
Palo Alto Networks
US cybersecurity vendor; PAN-OS firewalls, Unit 42 threat intel; $8bn+ annual revenue.
Last refreshed: 8 May 2026 · Appears in 3 active topics
What role does Palo Alto Networks play in AI security and Iran cyber conflict?
Timeline for Palo Alto Networks
Mentioned in: Balderton leads Geordie's $30m AI round
UK Startups and InnovationMentioned in: AI orchestration flaw joins CISA's KEV
Cybersecurity: Threats and DefencesMentioned in: Patch Tuesday clean streak hides out-of-band KEVs
Cybersecurity: Threats and DefencesWest Pharma SEC 8-K on ransomware halt
Cybersecurity: Threats and DefencesStated first patches for CVE-2026-0300 will not ship until 13 May
Cybersecurity: Threats and Defences: CISA deadline for PAN-OS RCE lands four days earlyWhat is Palo Alto Networks' role in Project Glasswing?
Did Palo Alto Networks link Handala Hack to the Iranian government?
Is Palo Alto Networks a good investment in 2026?
Background
Palo Alto Networks is a leading US cybersecurity company offering network security, cloud security, and AI-powered threat intelligence across its Strata, Prisma, and Cortex platforms. With revenues exceeding $8 billion in FY2025, it is one of the largest pure-play cybersecurity firms in the world and a primary vendor to governments and enterprises globally. Its threat research division, Unit 42, produces attribution intelligence and incident-response reports that feed directly into government and enterprise security programmes.
Palo Alto Networks is one of twelve organisations granted access to Anthropic's Claude Mythos Preview through Project Glasswing on 8 April 2026, receiving $100 million in shared model usage credits for a system that scored 83.1% on the CyberGym benchmark.
Palo Alto Networks attributed the Handala Hack group — responsible for a destructive wiper attack on Stryker Corporation in March 2026 — to Iran's Ministry of Intelligence.
In May 2026, Palo Alto's PAN-OS captive-portal component was found to contain CVE-2026-0300, an unauthenticated RCE flaw (CVSS 9.3), exploited since 16 April by state-sponsored cluster CL-STA-1132. Unit 42 confirmed post-exploitation tradecraft including Active Directory enumeration via the firewall's service account and methodical crash-log destruction. CISA added the CVE to KEV with a 9 May federal Deadline — four days before Palo Alto's own patches were due. The company simultaneously acquired AI-gateway firm Portkey for approximately $130 million, signalling continued investment in AI security tooling. Palo Alto's dual exposure — as a CVE victim and as an active attributor of nation-state groups — illustrates the structural position of large security vendors at the centre of both the attack surface and the intelligence ecosystem.