- Cortex Cloud expands the platform with a prevention-first ASPM to automatically stop risks from reaching production

- New open AppSec partner ecosystem unifies all data from industry-leading AppSec providers on a single platform for unprecedented cross-vendor visibility

By : Bakinam Khaled

Palo Alto Networks® (NASDAQ: PANW), the global cybersecurity leader, today announced Cortex® Cloud™ Application Security Posture Management (ASPM), a prevention-first application security module that intelligently blocks security issues from reaching production. Now, security leaders and developers can fix security risks before cloud and AI applications have been deployed, which is 10 times faster, more efficient, and cost effective.

In addition, Cortex Cloud ASPM includes an open AppSec partner ecosystem, enabling organizations to consolidate data from their preferred third-party code scanners into one, centralized platform for comprehensive visibility. Combining native ASPM data with insights from third-party vendors enables security teams to dramatically improve their security posture, all without forcing developers to change tools. Palo Alto Networks AppSec partners feature leading vendors such as Black Duck, Checkmarx, GitLab, HashiCorp, Semgrep, Snyk and Veracode.

This release builds on the introduction of Cortex Cloud, which merged the company’s industry-leading cloud native application protection platform (CNAPP) and best-in-class cloud detection and response (CDR) capabilities for real-time cloud security. As part of the broader unified Cortex platform, customers can benefit from AI-ready data spanning code, cloud, and SOC to transform end-to-end security operations.

Sarit Tager, VP of Product Management, Palo Alto Networks

“As AI-generated code compresses application development from months to hours, security must evolve to protect the speed of innovation. Equipped with an industry-leading CNAPP, best-in-class CDR and now prevention-first ASPM, Cortex Cloud delivers the most comprehensive approach to cloud security and automatically stops risks before they reach production with end-to-end visibility across the entire application lifecycle.”

Cortex Cloud ASPM fully integrates and significantly enhances Palo Alto Networks existing best-in-class application security offerings already available in Cortex Cloud. Key benefits include:

●     Prevent risks, don’t chase them: Proactively stop security issues from reaching production, using full application and business context to enforce targeted guardrails without slowing down production.

●     Prioritize real issues, not false alarms: Pinpoint critical, exploitable risks without forcing developers to change tools by correlating findings from an open ecosystem of native and third-party scanners with complete code, cloud, runtime and business context.

●     Automate fixes, skip the backlog: Eliminate manual remediation across security and development teams using industry-leading automation at every stage of the application lifecycle.

Katie Norton, Research Manager, DevSecOps and Software Supply Chain Security, IDC "Application risks reaching production remain a persistent challenge for security teams and continue to leave organizations exposed. As development speed accelerates, the challenge is not just identifying vulnerabilities but focusing on those that pose real risk.

By connecting application security with the live threat landscape, Palo Alto Networks’ Cortex Cloud ASPM can help organizations to stop threats faster and operate more efficiently."

Cortex Cloud ASPM is currently in early access and expected to be generally available in the second half of 2025. To learn more about the Cortex platform and how Palo Alto Networks is transforming cybersecurity, read our blog.