* [Blog](https://origin-researchcenter.paloaltonetworks.com/blog) * [Cloud Security](https://origin-researchcenter.paloaltonetworks.com/blog/cloud-security/) * [Artificial Intelligence](https://origin-researchcenter.paloaltonetworks.com/blog/cloud-security/category/artificial-intelligence/) * CSPM Practitioners: Use A... # CSPM Practitioners: Use AI To Your Advantage [](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Forigin-researchcenter.paloaltonetworks.com%2Fblog%2Fcloud-security%2Fai-copilot-cspm%2F) [](https://twitter.com/share?text=CSPM+Practitioners%3A+Use+AI+To+Your+Advantage&url=https%3A%2F%2Forigin-researchcenter.paloaltonetworks.com%2Fblog%2Fcloud-security%2Fai-copilot-cspm%2F) [](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Forigin-researchcenter.paloaltonetworks.com%2Fblog%2Fcloud-security%2Fai-copilot-cspm%2F&title=CSPM+Practitioners%3A+Use+AI+To+Your+Advantage&summary=&source=) [](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://origin-researchcenter.paloaltonetworks.com/blog/cloud-security/ai-copilot-cspm/&ts=markdown) \[\](mailto:?subject=CSPM Practitioners: Use AI To Your Advantage) Link copied By [Jason Williams](https://www.paloaltonetworks.com/blog/author/jason-williams/?ts=markdown "Posts by Jason Williams") Jun 21, 2024 4 minutes [Artificial Intelligence](https://www.paloaltonetworks.com/blog/cloud-security/category/artificial-intelligence/?ts=markdown) [Cloud Posture Security](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-security-posture-management/?ts=markdown) [Precision AI](https://www.paloaltonetworks.com/blog/category/precision-ai/?ts=markdown) [AI Copilot](https://www.paloaltonetworks.com/blog/tag/ai-copilot/?ts=markdown) For more than seven years now, [cloud security posture management (CSPM)](https://www.paloaltonetworks.com/cyberpedia/what-is-cloud-security-posture-management) tools have provided cloud asset visibility, detected risky misconfigurations and monitored compliance posture for organizations. The emergence of [cloud-native application protection platform (CNAPP)](https://www.paloaltonetworks.com/cyberpedia/what-is-a-cloud-native-application-protection-platform) solutions has transformed modern CSPM, shifting its focus from detecting misconfigurations to managing all cloud infrastructure risks --- vulnerabilities, public exposures, excessive privileges and more. Organizations have stayed ahead of adversaries through security modernization. Still, attackers will never stop innovating. According to [The State of Cloud-Native Security Report 2024](https://www.paloaltonetworks.com/state-of-cloud-native-security), 38% of cloud security professionals consider AI-powered attacks a top concern. With adversaries using [artificial intelligence](https://www.paloaltonetworks.com/cyberpedia/artificial-intelligence-ai) to deliver higher volume and more sophisticated attacks, it's become more important than ever to rapidly close out risk gaps. CSPM (and CNAPP) providers must equip organizations with AI-powered defenses. Here's how adopters should use these tools to their advantage. ## Where Is My Top Risk? Ask, Don't Search When newsworthy vulnerabilities emerge, security teams struggle to identify, prioritize and remediate the impacted machines. An alarming truth is that attackers can scan the internet for exposed vulnerabilities in minutes, but organizations take [more than three weeks](https://www.paloaltonetworks.com/resources/research/2023-unit-42-attack-surface-threat-report) on average to remediate a critical exposure. What's also concerning is that between January 1, 2024, and today, [more than 1,600 critical vulnerabilities](https://www.cvedetails.com/vulnerability-list/year-2024/vulnerabilities.html?page=1&cvssscoremin=9&order=5&trc=1598&sha=eaa86b051598802184674c385628e0693a84b161) have emerged, averaging over 9 per day. Using AI, security teams should be able to ask simple questions to overcome challenges. *What are my top risks? Am I vulnerable to* [*XZ Utils*](https://www.paloaltonetworks.com/blog/prisma-cloud/find-fix-zero-day-cves/)*?* When pressing zero-day vulnerabilities arise, such as log4j or XZ Utils, having a copilot should go beyond identifying where CVEs exist. They need to answer real questions. * Where do I have this vulnerability publicly exposed? * Where did the vulnerability come from? (from cloud all the way down to the source code) * How can I remediate the issue at the source? ![Copilot illustrating XZ Utils impact and tracing vulnerabilities from code to cloud](https://www.paloaltonetworks.com/blog/wp-content/uploads/2024/06/figure-1-prisma-cloud-copilot-shows-the-code-to-c.jpeg) Figure 1: Copilot illustrating XZ Utils impact and tracing vulnerabilities from code to cloud ## Uncover Highly Complex Attack Paths CSPM not only identifies a broad set of risk signals but also correlates data points to pinpoint related misconfigurations and vulnerabilities that increase the chances of an attack. Modern CSPM approaches accomplish this through policies that flag various combinations of risk signals. AI-powered security continuously analyzes your cloud stack, precisely connecting insights from across your environment. Additionally, use [AI](https://www.paloaltonetworks.com/cyberpedia/artificial-intelligence-ai) to gain context, such as why the risk is critical and how an attacker could exploit the pathway. Spotting open entry points for attackers is just the beginning of triaging attack paths. Security teams should understand the impact of potential attacks and all possible lateral movement pathways to their crown jewels. With [AI-assisted technology](https://www.paloaltonetworks.com/cyberpedia/role-of-artificial-intelligence-ai-in-security-automation), organizations can model the possible pathways an adversary could take from the initial asset and understand how a potential attack could spread before a breach even occurs. ![Graph model of an attack path plus AI-generated summary](https://www.paloaltonetworks.com/blog/wp-content/uploads/2024/06/word-image-323621-2.png) Figure 2: Graph model of an attack path plus AI-generated summary ## Increase Remediation Efficiency Once security teams discover issues, the remediation steps can take weeks or months to complete. With AI, organizations should have autogenerated analysis, detailing remediation recommendations and the best action to take --- whether it's opening a ticket or applying automated remediation. A Code to Cloud™ platform can perform a root causes analysis on cloud risks. It can, for example, trace a cloud misconfiguration back to the [infrastructure-as-code](https://www.paloaltonetworks.com/cyberpedia/what-is-iac) template that caused it. With AI, security teams should get the optimal remediation workflow for addressing cloud misconfigurations and vulnerabilities, such as correcting an IaC template or opening a pull request with the responsible developers. ## How Prisma Cloud Can Help [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud), the Code to Cloud platform secures applications across the full lifecycle. The platform offers the Prisma Cloud Copilot, designed with [Precision AI](https://www.paloaltonetworks.com/cyberpedia/what-is-precision-ai), helping organizations know exactly what risks to focus on and which actions to take, simply by having a conversation. **Rapidly prioritize with AI:** For every threat, quickly understanding what's reachable and how best to fix it is paramount. Prisma Cloud employs AI-powered risk prioritization to analyze the blast radius from at-risk assets, enabling your teams to uncover complex risks with ease. **Don't just ask. Act:** Eliminate the need for specialized expertise. Simply have a conversation and get the answers you need, fast. Prisma Cloud Copilot analyzes vast amounts of data from code to cloud to help you fix faster and prevent breaches --- all with a single click. ## Learn More Want to learn more about what Prisma Cloud can do? [Book a personalized demo](https://www.paloaltonetworks.com/prisma/cloud/request-a-prisma-cloud-demo) or donwload our latest e-book, [Defending Your AI Future with Prisma Cloud.](https://www.paloaltonetworks.com/resources/ebooks/defending-your-ai-future-with-prisma-cloud) *** ** * ** *** ## Related Blogs ### [Precision AI](https://www.paloaltonetworks.com/blog/category/precision-ai/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown) [#### Eliminate Blind Spots in Encrypted Traffic to Outsmart Hidden Threats](https://origin-researchcenter.paloaltonetworks.com/blog/network-security/eliminate-blind-spots-in-encrypted-traffic-to-outsmart-hidden-threats/) ### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Data Security](https://www.paloaltonetworks.com/blog/network-security/category/data-security/?ts=markdown), [Precision AI](https://www.paloaltonetworks.com/blog/category/precision-ai/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown) [#### Redefining DNS Protection](https://origin-researchcenter.paloaltonetworks.com/blog/2025/07/redefining-dns-protection/) ### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Cloud ASM](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-asm/?ts=markdown), [Cloud Posture Security](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-security-posture-management/?ts=markdown), [CNAPP](https://www.paloaltonetworks.com/blog/cloud-security/category/cnapp/?ts=markdown), [CSPM](https://www.paloaltonetworks.com/blog/cloud-security/category/cspm/?ts=markdown) [#### Cloud Attack Surface Management: See What Other CNAPPs Miss](https://origin-researchcenter.paloaltonetworks.com/blog/cloud-security/closing-cloud-gap-attack-surface-management/) ### [AI Security](https://www.paloaltonetworks.com/blog/category/ai-security/?ts=markdown), [AI Security Posture Management](https://www.paloaltonetworks.com/blog/cloud-security/category/ai-security-posture-management/?ts=markdown), [Artificial Intelligence](https://www.paloaltonetworks.com/blog/cloud-security/category/artificial-intelligence/?ts=markdown), [Cloud Security](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-security/?ts=markdown), [CSPM](https://www.paloaltonetworks.com/blog/cloud-security/category/cspm/?ts=markdown) [#### The Rise of AI-Powered IDEs: What the Windsurf Acquisition News Mean for Security Teams](https://origin-researchcenter.paloaltonetworks.com/blog/cloud-security/windsurf-openai-acquisition/) ### [CIEM](https://www.paloaltonetworks.com/blog/cloud-security/category/ciem-2/?ts=markdown), [Cloud Posture Security](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-security-posture-management/?ts=markdown), [Cloud Security](https://www.paloaltonetworks.com/blog/category/cloud-security/?ts=markdown), [Data Security Posture Management](https://www.paloaltonetworks.com/blog/cloud-security/category/data-security-posture-management/?ts=markdown), [DSPM](https://www.paloaltonetworks.com/blog/cloud-security/category/dspm/?ts=markdown) [#### Weak Identity Governance Leads to Data Exposure --- 3 Attack Paths Explained](https://origin-researchcenter.paloaltonetworks.com/blog/cloud-security/identity-goverance-data-exposure/) ### [Points of View](https://www.paloaltonetworks.com/blog/category/points-of-view/?ts=markdown), [Precision AI](https://www.paloaltonetworks.com/blog/category/precision-ai/?ts=markdown) [#### The Intersection of Marketing and Technology](https://origin-researchcenter.paloaltonetworks.com/blog/2024/11/the-intersection-of-marketing-and-technology/) ### Subscribe to Cloud Security Blogs! Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more. ![spinner](https://origin-researchcenter.paloaltonetworks.com/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up Please enter a valid email. By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder. This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply. {#footer} {#footer} ## Products and Services * [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown) * [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown) * [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown) * [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown) * [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown) * [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown) * [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown) * [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown) * [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown) * [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown) * [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) * [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown) * [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown) * [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown) * [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown) * [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown) * [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown) * [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown) * [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown) * [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown) * [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown) * [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown) * [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown) * [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown) * [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown) * [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) * [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown) * [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown) * [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown) * [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown) * [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown) * [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown) * [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown) * [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown) * [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown) * [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown) * [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown) * [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown) * [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown) * [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown) * [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown) ## Company * [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown) * [Careers](https://jobs.paloaltonetworks.com/en/) * [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown) * [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown) * [Customers](https://www.paloaltonetworks.com/customers?ts=markdown) * [Investor Relations](https://investors.paloaltonetworks.com/) * [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown) * [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown) ## Popular Links * [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown) * [Communities](https://www.paloaltonetworks.com/communities?ts=markdown) * [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown) * [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown) * [Event Center](https://events.paloaltonetworks.com/) * [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center) * [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown) * [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown) * [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown) * [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown) * [Tech Docs](https://docs.paloaltonetworks.com/) * [Unit 42](https://unit42.paloaltonetworks.com/) * [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd) ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg) * [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown) * [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown) * [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) * [Documents](https://www.paloaltonetworks.com/legal?ts=markdown) Copyright © 2026 Palo Alto Networks. All Rights Reserved * [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks) * [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown) * [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/) * [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks) * [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks) * EN Select your language