Palo Alto’s Helmut Reisinger sees a cyber sea change ahead as AI advances

Helmut Reisinger, Palo Alto’s CEO for EMEA, reflects on the importance of Project Glasswing, the company’s recent slate of acquisitions, and the evolution of cybersecurity in the AI era.

In two decades, Palo Alto Networks has evolved from a next-generation niche player to one of the largest global cybersecurity giants today. Under its mantra of “platformization,” the company has catapulted its revenues over its closest competitors and boosted its stock valuation to over $130 billion.

No stranger to AI use in cybersecurity, Palo Alto recently announced its participation in Project Glasswing, an AI-based vulnerability-discovery initiative led by Anthropic that many are viewing as a structural shift for the cyber industry. The initiative, which includes 10 other major technology companies as coalition partners, including AWS, Apple, Broadcom, Cisco, CrowdStrike, Google, and Microsoft, aims to leverage Anthropic’s Claude Mythos to improve the security of the software that underpins much of the world’s technical infrastructure.

It is in this context that Computerworld Spain spoke with Helmut Reisinger, CEO of Palo Alto Networks for EMEA, in Madrid at the company’s Ignite event on April 14. The interview was conducted in Spanish, a language that the multilingual Austrian executive and PhD holder speaks fluently.

Following are excerpts from that interview, edited for length and clarity.

Computerworld Spain: Let’s start with the recent announcement of Palo Alto’s participation in the exclusive Mythos project, which few companies have access to due to the power of this technology and the risk of it falling into the wrong hands. Or is this just a marketing strategy?

Helmut Reisinger: Indeed, this is a restricted release that only a few companies can access for vulnerability testing. We’ve witnessed firsthand how this pioneering model represents a radical shift. With it, we’ve detected zero-day vulnerabilities in an unprecedented number of operating systems and browsers. And it’s capable of turning most of these vulnerabilities into working exploits, with all the risks that entails. For now, we can’t say much more. We’re currently working on providing more information through a blog. In any case, the important thing is the context in which this is happening.

On the democratization of AI.

Yes. At Palo Alto, we’ve been using AI to improve cybersecurity for a long time. Back in 2014, we integrated machine learning technology into our systems, initially just firewalls. But we also develop cybersecurity solutions specifically for AI. The major challenge today is that, according to a Stanford University report, only 6% of AI deployments are implemented with appropriate cybersecurity. And this is happening in the age of agents, where for every human identity there are approximately 80 machine identities, and even more if we include agents. That’s why, thanks to our acquisition of Protect AI, a company founded by Ian Swanson, formerly head of AI at Amazon, we’ve launched a security solution for AI deployments, language models, and agents.

This is just one of several purchases Palo Alto has made recently, correct?

Yes, we just closed the deal [in February] with CyberArk, a leader in identity security. At Palo Alto, we’re convinced that AI and identity are two worlds that must go hand in hand, especially now in the era of generative systems and agents.

Another acquisition we recently completed, in January, and which falls within this context of addressing the current AI landscape, is that of Chronosphere, a leader in observability. Chronosphere is capable of managing and protecting massive volumes of AI-generated data at a lower cost — half the price — of other market players. This is an important acquisition because observability is essential in cybersecurity.

And finally, we’ve acquired Koi, a deal I expect will close in a few days. Koi’s technology focuses on agentic endpoint security — protecting businesses from the risks of using AI agents and autonomous development tools operating on users’ devices. Koi’s technology will be integrated into our Cortex XDR platform to monitor what AI agents are doing on users’ computers and detect if they are being manipulated to execute malicious commands.

I imagine effectively integrate all these companies presents significant challenges.

That’s right, because many IT companies, when they make acquisitions, focus more on contractual than technological integrations, but that’s not our approach. Our strategy involves complete technological integrations, like Protect AI, which is now part of our network platform. This aligns with our commitment to platformization using a modular system.

It’s clear that ‘platformization’ is the company’s mantra and a way to simplify life for customers, but doesn’t it also create greater dependencies, including vendor lock-in?

Yes, we sometimes hear clients say they don’t want to put all their eggs in one basket. But that’s precisely why our strategy is modular, so the client can decide. It’s also true that all the clients who have experienced a massive data breach have opted for complete platformization. In fact, our founder [Nir Zuk] has always said that “everyone will switch to platforms as soon as they suffer a mega-breach.”

The speed of platform adoption, therefore, will be determined by the client themselves, their business, their use cases, their existing contracts, and so on. We are also making efforts to reduce costs to encourage clients to migrate and simplify their platformization process. Furthermore, we mustn’t lose sight of the fact that the approach to cybersecurity must be comprehensive; it’s a global chain.

Regarding cost, Palo Alto has a reputation for having powerful but expensive technology. What’s your opinion?

Compared to the level of protection we provide our customers, our technology isn’t that expensive. On the other hand, the cost also reflects all the innovation included in our solutions.

How do you see Palo Alto Networks’ major competitors, primarily Fortinet and CrowdStrike?

The cybersecurity market is fragmented, but we lead it. That said, we have to win every single day.

The current, highly turbulent geopolitical climate is having a significant impact on the cybersecurity field, as well as on customers’ IT purchasing decisions. Does being a US player in Europe affect Palo Alto? Are you seeing a shift among public sector clients toward more local options?

CISOs with high levels of responsibility know very well that a wealth of telemetry data is essential for effective protection, and that’s why we aren’t seeing a decrease in demand. That’s the primary reason. Furthermore, each region and country has its own legal frameworks and regulations, which we fully respect. In fact, we were among the first companies in the world to sign the European AI Act and ensured we also obtained the corresponding national certifications.

Our view on sovereignty is that we must find a balance between perfect sovereignty and zero sovereignty. When we talk about sovereignty, we can refer, for example, to hardware. Regarding this issue, we must accept the interdependence we have between different global markets; this happens, for example, in the field of chips. But if we talk about data sovereignty, this is something that can be easily achieved.

We implement the Bring Your Own Key (BYOK) policy for many clients to ensure that the telemetry data sent by their devices is encrypted and protected. We are not interested in accessing the personal data our clients handle; we only use telemetry, application identity, user, and device data. It was precisely thanks to this type of analysis that we were able to discover the attempted intrusion using SolarWinds, although, as it occurred years ago [2020], it was carried out using machine learning tools.

How is the current war in Iran affecting the threat landscape?

This has many implications. Our Unit42 team recently published a report outlining how the joint military offensive launched by the United States and Israel activated the Iranian-aligned cyber ecosystem, creating a scenario of digital confrontation that transcends the region and combines hacktivism, political messaging campaigns, and pressure on critical infrastructure.

In this regard, I want to bring up the issue of sovereignty again because what can a company do if its infrastructure is, for example, bombed? In other words, what does the concept of sovereignty mean in an emergency situation? We already have clients in the Middle East who are rethinking their sovereignty strategy because of this situation. Furthermore, as we saw earlier, we are talking about telemetry data, not other types of data. Ultimately, all of this shows that the concept of sovereignty is fluid.

Returning to Europe, in less than two months Palo Alto will be opening new offices in Spain and, in addition, a ‘hub’, correct?

Yes, we want to establish a center of excellence here. In Europe, in addition to Madrid, Palo Alto has large offices in London, Amsterdam, Paris, and Munich. From Madrid, Jordi Botifoll has been leading the business for 87 countries — not only in Southern Europe, but also in the Middle East, Africa, etc. — for the past three years.

And what are your expectations for the new center of excellence? Why have you chosen Spain?

Cybersecurity requires a lot of technological expertise, and Spain has very good engineers who can help our clients in case of emergency, both through our incident response unit, Unit 42, and through our partners, such as Telefónica Tech, Kyndryl, and Orange, because ours is a technology company, not a service company.

How many employees do they have in Spain, and what will the number of employees be at the new center?

I can’t break down local numbers, but overall, across the entire company, once the 4,000 CyberArk professionals are integrated, we’re already around 20,000 people worldwide. Our main development centers are in California and Israel, although we also have others in Poland and Lithuania.

Looking ahead, significant challenges in information security are coming with the arrival of the post-quantum era.

Yes, and we’re already preparing. We’ve launched Quantum Safe Security to help organizations get ready for the post-quantum era. Because the big question scientists and experts are asking now is when ‘Q Day’ will be, which might arrive sometime between 2029 and 2035. Furthermore, integrating CyberArk technology will help ensure that credentials used by machines cannot be compromised through quantum decryption.

The cybersecurity of the future must be real-time, highly automated, and simple for customers, or what we call modular ‘platformization.’

Finally, what would you say is the biggest challenge for CISOs today?

Shadow AI. We must prevent AI from suffering the same fate as other technologies in the past, creating what’s known as shadow IT. AI deployments must be accompanied by robust cybersecurity. And AI and identity management must go hand in hand. Another concern is the fragmentation of solutions. I was recently speaking with an executive at a large European bank who told me they have 60 different solutions; the gaps between these systems are a clear invitation to attack.