Artificial Intelligence & Machine Learning
,
Next-Generation Technologies & Secure Development
Largest Palo Alto Purchase Since 2020 Would Aid AI Model Security and Governance
The pace of acquisitions from Palo Alto Networks has slowed from a flood to a trickle after the company staked out leading positions in security operations and cloud security.
See Also: Future-Proof Your Business: A Comprehensive Guide to Application Modernization and Development for Public and Private Sectors
The Silicon Valley-based platform security giant hasn’t bought a startup since December 2023, when it entered the data security posture management and enterprise browser markets through the purchase of Dig and Talon for $255.4 and $458.6 million respectively. Palo Alto Networks in August 2024 took the unusual step of buying IBM’s QRadar SaaS business for $1.14 billion and transitioning those customers over to XSIAM.
Now, Palo Alto Networks is eyeing its largest startup deal since December 2020, when the firm bought attack surface management provider Expanse for $797.2 million. This time around, Globes reported the target is Protect AI, a Seattle-based startup that offers AI scanning, large language model security and generative AI red teaming. Palo Alto Networks is prepared to pay between $650 million and $700 million for Protect AI, Globes said.
Palo Alto Networks and Protect AI declined Information Security Media Group requests for comment. Protect AI, founded in 2022, employs 110 people – up from 42 workers a year ago – and has raised $108.5 million in outside funding, having most recently completed a $60 million Series B funding round in August led by Evolution Equity Partners (see: Protect AI Raises $35M to Guard ML From Supply Chain Threats).
What Sets Protect AI’s Approach to AI Security Apart
The company has been led since its inception by Ian Swanson, who spent 18 months leading go-to-market activities for AWS’ artificial intelligence and machine learning teams and 15 months overseeing Oracle’s AI and ML product offerings. Protect AI has made multiple acquisitions in its short history, buying Gen AI attack simulation firm SydeLabs in July 2024 and certified naming authority Huntr in August 2023.
Swanson told ISMG in July 2023 that the company planned to expand its AI Radar tool, research unique threats in the AI and ML landscape and further its work on open source initiatives. Specifically, he said the company wanted to encapsulate more components across data, infrastructure, code and model artifacts, so clients can write policies to check for critical vulnerabilities in open source packages.
Meanwhile, Swanson told ISMG in 2023 that Protect AI’s buy of Huntr will help customers discover exploits in the artificial intelligence or machine learning supply chain before they’re publicly revealed. As part of Protect AI, Swanson said Huntr’s bug bounty program focuses exclusively on vulnerabilities in artificial intelligence and machine learning packages, libraries, frameworks and foundation models.
The security for AI vendor landscape is in its infancy, with dozens of vendors addressing everything from governance to model security to runtime protection. Plus, more than a dozen vendors are securing the underlying infrastructure and data Gen AI and LLMs rely on. The largest AI security deal was Cisco’s acquisition of Robust Intelligence for a reported $400 million to boost the security of AI apps and infrastructure.
How Protect AI Fits Within the AI Security Landscape
In addition to Cisco and Palo Alto Networks, the Gen AI security market landscape includes established vendors such as Amazon Web Services, Fortinet, Zscaler, Netskope and Wiz, which is under agreement to be acquired by Google for $32 billion. Aside from Protect AI, notable pure-play AI security vendors include Lakera and HiddenLayer, which was named the most innovative startup at the 2023 RSA Conference.
Protect AI will join Palo Alto Networks’ existing AI security bets, which include an AI Access Security tool that classifies and prioritizes Gen AI apps to assess risk, detect anomalies and visualize insights. And the firm’s DSPM and AI-SPM tools offer visibility into the Gen AI ecosystem, spotting LLM flaws, prioritizing misconfiguration risks, reducing the risk of data exposure and surfacing compliance violations.
Palo Alto Networks’ cloud-native application protection platform also secures multi and hybrid-cloud environments for applications, data, Gen AI ecosystems and the entire cloud-native technology stack across the full development life cycle, from code to cloud. Protect AI’s focus on governance fits in with what Palo Alto Networks already does around AI access, runtime, inline and posture management.
Protect AI might end up being the second acquisition in the nascent AI security market, but it certainly won’t be the last. Expect lots of consolidation as the wheat separates from the chaff and platform players face increased pressure to broaden and deepen their AI security stack.