Santa Clara, California.
Sunday, June 1st, 2026, came with a strict federal deadline. CISA required every federal civilian executive branch agency to fix CVE-2026-0257, an authentication bypass flaw in Palo Alto Networks’ PAN-OS GlobalProtect, by today. It’s striking that in the same week, Palo Alto closed its Portkey acquisition; the company also had to release emergency patches for the exact technology meant to keep attackers out. This link between traditional defense, network defense, and new AI governance is no accident. It explains why Palo Alto Portkey buy happened when it did, and why this urgent cyber deadline now represents much more than just one CVE.
A Flaw in the Wall and a Move Beyond It.
CVE-2026-0257 is already being exploited, with attackers using available tools and scanning for unpatched GlobalProtect gateways. There have been two main attack waves: one started on May 18th from Vultr-hosted servers, and another was found on May 21 from Dromatics systems. Both used fake authentication cookies to create unauthorized VPN tunnels into company networks.
For the past 20 years, this has been the main threat to enterprise security. Attackers find a weakness at the edge, forge credentials, and gain access. The cycle of patching and wishing for the best is tiring, costly, and, as we see this week, frequently rushed to meet government deadlines.
In 2026, CIS says the average time to fix vulnerabilities in the KEV catalog is now just 14.4 days, down from 19.7 days last year. This shows the agency is speeding up remediation timelines. For IT teams already busy with AI projects, cloud moves, and limited staff, these shorter deadlines feel very real. It’s as if facing a fire drill every few weeks.
The AI Gateway as the New Perimeter
The bigger story behind Palo Alto’s PortKey buy is what it shows about how threats have changed. Fixing a VPN gateway is still important, but the fastest-growing attack methods today don’t rely on stolen passwords. Instead, they involve autonomous AI agents making thousands of API calls per minute, pulling data from internal systems, sending outputs to external models, and running up token costs that no one approved.
When companies shift from basic chatbots to autonomous AI agents that can act independently, they face a trust gap. Allowing AI to perform tasks independently introduces new risks, such as unauthorized operations, data leaks, and unexpected costs. If a malicious agent has privileged API access, it doesn’t need to break through your VPN. It’s already inside.
These agents act like highly privileged insiders, making many autonomous decisions across internal and external systems. This has widened the security gap in enterprises. The AI gateway is meant to close that gap, which is why Prisma AIRS is now central to Palo Alto’s product strategy.
What Plasma AIRS Gets from PortKey
Palo Alto Networks closed the Portkey acquisition on May 29, 2026, establishing the AI gateway as a mission-critical autonomous control plane for the enterprise.
The Technical Architecture
Portkey delivers a centralized, autonomous control plane to manage and protect autonomous AI agents that already process millions of tokens per month, with the low latency required for agent-to-agent communication. That scale matters. A security control that introduces meaningful latency into an agentic workflow does not get adopted. Developers route around it. Portkey’s architecture was purpose-built to operate at production speed, which is why it attracted Palo Alto’s attention rather than an in-house build.
Here’s how the Palo Alto Networks Portkey Prisma AIRS gateway setup works: Portkey sits between every AI call and the models or tools being used. It inspects traffic in real time, enforces governance rules, routes requests to the best model for each task, and tracks token use against set budgets. This setup builds AI security directly into operators, making Portkey the core AI gateway for Prisma AIRS. It checks all AI traffic in real time to help spot and stop new agent-based threats before they affect the builders.
CISA Patch Compliance Meets AI Governance
The fact that the acquisition closure and today’s CISA patch compliance deadline are not a marketing coincidence. It crystallizes the two-front war that enterprise security teams are now fighting simultaneously. On one front, legacy authentication systems in PAN OS Global Protect are under attack from exploit kits. On the other hand, AI agents are spreading through company systems faster than governance can keep up.
CISS’s KEV catalog is not just another vulnerability feed. It is the federal government’s shortlist of bugs that have crossed the line from theoretical risk into observed abuse, and under binding operational directive 22-01, federal civilian executive branch agencies must remediate listed vulnerabilities by the due date. Private companies are not legally bound, but the reputational and liability map after an incident makes non-compliance extraordinarily difficult to defend.
The same thinking now applies to AI traffic. If a company uses autonomous agents without an AI gateway to monitor them, it’s like running a part of the network without authentication. Any compromised model, a bad prompt, or an incorrect API key can be used by attackers without barriers.
What This Means for Business Security Teams.
Imagine a mid-sized financial services company using a procurement automation agent that connects to three outside LLM providers and a dozen internal data sources without the Palo Alto Networks Portkey Prisma AIRS gateway setup. That agent operates on trust. It calls APIs, reads documents, writes outputs, and sends requests, all without the security team seeing what’s happening. A single prompt injection in a vendor document could cause the agent to send sensitive contract data to an attacker’s server. No VPN bypass or phishing email is needed.
Through integrating Portkey into Prisma Airs, organizations gain visibility into all agentic traffic and the ability to control and protect against agentic threats, according to Lee Klarich, Palo Alto Networks’ chief product and technology officer.
For IT managers who are both rushing to patch these leaks’ CVEs and answering questions about which AI agents are safe to use, this combined capability is the main benefit. A single platform that covers both the network edge and the AI layer.
The Platformization Argument Made In Real Time.
Palo Alto’s chief product and technology officer described the company’s strategy as a platform that stays on the cutting edge through a deliberate combination of organic innovation and tactical acquisitions. The goal is to stop companies from having to choose between assembling many separate products or waiting for old platforms to catch up.
The Palo Alto Portkey acquisition puts this strategy into action. Instead of making a CISO find a separate AI gateway vendor, connect it to their SIEM, sign another contract, and train a new team, Palo Alto is building all these features into Prisma AIRS, the same platform already used for network security.
This week’s urgent cyber deadline is a wake-up call. It shows security leaders that the time between starting a fix and attackers getting in is now measured in days, not months. The same short timeline now applies to AI governance. Companies that see autonomous agents as someone else’s problem, whether developers, legal, or the future, are creating new vulnerabilities that don’t even need a CVE number to be exploited.
The network’s perimeter still exists, but it now includes a new layer measured in tokens per second instead of packets. Palo Alto Networks is betting that whoever can secure both layers will shape enterprise cybersecurity for the next ten years.
