Palo Alto Networks and CyberArk: what this means for identity security

TL;DR: Palo Alto Networks’ planned $25B acquisition of CyberArk signals that identity security has moved from a set of point controls into a platform category, while AI, machine identities, and lateral movement keep widening the attack surface, according to Silverfort. The practical shift is that IAM, PAM, NHI, and AI governance can no longer be treated as separate programmes with separate risk models.

NHIMG editorial — based on content published by Silverfort: Palo Alto Networks' planned acquisition of CyberArk and what it means for identity security

By the numbers:

• Palo Alto Networks announced its intention to acquire CyberArk for $25B.
• According to research from analyst Francis Odum, 93% of breaches are preventable through improved identity security controls.

Questions worth separating out

Q: How should security teams govern identity risk across humans, service accounts, and AI systems?

A: Teams should govern identity risk by separating lifecycle management from abuse prevention and by mapping controls to the actor type involved.

Q: Why do point solutions struggle to contain identity attacks?

A: Point solutions struggle because identity attacks rarely stay inside one control category.

Q: What breaks when AI agents are governed like machine identities?

A: What breaks is the assumption that the identity's behaviour is stable enough to be modelled at provisioning time.

Practitioner guidance

• Map identity controls by actor type Inventory where your current programme treats humans, service accounts, and AI agents with the same control design.
• Trace privileged pathways across silos Walk one real access path from authentication to elevation to lateral movement and record which product owns each step.
• Re-evaluate static credential dependence Review where service accounts, API keys, and tokens still provide persistent access to production systems.

What's in the full article

Silverfort's full blog covers the operational detail this post intentionally leaves for the source:

• How Silverfort positions identity security versus identity infrastructure across PAM, MFA, NHI, ITDR, and IGA.
• The vendor's own view on why AI-driven identity risk changes the market timing for platform consolidation.
• The article's internal argument for decoupling identity protection from traditional IAM silos.
• Context on how Silverfort frames the CyberArk acquisition as a category inflection point.

👉 Read Silverfort's analysis of the CyberArk acquisition and identity security shift →

Palo Alto Networks and CyberArk: what this means for identity security?

Explore further

View Full Forum →  |  NHI Foundation Course →