* [Blog](https://origin-researchcenter.paloaltonetworks.com/blog)
* [Security Operations](https://origin-researchcenter.paloaltonetworks.com/blog/security-operations/)
* [AI and Cybersecurity](https://origin-researchcenter.paloaltonetworks.com/blog/security-operations/category/ai-and-cybersecurity/)
* Securing the AI Factory: ...

# Securing the AI Factory: Empowering Security Teams with In-Silicon Visibility

[](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Forigin-researchcenter.paloaltonetworks.com%2Fblog%2Fsecurity-operations%2Fsecuring-the-ai-factory-empowering-security-teams-with-in-silicon-visibility%2F)  
[](https://twitter.com/share?text=Securing+the+AI+Factory%3A+Empowering+Security+Teams+with+In-Silicon+Visibility&url=https%3A%2F%2Forigin-researchcenter.paloaltonetworks.com%2Fblog%2Fsecurity-operations%2Fsecuring-the-ai-factory-empowering-security-teams-with-in-silicon-visibility%2F)  
[](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Forigin-researchcenter.paloaltonetworks.com%2Fblog%2Fsecurity-operations%2Fsecuring-the-ai-factory-empowering-security-teams-with-in-silicon-visibility%2F&title=Securing+the+AI+Factory%3A+Empowering+Security+Teams+with+In-Silicon+Visibility&summary=&source=)  
[](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://origin-researchcenter.paloaltonetworks.com/blog/security-operations/securing-the-ai-factory-empowering-security-teams-with-in-silicon-visibility/&ts=markdown)  
\[\](mailto:?subject=Securing the AI Factory: Empowering Security Teams with In-Silicon Visibility)  
Link copied  
By [Nadav Shai Kanon](https://www.paloaltonetworks.com/blog/author/nadav-shai-kanon/?ts=markdown "Posts by Nadav Shai Kanon") and [Shrikant Brahmbhatt](https://www.paloaltonetworks.com/blog/author/shrikant-brahmbhatt/?ts=markdown "Posts by Shrikant Brahmbhatt")  
Jun 30, 2026  
5 minutes  
[AI and Cybersecurity](https://www.paloaltonetworks.com/blog/security-operations/category/ai-and-cybersecurity/?ts=markdown)  
[Partner Integrations](https://www.paloaltonetworks.com/blog/security-operations/category/partner-integrations/?ts=markdown)  
[Product Features](https://www.paloaltonetworks.com/blog/security-operations/category/product-features/?ts=markdown)  
[Uncategorized](https://www.paloaltonetworks.com/blog/category/uncategorized/?ts=markdown)  
[AI Factory](https://www.paloaltonetworks.com/blog/tag/ai-factory/?ts=markdown)  
[AI Infrastructure Security](https://www.paloaltonetworks.com/blog/tag/ai-infrastructure-security/?ts=markdown)  
[BlueField DPU](https://www.paloaltonetworks.com/blog/tag/bluefield-dpu/?ts=markdown)  
[Cortex XSIAM](https://www.paloaltonetworks.com/blog/tag/cortex-xsiam/?ts=markdown)  
[Deep Observability](https://www.paloaltonetworks.com/blog/tag/deep-observability/?ts=markdown)  
[Hardware Telemetry](https://www.paloaltonetworks.com/blog/tag/hardware-telemetry/?ts=markdown)  
[network analytics](https://www.paloaltonetworks.com/blog/tag/network-analytics/?ts=markdown)  
[NVIDIA DOCA Argus](https://www.paloaltonetworks.com/blog/tag/nvidia-doca-argus/?ts=markdown)  
[Palo Alto Networks](https://www.paloaltonetworks.com/blog/tag/palo-alto-networks/?ts=markdown)  
[XDM Normalization](https://www.paloaltonetworks.com/blog/tag/xdm-normalization/?ts=markdown)

Security professionals are finding themselves in a difficult position. As organizations race to deploy AI Factories and autonomous agents, security teams are being asked to protect high-performance, massively accelerated computing architectures that they cannot fully see. Operating at incredible volume and speed, the deepest layers of the infrastructure---such as AI compute nodes and [NVIDIA BlueField](https://www.nvidia.com/en-us/networking/products/data-processing-unit/) data processing units (DPUs) ---are exactly where high-fidelity, in-silicon observability becomes essential.

Securing the AI Factory requires security leaders to optimize their architecture rather than accept a mindset of competing priorities. When traditional host-based agents compete for the premium compute resources that AI models desperately need, it creates an artificial tug-of-war between security visibility and token economics.

## **Balancing AI Innovation and Security**

Security teams shouldn't be forced to compromise between robust protection and rapid progress. To address the unique challenges of securing modern AI infrastructure without stalling computing workloads, organizations should adopt a collaborative, visibility-first strategy:

* **Eliminate the False Choice: Build the security check into the pipeline instead of bolting it on afterward. When a model can't be promoted to production until its data lineage and dependencies clear an automated scan, the gate runs inline in CI rather than sitting in a review queue.**
* **Restore Infrastructure Visibility:** Monitor the pipeline down at the layer where attacks actually land. You want to catch the moment a service account pulls model weights it has never accessed before, or an inference endpoint starts returning data that looks like training records leaking back out.
* **Remove Innovation Bottlenecks:** Make the secure path the default path. When a data scientist spins up a training environment and it arrives already segmented with secrets handled for them, security stops being the ticket they wait on.

#### **Eliminating Blind Spots: In-Silicon Visibility into AI Nodes**

To stop advanced threats, security teams must look beneath the software layer. Leveraging the NVIDIA BlueField DPU as an out-of-band sensor grants direct visibility into AI node memory and runtime processes straight from the hardware. This empowers analysts with unprecedented insights into data flows, file access, and memory operations, effectively eliminating the blind spots that traditional OS logs leave behind.

We partnered with NVIDIA to help security professionals gain visibility into the AI Factory without becoming a bottleneck to innovation. Palo Alto Networks Cortex has integrated with the [NVIDIA DOCA Argus](https://www.nvidia.com/en-us/networking/products/software/doca/) framework to provide an out-of-band security sensor. DOCA Argus generates critical security events and alerts directly on the AI node by utilizing advanced memory forensics and in-silicon machine introspection. Because it operates from BlueField, it can scan host memory and monitor process activity, file access, and network connections without relying on host-based agents or impacting the performance of the AI workload.

#### **Making the Data Immediately Usable**

Telemetry is only useful if it is actionable. Raw JSON logs from DOCA Argus are automatically forwarded to Cortex XSIAM, where they are parsed and mapped into the Cortex Data Model (XDM). This native normalization transforms complex hardware-level signals into a standardized schema that SOC analysts can immediately query alongside existing datasets. By modeling Argus network fields into XDM, telemetry is converted into active security data capable of triggering high-fidelity detections through the Cortex analytics pipeline.

Furthermore, analysts are empowered to build their own tailored dashboards, giving them the exact situational awareness they need to proactively hunt for anomalous behavior specific to their unique AI workloads.
![](https://www.paloaltonetworks.com/blog/wp-content/uploads/2026/06/AI-workloads.jpg)
Using XDM to search and view query results from the DOCA Argus dataset ![](https://www.paloaltonetworks.com/blog/wp-content/uploads/2026/06/DOCA-Argus-dataset.jpg)
A dashboard in Cortex XSIAM built for ingested DOCA Argus data

**From Insight to Automated Response: Eliminating Operational Friction**

This integration operates completely out-of-band to eliminate performance overhead, ensuring that 100% of AI compute resources remain dedicated to the business mission. Beyond deep visibility, it seamlessly turns these insights into immediate, automated action. By using Cortex to automate policy changes and isolate compromised AI nodes in real time, organizations can eliminate operational friction. The result? A SOC that no longer slows down production, but instead acts as a secure-by-design enabler of AI innovation.

**From Bottleneck to Catalyst: Redefining Security for the AI Factory**

Security teams carry the weight of protecting the AI Factory, and they deserve tooling that meets them where they work. With NVIDIA DOCA Argus telemetry feeding natively into the Cortex platform, defenders can stop stitching together fragmented point products and finally see the whole environment at once. That unified visibility, made possible by Palo Alto Networks and NVIDIA, gives them the confidence to protect every stage of the AI lifecycle. Within their own organizations, they shed the reputation of operational bottleneck and become the force that drives AI innovation forward.

**Key Takeaways**

* **Workload** **Security with Deep Visibility:** Unlock continuous memory scanning across application hosts without the performance drag or resource drain of traditional security agents. This delivers deep, uncompromised infrastructure visibility while keeping host compute and memory 100% free to power critical AI workloads at peak speed.
* **Seamless Sensor Integration with XDM:** NVIDIA DOCA Argus acts as a native sensor, feeding telemetry straight into the Cortex Data Model (XDM). Security teams get structured, hardware-level signal and automated remediation that runs without manual stitching. Visibility that is rooted in purpose-built silicon means they can catch threats closer to the source.
* **Enhanced Correlation and Observability:** Tailored dashboards transform raw telemetry into a live, searchable feed of prioritized alerts. Packed with rich context---like timestamps, activity types, and host details---analysts can correlate threats faster and respond instantly.

**Ready to Empower Your SOC?**

* **Explore the Integration:** Download the [DOCA Argus Content Pack](https://cortex.marketplace.pan.dev/marketplace/details/NVIDIA_DOCA_Argus/) today on the Cortex Marketplace.

*** ** * ** ***

## Related Blogs

### [AI and Cybersecurity](https://www.paloaltonetworks.com/blog/security-operations/category/ai-and-cybersecurity/?ts=markdown), [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [Product Features](https://www.paloaltonetworks.com/blog/security-operations/category/product-features/?ts=markdown)

[#### The Clock Is Running: What Frontier AI Means for Your SOC](https://origin-researchcenter.paloaltonetworks.com/blog/security-operations/the-clock-is-running-what-frontier-ai-means-for-your-soc/)

### [AI and Cybersecurity](https://www.paloaltonetworks.com/blog/security-operations/category/ai-and-cybersecurity/?ts=markdown), [News and Events](https://www.paloaltonetworks.com/blog/security-operations/category/news-and-events/?ts=markdown), [Product Features](https://www.paloaltonetworks.com/blog/security-operations/category/product-features/?ts=markdown), [Use-Cases](https://www.paloaltonetworks.com/blog/security-operations/category/use-cases/?ts=markdown)

[#### When Global Conflict Reaches the SOC: Respond at Scale with XSIAM](https://origin-researchcenter.paloaltonetworks.com/blog/security-operations/when-global-conflict-reaches-the-soc-respond-at-scale-with-xsiam/)

### [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [Product Features](https://www.paloaltonetworks.com/blog/security-operations/category/product-features/?ts=markdown), [Uncategorized](https://www.paloaltonetworks.com/blog/category/uncategorized/?ts=markdown)

[#### Breaking Down Security Silos: How XDL Powers Advanced Threat Operations](https://origin-researchcenter.paloaltonetworks.com/blog/security-operations/breaking-down-security-silos-how-xdl-powers-advanced-threat-operations/)

### [AI and Cybersecurity](https://www.paloaltonetworks.com/blog/security-operations/category/ai-and-cybersecurity/?ts=markdown), [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Product Features](https://www.paloaltonetworks.com/blog/security-operations/category/product-features/?ts=markdown)

[#### What's New for Cortex (July '25)](https://origin-researchcenter.paloaltonetworks.com/blog/security-operations/whats-new-for-cortex-july-25/)

### [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [Partner Integrations](https://www.paloaltonetworks.com/blog/security-operations/category/partner-integrations/?ts=markdown), [Product Features](https://www.paloaltonetworks.com/blog/security-operations/category/product-features/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown)

[#### Flexible Security Data Management with Cortex XSIAM \& Cribl](https://origin-researchcenter.paloaltonetworks.com/blog/security-operations/cortex-xsiam-integration-with-cribl-brings-flexible-data-management-to-security-operations/)

### [Partner Integrations](https://www.paloaltonetworks.com/blog/security-operations/category/partner-integrations/?ts=markdown), [Partners](https://www.paloaltonetworks.com/blog/category/partners/?ts=markdown), [Product Features](https://www.paloaltonetworks.com/blog/security-operations/category/product-features/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown)

[#### Simplify, Scale and Accelerate Your SOC with AI-Driven Security](https://origin-researchcenter.paloaltonetworks.com/blog/2024/01/your-soc-with-ai-driven-security/)

### Subscribe to Security Operations Blogs!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.
![spinner](https://origin-researchcenter.paloaltonetworks.com/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up  
Please enter a valid email.  
By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.  
This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply.  
{#footer} {#footer} Products and Services

* [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown)

* [Secure AI by Design](https://www.paloaltonetworks.com/ai-security?ts=markdown)

* [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown)

* [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown)

* [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown)

* [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown)

* [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown)

* [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown)

* [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown)

* [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown)

* [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown)

* [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown)

* [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown)

* [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown)

* [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown)

* [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown)

* [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown)

* [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown)

* [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown)

* [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown)

* [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown)

* [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown)

* [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown)

* [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown)

* [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown)

* [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown)

* [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown)

* [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown)

* [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown)

* [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown)

* [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)

* [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown)

* [Next-Generation Identity Security](https://www.paloaltonetworks.com/idira?ts=markdown)

* [Privileged Access Management](https://www.paloaltonetworks.com/idira/human/privileged-access-management?ts=markdown)

* [Identity and Access Management](https://www.paloaltonetworks.com/idira/human/identity-and-access-management?ts=markdown)

* [Endpoint Privilege Manager](https://www.paloaltonetworks.com/idira/human/endpoint-privilege-manager?ts=markdown)

* [Identity Governance](https://www.paloaltonetworks.com/idira/human/identity-governance?ts=markdown)

* [Workforce Password Management](https://www.paloaltonetworks.com/idira/human/workforce-password-management?ts=markdown)

* [Agentic Identities](https://www.paloaltonetworks.com/idira/agentic?ts=markdown)

* [Secrets Management](https://www.paloaltonetworks.com/idira/machine/secrets-management?ts=markdown)

* [Unified Secrets Governance](https://www.paloaltonetworks.com/idira/machine/unified-secrets-governance?ts=markdown)

* [Application Credentials Delivery](https://www.paloaltonetworks.com/idira/machine/application-credentials-delivery?ts=markdown)

* [Vendor Privileged Access](https://www.paloaltonetworks.com/idira/human/vendor-privileged-access?ts=markdown)

* [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown)

* [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown)

* [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown)

* [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown)

* [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown)  
  Company

* [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown)

* [Careers](https://jobs.paloaltonetworks.com/en/)

* [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)

* [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown)

* [Customers](https://www.paloaltonetworks.com/customers?ts=markdown)

* [Investor Relations](https://investors.paloaltonetworks.com/)

* [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown)

* [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown)  
  Popular Links

* [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown)

* [Communities](https://www.paloaltonetworks.com/communities?ts=markdown)

* [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown)

* [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown)

* [Event Center](https://events.paloaltonetworks.com/)

* [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center)

* [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown)

* [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown)

* [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown)

* [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown)

* [Tech Docs](https://docs.paloaltonetworks.com/)

* [Unit 42](https://unit42.paloaltonetworks.com/)

* [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd)
  ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)

* [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown)

* [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown)

* [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown)

* [Documents](https://www.paloaltonetworks.com/legal?ts=markdown)

Copyright © 2026 Palo Alto Networks. All Rights Reserved

* [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks)
* [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown)
* [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/)
* [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks)
* [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks)
* EN  
  Select your language