Palo Alto Networks Targets AI Identity Risks with Idira

Palo Alto Networks is expanding its identity security business with the launch of Idira, a platform designed to secure human users, machine identities, and autonomous AI agents as enterprises face growing identity-related cyber risk. 

The company also named Oracle veteran Sonny Singh to lead the business, signaling a broader push around identity security for AI-driven environments.

AI adoption expands the identity attack surface

The launch comes as businesses rapidly adopt AI systems that can access data, applications, and infrastructure independently. Palo Alto Networks said this shift has expanded the identity attack surface, with machine and AI identities now outnumbering human users by 109 to 1.

According to the company, nine out of 10 organizations experienced an identity-related breach over the past year.

“Identity has become the new battleground of the AI enterprise,” said Peretz Regev, chief product and technology officer for Idira at Palo Alto Networks. “With adversaries now logging in rather than breaking in, every identity has become a target.” 

Regev added that Idira moves beyond traditional privileged access management, or PAM, by combining machine identity security with broader governance controls for AI-driven environments.

Identity sprawl creates new opportunities for channel partners

For MSPs, MSSPs, and other channel partners, Idira points to a growing services opportunity around identity governance, privileged access modernization, and AI agent risk management. 

As customers adopt more autonomous tools and machine identities, partners will need to help assess excessive permissions, enforce zero standing privilege, and integrate identity controls across cloud, security, and AI environments.

This provides new demand for existing security services, many of which have historically included some aspect of identity management, and also provides another reason for partners to bolster their security practices towards governance and next-generation tooling.

Palo Alto refreshed its NetWave Partner Program in February 2026 to reward platform adoption and improve margins in what the company called an effort to accelerate AI-driven security services.

“For our partners, this shift to ‘Platformization’ is a massive business opportunity. It allows them to move from being ‘product resellers’ to ‘transformation architects,’” Michael Khoury, VP of global ecosystem programs, told Channel Insider at the time.

“By leveraging our AI-driven SOC and autonomous remediation, they can help customers secure their entire footprint in real time, while significantly lowering the cost and complexity of operations,” he continued.

Watch: Delta Bear CEO Daniel Elliot thinks deepfake threats are another top identity risk that MSPs need to focus on.

Palo Alto Networks names Sonny Singh to lead identity business

The Idira launch news also came with the announcement that Palo Alto Networks has hired industry veteran Sonny Singh as the leader of its identity business.

Singh most recently served as Executive Vice President and General Manager of Oracle’s Financial Services Global Business Unit, where he headed one of the world’s largest financial technology providers.

The company said in announcement materials that Singh’s three decades of experience at Oracle give him the operational expertise needed to accelerate Palo Alto Networks’ platformization strategy.

Unit 42 research highlights AI agent security risks

The launch of Idira comes at a critical time, as recent research from Palo Alto Networks’ Unit 42 team shows how easily these new AI tools can be weaponized. Their report on “Double Agents” warns that AI agents, designed to be helpful, can be secretly turned against their owners.

Researchers found that a single misconfigured agent in a platform like Google Cloud’s Vertex AI could allow an attacker to exfiltrate data and create backdoors into critical systems. 

By exploiting default permissions, the team gained privileged access to restricted source code and internal Google infrastructure.

One of the biggest red flags in the research involved “excessive permissions” granted to service agents by default. In one test, a malicious agent broke isolation and gained “unrestricted read access” to all storage buckets within a project. This effectively turned a productivity tool into an “insider threat”. 

Idira targets zero standing privilege and automated governance

Idira is designed to close these specific gaps by moving away from static vaults and toward dynamic, AI-driven controls. The platform aims to democratize security by applying the same strict standards to every identity, whether it’s a human employee, a machine, or an AI agent.

The platform focuses on three main goals: using AI to constantly hunt for identity risks, moving to “zero standing privilege” so no one has access to what they aren’t actively using, and automating the entire governance lifecycle. 

For existing CyberArk customers, the transition is designed to be seamless, offering immediate upgrades to how they discover and manage these increasingly complex identities.

Industry experts say this shift is long overdue. Will Townsend, Chief Analyst at LoneStar Advisory & Research, noted that the old way of doing things is dead: “Over the past two decades, privileged access management was a vault problem. It is not anymore. The enterprise has become a sprawling mesh of human, machine, and agentic identities. To comprehend this complexity, identity must move from a checkpoint to an operating model.”