* [Blog](https://origin-researchcenter.paloaltonetworks.com/blog)
* [Security Operations](https://origin-researchcenter.paloaltonetworks.com/blog/security-operations/)
* [AI and Cybersecurity](https://origin-researchcenter.paloaltonetworks.com/blog/security-operations/category/ai-and-cybersecurity/)
* The Frontier AI SOC Has A...

# The Frontier AI SOC Has Arrived

[](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Forigin-researchcenter.paloaltonetworks.com%2Fblog%2Fsecurity-operations%2Fcortex-frontier-ai%2F)  
[](https://twitter.com/share?text=The+Frontier+AI+SOC+Has+Arrived&url=https%3A%2F%2Forigin-researchcenter.paloaltonetworks.com%2Fblog%2Fsecurity-operations%2Fcortex-frontier-ai%2F)  
[](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Forigin-researchcenter.paloaltonetworks.com%2Fblog%2Fsecurity-operations%2Fcortex-frontier-ai%2F&title=The+Frontier+AI+SOC+Has+Arrived&summary=&source=)  
[](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://origin-researchcenter.paloaltonetworks.com/blog/security-operations/cortex-frontier-ai/&ts=markdown)  
\[\](mailto:?subject=The Frontier AI SOC Has Arrived)  
Link copied  
By [Ariel Blaier](https://www.paloaltonetworks.com/blog/author/ariel-blaier/?ts=markdown "Posts by Ariel Blaier") and [Jane Goh](https://www.paloaltonetworks.com/blog/author/jane-goh/?ts=markdown "Posts by Jane Goh")  
Jun 11, 2026  
5 minutes  
[AI and Cybersecurity](https://www.paloaltonetworks.com/blog/security-operations/category/ai-and-cybersecurity/?ts=markdown)  
[Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown)  
[Agentic AI](https://www.paloaltonetworks.com/blog/tag/agentic-ai/?ts=markdown)  
[AI Security](https://www.paloaltonetworks.com/blog/tag/ai-security-2/?ts=markdown)  
[Cortex](https://www.paloaltonetworks.com/blog/tag/cortex/?ts=markdown)  
[Cortex XSIAM](https://www.paloaltonetworks.com/blog/tag/cortex-xsiam/?ts=markdown)  
[Security Automation](https://www.paloaltonetworks.com/blog/tag/security-automation/?ts=markdown)  
[XSIAM](https://www.paloaltonetworks.com/blog/tag/xsiam/?ts=markdown)

*Introducing native support for leading frontier AI models, including Claude Sonnet 4.6, Claude Opus 4.8 and Gemini 3.5 Flash across the Cortex platform.*

Frontier AI is a moving target. Each successive generation of AI models can unlock distinct leaps in capability, such as deeper analytical reasoning, stronger instruction following, and the ability to synthesize massive, fragmented context.

Adversaries do not wait for the next platform refresh cycle to adopt these breakthroughs. They test, adapt, and operationalize them immediately. The attack lifecycle is compressing, with vulnerability discovery to exploitation currently taking under [25 minutes](https://www.paloaltonetworks.com/perspectives/weaponized-intelligence/). Reconnaissance is now automated, phishing is harder to distinguish from legitimate communication, and exfiltration tactics can adapt to environments in real time.

An agentic SOC must operate with the same agility, on a model-flexible foundation that can absorb frontier advances and apply them inside operational workflows as the AI threat landscape evolves. With the Cortex platform, we're directly addressing these critical needs by giving defenders access to the right model capability for the right security workflow, without forcing the SOC to bet everything on a single model that could be outdated tomorrow.

Today, we are thrilled to announce native support for the world's most powerful frontier AI models across the [**Cortex**](https://www.paloaltonetworks.com/cortex) platform, including **Anthropic Claude Sonnet 4.6** , **Claude Opus 4.8 and Gemini 3.5 Flash**. These frontier models infuse every part of the platform, including Cortex XSIAM, AgentiX, XDR, and Cloud, to deliver sophisticated AI reasoning, speed, and intelligence directly into your workflow. Cortex is designed for the future, with a flexible harness that allows us to rapidly add support for new models as they emerge, keeping you on the frontier of AI-driven defense.

You can choose between **Basic, Fast** , **Thinking** , or **Pro**AI models to match the speed and depth your task requires.
![Here is the alt text for image\_94d6e7.jpg:A dark-mode web interface for an AI platform titled "Agentic Assistant Hub." The main dashboard area displays an active "Agents" tab with a search bar and a "+ Create agent" button. Below, four grid cards show different specialized AI agents "By Cortex": Application Security: An intelligent AppSec co-pilot. Help Center: An AI support agent using Palo Alto Networks documentation. Threat Intel: A fresh threat data and vulnerability aggregator. Network Security: An agent that manages firewalls and network security products. On the right side, a chat sidebar features a welcome message, "Good morning Ariel, How can I help you today?" and an open model-selection menu. The menu lists AI model tiers including Basic (Gemini 2.5 Flash), Fast (Gemini 3.5 Flash, which is currently selected), Thinking (Claude Sonnet 4.6), and Pro (Claude Opus 4.7).](https://www.paloaltonetworks.com/blog/wp-content/uploads/2026/06/Frontier-AI-models.png)
Fig 1: Users can choose the AI model that best matches their task

## **Unleashing Intelligence on Native Telemetry**

Frontier models are incredible at finding patterns, but they can only connect the dots within their line of sight. They become massively more effective the moment you run them on top of a unified security data foundation that brings all your telemetry into view.

In the Cortex architecture, context is stitched from native telemetry across endpoint, network, cloud, and identity. Each piece adds meaning. Together, they give analysts the full operational picture of what happened, why it matters and what can be done next.

By bringing native support for leading frontier AI models to the Cortex platform, security teams can easily connect disparate signals, synthesize complex context, and move at AI speed. This is frontier AI applied directly to real-world security operations.

## **Where Frontier Models Move the Work Forward**

In security operations, the most important work is the chain of reasoning that moves an investigation forward. Security investigations often move across multiple paths. The challenge is deciding what matters, what to check next, and how to turn noisy case context into a clear next step.

Armed with stronger reasoning and instruction, Cortex AI agents can *better understand analyst intent*, more quickly synthesize complex requests into clear steps, while maintaining context across the workflow.

When the request or context is ambiguous, AI agents can ask more *targeted clarification questions*tied to the investigation, entity, action, or decision at hand. In the SOC, context is everything. It ensures AI agents fully understand the case and build a plan before taking action.

Frontier models also help *translate reasoning into structured execution*. Agentic workflows depend on AI agents turning analyst intent into the right next step, with the right parameters, context, and structure. Cleaner structured generation helps keep the workflow aligned to what the analyst is trying to accomplish.

At the synthesis layer, these AI frontier models help AI agents process *massive amounts of data* associated with a case, such as timelines, endpoint events, identity signals, cloud activity, network activity, and past analyst actions. The AI agent needs to preserve key evidence and suggest next steps, whether it is acting on its own or prepping the case for a human investigator.

With frontier AI directly embedded into security workflows, Cortex instantly bridges the gap between threat detection and automated response. AI agents are empowered to handle cases on their own at machine speed, or they can provide clear guidance to human analysts, taking the guesswork out of case investigations.

## **From Reasoning to Governed Action**

Frontier models bring stronger reasoning to AI agents. Cortex grounds that reasoning in a security context and governs AI agentic action within policy boundaries defined by the SOC, including permissions, approvals, workflows, accountability, and human-in-the-loop approval where it's needed.

AI becomes operational in security by being connected to the data defenders trust, embedded in the workflows they use, and governed by the controls their organizations require.

## **Built to Move With the Frontier**

By grounding how frontier models reason, execute, and access native telemetry today, Cortex helps defenders address today's operational pressure while setting the stage for the next phase of Agentic SOC operations.

## **Experience the Power of Frontier AI SOC**

See how Cortex XSIAM combines leading frontier AI models, AI agents, and autonomous workflows to accelerate investigations, reduce manual effort, and strengthen security operations. [Schedule a demo](https://www.paloaltonetworks.com/cortex/request-demo).

*** ** * ** ***

## Related Blogs

### [AI and Cybersecurity](https://www.paloaltonetworks.com/blog/security-operations/category/ai-and-cybersecurity/?ts=markdown), [Automation of the Week](https://www.paloaltonetworks.com/blog/security-operations/category/automation-of-the-week/?ts=markdown)

[#### Don't Get Reeled In: The Case for AI-Driven Phishing Response](https://origin-researchcenter.paloaltonetworks.com/blog/security-operations/dont-get-reeled-in-the-case-for-ai-driven-phishing-response/)

### [AI and Cybersecurity](https://www.paloaltonetworks.com/blog/security-operations/category/ai-and-cybersecurity/?ts=markdown), [Automation of the Week](https://www.paloaltonetworks.com/blog/security-operations/category/automation-of-the-week/?ts=markdown), [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown)

[#### Introducing the Cortex MCP Server](https://origin-researchcenter.paloaltonetworks.com/blog/security-operations/introducing-the-cortex-mcp-server/)

### [AI and Cybersecurity](https://www.paloaltonetworks.com/blog/security-operations/category/ai-and-cybersecurity/?ts=markdown), [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [Product Features](https://www.paloaltonetworks.com/blog/security-operations/category/product-features/?ts=markdown)

[#### What's New in Cortex (May '26)](https://origin-researchcenter.paloaltonetworks.com/blog/security-operations/whats-new-in-cortex-may-26/)

### [AI and Cybersecurity](https://www.paloaltonetworks.com/blog/security-operations/category/ai-and-cybersecurity/?ts=markdown), [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [Product Features](https://www.paloaltonetworks.com/blog/security-operations/category/product-features/?ts=markdown)

[#### Threat Intelligence in the Era of AI](https://origin-researchcenter.paloaltonetworks.com/blog/security-operations/threat-intelligence-in-the-era-of-ai/)

### [AI and Cybersecurity](https://www.paloaltonetworks.com/blog/security-operations/category/ai-and-cybersecurity/?ts=markdown), [AI Security](https://www.paloaltonetworks.com/blog/category/ai-security/?ts=markdown), [Automation of the Week](https://www.paloaltonetworks.com/blog/security-operations/category/automation-of-the-week/?ts=markdown), [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown)

[#### Always on the Case: Introducing the AgentiX Case Investigation Agent](https://origin-researchcenter.paloaltonetworks.com/blog/security-operations/always-on-the-case-introducing-the-agentix-case-investigation-agent/)

### [AI and Cybersecurity](https://www.paloaltonetworks.com/blog/security-operations/category/ai-and-cybersecurity/?ts=markdown), [AI Security](https://www.paloaltonetworks.com/blog/category/ai-security/?ts=markdown), [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [Product Features](https://www.paloaltonetworks.com/blog/security-operations/category/product-features/?ts=markdown)

[#### Modernising the SOC: Navigating the Shift to Platformization and Agentic AI](https://origin-researchcenter.paloaltonetworks.com/blog/security-operations/modernising-the-soc-navigating-the-shift-to-platformization-and-agentic-ai/)

### Subscribe to Security Operations Blogs!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.
![spinner](https://origin-researchcenter.paloaltonetworks.com/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up  
Please enter a valid email.  
By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.  
This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply.  
{#footer} {#footer} Products and Services

* [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown)

* [Secure AI by Design](https://www.paloaltonetworks.com/ai-security?ts=markdown)

* [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown)

* [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown)

* [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown)

* [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown)

* [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown)

* [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown)

* [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown)

* [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown)

* [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown)

* [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown)

* [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown)

* [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown)

* [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown)

* [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown)

* [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown)

* [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown)

* [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown)

* [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown)

* [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown)

* [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown)

* [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown)

* [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown)

* [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown)

* [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown)

* [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown)

* [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown)

* [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown)

* [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown)

* [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)

* [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown)

* [Next-Generation Identity Security](https://www.paloaltonetworks.com/idira?ts=markdown)

* [Privileged Access Management](https://www.paloaltonetworks.com/idira/human/privileged-access-management?ts=markdown)

* [Identity and Access Management](https://www.paloaltonetworks.com/idira/human/identity-and-access-management?ts=markdown)

* [Endpoint Privilege Manager](https://www.paloaltonetworks.com/idira/human/endpoint-privilege-manager?ts=markdown)

* [Identity Governance](https://www.paloaltonetworks.com/idira/human/identity-governance?ts=markdown)

* [Workforce Password Management](https://www.paloaltonetworks.com/idira/human/workforce-password-management?ts=markdown)

* [Agentic Identities](https://www.paloaltonetworks.com/idira/agentic?ts=markdown)

* [Secrets Management](https://www.paloaltonetworks.com/idira/machine/secrets-management?ts=markdown)

* [Unified Secrets Governance](https://www.paloaltonetworks.com/idira/machine/unified-secrets-governance?ts=markdown)

* [Application Credentials Delivery](https://www.paloaltonetworks.com/idira/machine/application-credentials-delivery?ts=markdown)

* [Vendor Privileged Access](https://www.paloaltonetworks.com/idira/human/vendor-privileged-access?ts=markdown)

* [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown)

* [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown)

* [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown)

* [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown)

* [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown)  
  Company

* [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown)

* [Careers](https://jobs.paloaltonetworks.com/en/)

* [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)

* [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown)

* [Customers](https://www.paloaltonetworks.com/customers?ts=markdown)

* [Investor Relations](https://investors.paloaltonetworks.com/)

* [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown)

* [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown)  
  Popular Links

* [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown)

* [Communities](https://www.paloaltonetworks.com/communities?ts=markdown)

* [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown)

* [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown)

* [Event Center](https://events.paloaltonetworks.com/)

* [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center)

* [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown)

* [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown)

* [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown)

* [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown)

* [Tech Docs](https://docs.paloaltonetworks.com/)

* [Unit 42](https://unit42.paloaltonetworks.com/)

* [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd)
  ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)

* [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown)

* [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown)

* [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown)

* [Documents](https://www.paloaltonetworks.com/legal?ts=markdown)

Copyright © 2026 Palo Alto Networks. All Rights Reserved

* [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks)
* [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown)
* [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/)
* [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks)
* [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks)
* EN  
  Select your language