Palo Alto Networks launches Unit 42 Managed XSIAM 2.0 SOC to combat AI-driven attacks

Headline: Palo Alto rolls out managed SOC to match AI-accelerated attack pace

Introduction — Closing the gap between attack and response

Palo Alto Networks is pushing to close a widening gap between attacker velocity and enterprise response capabilities as adversaries increasingly use AI and automation. The company launches Unit 42 Managed XSIAM 2.0 (MSIAM 2.0), a 24/7 managed security operations centre (SOC) service built on its Cortex XSIAM platform, that combines continuous expert hunting with an industry‑leading Breach Response Guarantee of 250 hours of incident response. Palo Alto frames the service as an answer to attacks that are shrinking the window for detection and containment to minutes rather than days.

MSIAM 2.0 aims to outpace AI-driven intrusions

MSIAM 2.0 provides organisations with immediate SOC maturity by owning engineering, threat hunting and continuous optimisation so customers have a global, best‑in‑class SOC on day one. The service integrates third‑party endpoint detection and response (EDR) and existing SOC tooling to avoid disruptive migrations, while offering a clear path to consolidate on Cortex XDR over time. Palo Alto stresses measured outcomes over alert volume and takes full accountability for the threat lifecycle, aiming to reduce dwell time and operational burden on in‑house teams.

Karim Temsamani, president of Next Generation Security at Palo Alto Networks, says the offering fuses AI‑driven automation with seasoned human hunters to deliver both speed and judgement. The company presents MSIAM 2.0 as a direct response to a talent shortage in security operations, extending customers’ teams with Unit 42 expertise and guaranteeing a defined incident response commitment to limit recovery impact and maintain operational continuity.

Additional developments — agentic endpoints and acquisition of Koi

Palo Alto also signs a definitive agreement to acquire Koi, a specialist in “Agentic Endpoint Security,” to plug a newly exposed risk posed by autonomous AI agents. The company says agent frameworks, plugins and model artifacts can act as “ultimate insiders” with broad permissions, bypassing traditional file‑based defenses. Koi’s capabilities will be integrated into Prisma AIRS and augment Cortex XDR to surface agent identities, actions and permissions, enforce least privilege and restore centralized oversight across distributed automation.

Unit 42’s 2026 Global Incident Response Report underpins the product push, analysing more than 750 incidents and finding attackers use AI and automation to accelerate breaches — with the fastest cases compressing initial access to data exfiltration to about 72 minutes, a fourfold year‑over‑year increase. The report highlights identity as a dominant vector, with credential misuse and social engineering driving initial access, and urges defenders to reduce complexity, eliminate implicit trust and equip SOCs with AI and automation to operate at machine speed.