Notifications
Clear all
Topic starter
04/06/2026 2:58 pm
TL;DR: 31% revenue growth to $3.0 billion and 60% growth in Next-Generation Security ARR to $8.1 billion mark Palo Alto Networks’ fiscal Q3 2026 results, with identity security now part of a broader platformization and acquisition strategy, according to Palo Alto Networks. The governance question is no longer whether identity belongs in the security stack, but how practitioners preserve control clarity as capabilities expand across NHI, secrets, and agentic use cases.
NHIMG editorial — what this means for NHI practitioners
By the numbers:
- Total revenue for the fiscal third quarter 2026 grew 31% year over year to $3.0 billion.
- Next-Generation Security ARR for the fiscal third quarter 2026 grew 60% year over year to $8.1 billion.
- Trailing 12-month adjusted free cash flow margin of 38.5% was up 430 basis points year over year.
Questions worth separating out
Q: How should security teams evaluate identity controls inside a larger security platform?
A: Security teams should verify that identity controls remain independently enforceable after consolidation.
Q: Why do acquisition-led identity platforms create governance risk?
A: Acquisition-led platforms can inherit different data models, audit semantics, and policy assumptions.
Q: What breaks when AI workloads use NHI-style credentials without lifecycle control?
A: What breaks is reviewability and revocation.
Practitioner guidance
- Re-map identity ownership after platform consolidation List every identity capability in use, then assign a named control owner, a system of record, and a review cadence for each one.
- Test lifecycle consistency across acquired capabilities Check whether offboarding, rotation, entitlement changes, and audit logging behave the same way across newly combined modules.
- Re-evaluate NHI controls for AI-linked access paths Inventory service accounts, API keys, and delegated tokens used by AI workloads, then verify that each has a purpose, expiry, and revocation path.
What's in the full announcement
Palo Alto Networks' full report covers the financial and operational detail this post intentionally leaves for the source:
- Quarter-by-quarter revenue and ARR tables that show how the platform mix is changing
- Full balance sheet and cash flow detail for readers tracking acquisition-related integration costs
- Management commentary on AI, identity security, and observability expansion
- Forward-looking guidance tied to margin, ARR, and revenue expectations
👉 Read Palo Alto Networks' fiscal Q3 2026 results and identity security commentary →
Identity security consolidation and what it means for governance?
Explore further
04/06/2026 3:09 pm
Identity security platformisation changes the governance problem, not just the product mix. Once privileged access, secrets, and identity governance are bundled into a broader security platform, control ownership becomes harder to separate from platform dependency. The field risk is that practitioners assume integration equals coherence, when in practice policy enforcement and lifecycle discipline can become uneven across modules. The implication is that security teams must evaluate whether the platform preserves independent control integrity, not just whether it covers more categories.
A few things that frame the scale:
- From our research: 97% of NHIs carry excessive privileges, increasing unauthorised access and broadening the attack surface. That finding is covered in Ultimate Guide to NHIs.
- Only 20% have formal processes for offboarding and revoking API keys, and even fewer have procedures for rotating them, according to Ultimate Guide to NHIs.
A question worth separating out:
Q: How can IAM teams tell whether identity security coverage is real or just broader branding?
A: IAM teams should ask for evidence of enforcement, not just coverage language. A credible control leaves a trace in logs, rotation records, entitlement reviews, or revocation workflows. If those artifacts are missing or inconsistent, the platform may describe identity security without delivering operational governance.
👉 Read our full editorial: Identity security consolidation is reshaping enterprise governance
