Palo Alto Networks CEO Warns of AI Agent Risks

On CNBC yesterday, Palo Alto Networks CEO Nikesh Arora issued one of the most direct warnings yet about the risks of enterprise AI agents. He noted that in the near future, “there’s gonna be more agents than humans running around trying to help you manage your enterprise.” If true, that represents not only an IT transformation, but a fundamental shift in the risk surface of every large organization.

Arora’s message was blunt: these agents will require privileged access to critical systems and infrastructure. Without guardrails, they could be hijacked for ransomware, systemic sabotage, or outright business disruption. His conclusion was equally stark: “The whole new art of securing these agents, this art of securing AI, is going to become the next bastion in cybersecurity.”

He is right about the urgency. What I would add is the broader Integrated Risk Management (IRM) perspective that ensures agent guardrails are tied to enterprise performance, resilience, assurance, and compliance.

What Arora Got Right

Arora placed identity at the center of the AI risk equation. Palo Alto’s planned $25 billion acquisition of CyberArk, one of the largest identity security firms, makes clear that identity is becoming the control plane for agent security. Agents, like people, will need unique identities, sponsors, and entitlements. Without that baseline, enterprises will have no way to contain rogue behavior or revoke privileges at speed.

The comparison to self-driving cars is instructive. Arora pointed to Waymo as an example of a functioning “agent” — one that decides when to accelerate, when to stop, and where to go. If that car is hijacked, the risks are immediate and catastrophic.

This is an analogy I have used in prior keynotes and webinars to describe the evolution of IRM technology:

• The car of yesterday was powered by spreadsheets, SharePoint, and legacy GRC platforms — basic vehicles for managing compliance, but slow and error-prone.

• The car of today is “driver-assist IRM,” smarter and more integrated, but still dependent on human steering.

• The car of tomorrow is the true autonomous vehicle: Autonomous IRM, where AI agents take action at both scale and speed, governed by IRM guardrails.

Arora is right to emphasize identity, policy, and containment as baseline requirements. My addition is that these must sit within an Integrated Risk Management model to ensure they are aligned with enterprise objectives .

Why IRM Matters Now

Three external dynamics make this integration urgent:

1. Regulation is accelerating. The EU AI Act is already phasing in obligations, with prohibitions and literacy requirements live in 2025, full obligations in 2026, and extensions into 2027. ISO/IEC 42001 establishes an auditable AI management system. NIST’s AI RMF provides a lifecycle structure for governance, mapping, measuring, and managing AI risk.

2. Consulting firms are moving first. KPMG, EY, and Deloitte have all announced multi-agent delivery platforms that embed agents directly into client operations. The pace of adoption will be driven as much by RMC firms as by technology vendors.

3. Breaches are reaching terminal velocity. Arora reminded CNBC that attack-to-exfiltration timelines have shrunk to just 25 minutes. This means controls cannot be bolted on after the fact. They must be integrated into the way agents are built, deployed, and monitored from the start.

The IRM Lens on Agent Security

Our IRM Navigator model offers a method to integrate AI agents into the business through four primary objectives and risk domains.

• Performance (ERM): Decide where autonomy creates measurable value — for example, accelerating supplier onboarding or automating evidence collection for audits. Tie these directly to enterprise risk appetite.

• Resilience (ORM): Build fail-safes into processes. Define escalation triggers, degraded modes, and human override criteria.

• Assurance (TRM): Treat agents as managed assets, instrumented for monitoring and revocation. Integrate telemetry into XDR and SOC workflows.

• Compliance (GRC): Translate ISO 42001 and NIST AI RMF into enforceable policies and auditable evidence. Align EU AI Act obligations by system class.

This framing turns Arora’s “guardrails” into a full-spectrum management model.

What Leaders Should Do in the Next 90 Days

1. Stand up an AI Council under the ERM program to set autonomy tolerance, approve use cases, and establish board-level metrics.

2. Define an EU AI Act posture, classifying systems and suppliers for 2025–2027 obligations.

3. Build an agent registry with sponsors, entitlements, and kill switches.

4. Scope ISO/IEC 42001 for two to three pilot use cases.

5. Choose delivery partners carefully, ensuring that multi-agent platforms from consulting firms map into your IRM model — not the other way around.

Bottom Line

Nikesh Arora is right: securing AI agents is the next frontier in cybersecurity. The addition I bring to the conversation is that IRM provides the enterprise-wide integration needed to make those security guardrails effective at scale. The future belongs to those who treat AI agent security as an integrated management challenge. Cybersecurity vendors can supply the guardrails. IRM ensures they align with performance, resilience, assurance, and compliance.

References

CNBC, Palo Alto Networks CEO: Earnings show fundamental market shift, August 19, 2025. Video link.

EU AI Act implementation timeline. European Commission.

ISO/IEC 42001 overview. ISO.

NIST AI Risk Management Framework. NIST.

Wheelhouse Advisors, IRM Navigator™ Research.