Prisma SASE 4.0: Powering the AI-Ready Enterprise

Sep 04, 2025
6 minutes

The enterprise landscape has transformed. Work happens anywhere, on managed and unmanaged devices, across SaaS apps, AI tools, cloud environments and networks. The traditional perimeter has dissolved, while adversaries armed with AI now launch faster, more sophisticated attacks that can bypass proxies and WAFs. They hide in encrypted traffic, assemble malware directly in the browser and exploit DNS at scale. At the same time, sensitive data flows across countless channels (structured and unstructured), documents, source code and AI-generated content. Traditional security struggles to keep up, while fragmented point tools slow users and create risky workarounds.

Prisma® SASE 4.0 is engineered for this new era. It enables organizations to outpace AI-driven threats, safeguard data wherever it resides or travels, and simplify operations with intelligence and scale, all while delivering frictionless user experiences.

This release introduces innovations across three critical areas:

  • AI-Powered Threat Protection – Detects and stops modern, AI-driven attacks that traditional SWGs miss, protecting users, applications and networks anywhere.
  • Data Security Without Friction – Protect sensitive information across AI agents, copilots, apps and diverse data flows with precision, without slowing productivity.
  • Unified, Intelligent Operations – Simplify how enterprises secure and scale their environments through autonomous operation and AI-assisted management.

Fight AI with AI Security

Attackers now operate at AI scale, overwhelming traditional secure web gateways that were never designed to handle today’s tactics. 95% of organizations report browser-originated incidents that bypass network controls, highlighting how attackers assemble malware postload, exploit interactive sessions and weaponize DNS.

Prisma SASE 4.0 brings security directly into the user’s experience to stop these threats where they emerge. Advanced Web Protection in the Prisma Access Browser inspects fully rendered webpages in real time, catching threats that only trigger after page load or user interaction, without requiring transport-layer decryption. Postload attacks and malware assembled in the browser are stopped before they can execute or spread. At the same time, integrated enterprise password management extends identity security and SSO controls to every app while zero-trust policies ensure consistent protection across managed, unmanaged and BYOD devices.

Private Application Security goes further by consolidating web application firewall layers and automatically generating application fingerprints. This allows enterprises to detect anomalies and block botnets, API abuse and Day-0 exploits without relying on constant manual updates. Applications remain protected as they evolve.

DNS, which is often overlooked, is also secured at scale. The Advanced DNS Resolver (ADNSR) delivers globally distributed, low-latency resolution enhanced with Precision AI® powered protections. Customers can simply point DNS traffic to the resolver for baseline protection without requiring a full tunnel. And if a tunnel fails, the Prisma Access agent automatically connects to ADNSR to maintain continuous defense. ADNSR inspects every DNS request and response in real-time, covering 2x more DNS threats than the closest competitor, while maintaining centralized visibility and enforcement through Strata Cloud Manager.

Data Security Without Friction

AI agents, copilots and plugins now connect directly to corporate data, accelerating productivity but also expanding risk. Moreover, traditional DLP approaches, designed for structured files and keyword-based rules, cannot keep pace with unstructured content, such as images, source code or AI-generated text, often creating blind spots and floods of false positives.

Prisma SASE 4.0 secures this new frontier with the industry’s first SASE platform that includes dedicated SaaS Security Posture Management (SSPM) delivering continuous, real-time visibility into the behavior of SaaS-based AI agents, copilots and plugins. It continuously discovers and monitors SaaS-based AI agents, giving administrators visibility into which agents are accessing sensitive data, how they are being used and where risks emerge. It provides guardrails to limit excessive agency, govern user interactions and block unauthorized access, ensuring organizations can adopt AI responsibly without stalling innovation.

Unified data security policies extend across structured records, unstructured communications and documents, images and even AI outputs. AI-augmented classification identifies sensitive data automatically with unprecedented precision, achieving 10X fewer false positives compared to traditional regex-based data classification. The system also leverages over 140 pretrained ML classifiers and customer-trainable models for documents and images, enabling protection for sensitive assets, such as patents, contracts and source code. Protection follows data all the way to the last mile, securing data in-use like clipboard activity, printing and screenshots. It’s granularity that network-only inspections or APIs cannot provide.

Prisma SASE also equips enterprises to manage the explosion of GenAI apps with enterprise-grade visibility and control. Over 5,000 AI apps can be discovered with just-in-time access policies, real-time user coaching and AI-assisted approvals directly in the browser. These capabilities balance productivity with governance, enabling organizations to embrace AI while staying secure and compliant.

Unified, Intelligent Operations

Enterprises operate across hybrid infrastructures, multicloud environments and distributed teams. Managing performance and security across these domains with siloed tools is both costly and complex. Prisma SASE 4.0 unifies networking, security and operations in a single cloud-delivered architecture, simplifying how enterprises scale and protect their environments.

Autonomous AI agents in Prisma SASE’s central Strata Cloud Manager console accelerate deployment, automate troubleshooting and optimize performance, empowering teams to work with less effort and greater confidence while delivering exceptional digital experiences wherever users connect. Strata Cloud Manager powers this operational model with autonomous AI capabilities. This intelligent SASE assistant leverages documentation, telemetry and playbooks to diagnose and remediate issues automatically, while AI Canvas transforms raw telemetry into actionable insights on-demand through natural language queries.

Experience is also safeguarded through Autonomous Digital Experience Management (ADEM), which provides hop-by-hop visibility into the performance of SaaS and private applications across both underlay and overlay paths. Even at branches using non–Palo Alto Networks SD-WAN, ADEM delivers continuous monitoring of WAN, tunnel and application health. It is now also available natively for standalone Prisma SD-WAN deployments, expanding coverage without complexity.

Finally, Prisma SASE extends resilience to the edge of enterprise networks with Private Locations. By enabling on-premises NGFWs to act as local enforcement points, organizations can reduce latency for critical resources and maintain consistent policies across campus, branch and cloud environments.

A Vision for the AI-Ready Enterprise

Prisma SASE 4.0 is more than a platform. It is a blueprint for the AI-ready enterprise, providing protection against AI-powered threats, data security that adapts to the way information flows today, and unified operations that scale intelligently. With one platform and one console, organizations can deliver AI-powered security anywhere work happens, accelerating innovation while staying secure.

One Platform. One Console. AI-Powered Security Anywhere Work Happens.

Learn more about the latest advancements to Prisma SASE by registering for our virtual event Ignite: What’s Next.


Subscribe to the Blog!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.