Notifications
Clear all
Topic starter
24/06/2026 6:56 pm
TL;DR: Palo Alto Networks is folding Portkey’s AI gateway into Prisma AIRS to unify governance for autonomous AI agents, a move that signals AI access control is becoming a platform concern rather than a point capability, according to Palo Alto Networks. The practical question is no longer whether to govern agents, but which identity controls must stretch across agent runtime, tools, and delegated access.
NHIMG editorial — what this means for AI and NHI governance
Questions worth separating out
Q: How should security teams govern AI agents that can use multiple tools at runtime?
A: Security teams should treat the agent as a governed identity, not just a workload.
Q: Why do autonomous AI agents create a different IAM problem from ordinary automation?
A: Ordinary automation follows predefined workflows, so access can be reviewed against a fixed script.
Q: What do organisations get wrong about gateway-based AI agent controls?
A: They often assume a gateway solves governance by itself.
Practitioner guidance
- Define the agent identity boundary Document which runtime identities are used by autonomous agents, which systems they can reach, and which approvals are required before those identities can act across tools.
- Separate policy enforcement from credential issuance Ensure that access decisions, token brokerage, and logging are not collapsed into one opaque layer, so you can narrow scope without losing traceability.
- Review downstream entitlements by tool path Map the exact APIs, SaaS apps, and internal services each agent can invoke, then remove any standing access that is not required for a single task path.
What's in the full announcement
Protect AI's full article covers the operational detail this post intentionally leaves for the source:
- The acquisition context and how Portkey's gateway functionality is being integrated into Prisma AIRS for platform-level control.
- The vendor's own description of what a unified AI gateway is expected to operationalise across autonomous agents.
- The surrounding product and platform framing that implementation teams may need before mapping requirements into their own environment.
- The broader announcement context that helps teams understand how the control plane is being positioned in the market.
👉 Read Protect AI's analysis of Palo Alto Networks acquiring Portkey for AI agent governance →
Portkey and Prisma AIRS: what the acquisition means for teams?
Explore further
25/06/2026 3:58 am
Platform consolidation is turning AI agent governance into an identity architecture decision. When gateway controls are folded into broader security platforms, practitioners should assume the market is moving toward unified policy planes rather than standalone agent tools. That shifts evaluation from feature comparison to control placement, audit durability, and whether policy decisions are enforceable across identity domains. The practical conclusion is that agent governance now belongs in the core identity architecture conversation.
A few things that frame the scale:
- 70% of organisations grant AI systems more access than they would give a human employee performing the exact same job, according to The 2026 Infrastructure Identity Survey.
- 52% of respondents see AI security decision-making power shifting toward platform and infrastructure teams rather than the executive suite, according to The 2026 Infrastructure Identity Survey.
A question worth separating out:
Q: Who should be accountable when an AI agent makes an unauthorised decision?
A: Accountability should sit with the business owner of the workflow and the technical owner of the identity controls, not with the agent itself. The organisation needs a clear model for who approves scope, who reviews logs, and who can suspend access when the agent’s behaviour drifts beyond intent.
👉 Read our full editorial: Palo Alto Networks acquires Portkey for AI agent governance
