Disclaimer: Opinions expressed are solely my own and do not express the views or opinions of my employer or any other entities with which I am affiliated.
Like everyone else in the security world, I saw the rumors about Palo Alto Networks potentially acquiring Protect AI for a staggering $700 million. Given Palo Alto Networks’ recent acquisition track record under CEO Nikesh Arora, this wouldn’t be too surprising. Their latest acquisition, Talon and Dig, were clearly bets on the future: enterprise browsers and data security.
You have to give them credit. Palo Alto Networks has done a remarkable job reinventing itself for the cloud era, especially considering how late they were to that party. Through smart, strategic acquisitions (rather than organic development), they’ve managed to stay competitive with cloud-native upstarts like Wiz. That’s no small feat—acquisition integration is hard, and they’ve done it better than most.
So, what’s the deal with Protect AI, and why would Palo Alto be interested?
What is Protect AI?
Palo Alto Networks is a well-known brand that started in the firewall market but is now primarily in the cloud security market, so it needs no introduction.
Protect AI is a Seattle-based cybersecurity startup focused on securing AI/ML systems. Their platform appears to have three core offerings: model scanning, runtime security, and red teaming.
Let’s unpack that.
Model scanning strikes me as a shrinking opportunity. The trend is moving away from organizations training their own models, and toward using hosted LLMs like OpenAI or Anthropic, with fine-tuning. Kevin Weil, Chief Product Officer at OpenAI, made this point on Lenny’s Podcast, emphasizing that most teams should have an ML engineer fine-tune a hosted model, not build from scratch. If that’s the direction things are going, most companies won’t have proprietary models to scan—limiting the market for standalone model scanning tools.
Runtime security is more promising. As developer velocity increases and application architectures get more complex, having runtime visibility and protection for AI workloads will matter. But again, this feels like a feature that belongs within broader cloud or infrastructure security platforms—not something that stands on its own.
Red teaming for AI is the most ambiguous of the three. Most security issues in AI today are still general application or infrastructure flaws—not model-specific vulnerabilities. That makes me think this should be a capability folded into existing security validation or exposure management platforms like SafeBreach or Cymulate, rather than a separate product line.
The Bigger Picture
Overall, Protect AI’s platform feels like a niche play in a space that’s still defining itself. I don’t see a long-term standalone market for “AI security” as a separate category… at least not yet. More likely, the real opportunities will be absorbed into existing cloud, infra, or application security markets.
If Palo Alto Networks does go through with this acquisition, it might be a signal more than anything else: a bet that AI security will eventually break out as its own category, or at least become a “checkbox” capability that cloud security vendors need to offer. Whether that bet pays off remains to be seen.
What are my thoughts on this potential acquisition?
tl;dr: If the deal goes through, it’s a win for Protect AI, but a strategic yet uncertain bet for Palo Alto Networks.