberArk has the leading foundation in both PAM and Machine Identity needed to manage security permissions for AI agents,” Arora declared. “A combination of Palo Alto Networks and CyberArk will create the leading platform for securing AI end-to-end – from managing access for agentic identities to enforcing security policy for AI apps and agents in runtime.
For each inflection point, Arora said Palo Alto Networks assesses whether an opportunity disrupts existing technology, requiring new vendors to emerge, or can be addressed by the larger established players. When the inflection point requires an entirely new approach, we have more often favored smaller vendors. In all cases, we look to acquire the leading technology and become a force multiplier through joint innovation and go-to-market efforts. In this instance, we believe 1) the large PAM vendors are best positioned to address emerging identity security needs, as the widespread deployment of AI agents makes privileged controls more important, and 2) that CyberArk is by far the category-leading technology.
“We envision Identity Security becoming the next major pillar of our multi-platform strategy, complementing our leadership in Network Security, SASE, Cloud Security and Security Operations,” Arora said. “We will work to seamlessly integrate these best-of-breed platforms to ensure customers can respond faster to rising AI threats. He noted that CyberArk’s Board of Directors has unanimously approved moving forward with this proposed transaction, and that the companies have reached an agreement to acquire CyberArk for $45.00 in cash and 2.2005 shares of Palo Alto Networks common stock for each CyberArk share, which represents a 26% premium to the unaffected 10-day average of the daily VWAPs of CyberArk as of Friday, July 25, 2025. Following the close of the transaction, Arora stated they we will optimize their combined go-to-market resources and continue to lead innovation. We believe this accelerates our mission to double the value of our joint businesses over the next five years.
“In conclusion, we believe the combined company will become the cyber guardian for our customers, allowing them to focus on their core business objectives and adopting AI, furthering our mission for our customers – “A world where each day is safer and more secure than the one before,” Arora concluded.