Artificial intelligence (AI) is still a strategic focus for organizations, and it appears that will remain the case in 2026 and beyond. After an experimentation period, commercial and technical teams are now looking to realize the benefits of AI, which often result in a broad range of models, agents and applications in production.
Today we are announcing three meaningful updates to Cortex® CloudTM AI Security Posture Management (AI-SPM), all aimed at helping organizations better manage, secure and govern their AI deployments – from early development to production at scale.
1. Model Activity Analysis: See Which AI Assets Are Actually Being Used
There has been an absolute explosion of AI tools and models in recent years, and most organizations will have evaluated dozens of offerings before settling on a handful that actually run in production. Many of these unused AI assets, however, are still deployed in staging, testing or even production environments. This can expand the attack surface, increase compliance and governance risk, and raise cloud costs.
Cortex Cloud AI-SPM now provides a simple way to track and manage AI model activity as well as to detect inactive models. By analyzing cloud logs without having to install agents, Cortex Cloud can generate key insights, including how often a model has been invoked in the past 30 days and when a model was last active.
Models are now automatically marked as inactive after 30 days of non-usage, and you can use a new filter in the inventory view to quickly identify all inactive models. Business, security and AI development teams can use this view as a basis for further discussion regarding which models are still needed.
Learn more about model activity analysis.
2. Enhanced Security for Agents: See Agentic AI Risks at a Glance
Agentic deployments – where a large language model (LLM) is connected to tools and organizational datastores and can perform tasks autonomously or semi-autonomously – have proven to be a value multiplier in AI implementations. Agents are a mainstay in today’s AI landscape and are being rapidly deployed to perform diverse tasks, including customer service, incident management and application development.
Organizations are only now starting to grapple with the security implications of agentic AI, which can be far-reaching. However, the first step in securing any IT infrastructure is knowing when and where AI agents are present. Until now, no major cloud-native application protection platform (CNAPP) has offered a dedicated view of AI agents.
This reality changes with Cortex Cloud AI-SPM’s new update, which offers visibility into agent infrastructure and risks, including:
- Inventory: dedicated inventory of deployed AI agents
- Ecosystem: associated models, cloud resources and other AI agents
- Data risk: agents with access to sensitive data
- Identity and permissions risk: overprivileged agents as well as users or roles that can use agents to gain effective access to other systems
- Tools: tools that each agent can access, enabling further investigation into the permissions and resources connected to each tool
Now Security and IT teams can better understand how AI is being used, define surface agentic implementations that might require further consideration, and identify immediate risks such as agents with access to customer data.
3. AI Software Package Analysis: Shift-Left AI-SPM
As AI becomes deeply embedded in application development, security teams need visibility into not only deployed AI models and agents, but also AI software packages and SDKs that developers use to build these systems. Understanding your AI software supply chain can help you identify vulnerabilities before they reach production.
Cortex Cloud AI-SPM now extends from cloud resources to code and applications, providing comprehensive visibility into AI-related software packages used in development environments. This shift-left approach to AI security helps organizations identify and manage risks early in the development lifecycle.
Now you can use Cortex Cloud to better understand your AI bill of materials (AI BOM), including:
- Visibility into AI applications and components: See all applications that contain AI components and a full inventory of AI software packages (e.g. Langchain, LLM SDKs) being used in these applications.
- Business context: Understand who is building with AI, which building blocks they are using (e.g., dev branch).
- Risks: Check each software package for known CVEs and see insights about the popularity and usage of open source packages.
Connecting AI posture insights to application development is part of our platform approach to AI and cloud security – bringing everything together under one roof, from code to cloud to SOC. Stay tuned for more integrations and automations built on the unified view that Cortex Cloud has across your entire environment.
How to Get Started
If you’re already using Cortex Cloud AI-SPM, you now have access to all our new and existing capabilities. Contact your customer success manager if you require further assistance.
Not using AI-SPM yet? Request a demo today.