Our CIO on Why Security Must Be Built Into AI from Day One

Rajavel frames the business impact of AI based on three core capabilities:

• Velocity: Go from zero to scale at unprecedented speed, going from one to 100 to one million faster. “With AI, you can really gain speed,” Rajavel explained. “It’s really important when you think about speed in today’s context of business.”
• Capacity: Change the way employees spend their time by automating routine tasks and upgrading strategic work. How do you confirm that each salesperson uses his or her time in front of customers efficiently? How do you ensure employees focus on work that drives results? AI provides answers.
• Experience: The shift from one-way searches to dynamic dialogues where AI becomes a thought partner. “If I want to interact with it, formulate and sharpen my ideas, it’s a great tool,” Rajavel said.

These are not abstract concepts. They are measurable outcomes that Palo Alto Networks has intentionally achieved through AI implementation.

Palo Alto Networks processes 280,000 IT support tickets annually for 20,000 employees. That’s 14 tickets per employee per yearInstead of taking this for granted, Rajavel’s team analyzed each ticket and reimagined the support experience around an AI agent called Panda AI,

The change has been dramatic. Before Panda AI, the company automated only 12% of IT requests. Within a year, that number increased to 72%. This change was not entirely technical. It combined AI-powered user experience with process reengineering and traditional automation tools that now serve as capabilities for the AI ​​agent.

Rajavel classified the tickets into three buckets. First, information retrieval requests such as “how to” questions represent approximately 20% of tickets. Panda AI now handles virtually all requests of this type without human intervention. Second, automation is able to handle 89% of service requests with deterministic outcomes such as password reset or access provisioning. Third, break-fix issues requiring troubleshooting remain the toughest challenge, although AI helps gather the full context before escalating to humans.

The change experienced is subtle but powerful. Users receive instant responses instead of waiting on hold. The system maintains memory of conversations by eliminating repetitive queries. When escalation is necessary, human agents view the entire interaction history. Most importantly, Panda AI asks for feedback after each interaction, creating a continuous learning cycle that improves over time.

Developer productivity tools dominated early AI conversations, with claims that AI would eliminate the need for software engineers. Rajavel dismissed this as a fundamental misunderstanding of how software is built.

Engineers spend only 20 to 30% of their time writing code. The remaining 70% includes design work, documentation, support, bug fixes, and collaboration. More critically, the most expensive product gaps don’t come from coding errors; They come from misunderstood requirements and flawed technical designs.

Rajavel explained:

If you focus all your effort on AI writing code, you’re only solving a small part [of the problem],

His team has reimagined the entire software development lifecycle as AI-powered, and has completed seven pilot programs before moving to general availability.

The new process begins with requirements gathering. Instead of humans transcribing business discussions into documents, the team feeds Zoom recordings, emails, and documentation directly into the AI ​​to generate product requirements documents. The AI ​​then generates web interface mockups for immediate feedback, catching misalignments before costly development work begins.

Better requirements drive better user stories, which feed into both development and quality assurance testing plans. According to an internal pilot, for greenfield projects, we found that AI could generate 60% to 80% of the code. For brownfield work in an existing codebase (or, incorporating new software or technology in the presence of legacy systems and infrastructure), the efficiency gains are smaller but still meaningful because engineers work with higher quality specifications.

This approach blurs traditional role boundaries. Product managers and analysts now perform similar tasks, all requiring AI fluency. Documentation is automatically operational as soon as the product is shipped, as AI maintains the context throughout the development cycle.

Innovation at machine speed creates security challenges that many organizations do not recognize until it is too late. When Palo Alto Networks adopted AI in early 2023, Rajavel’s first priority was simple: gain visibility into what employees were already doing.

“If you think, ‘Oh, we don’t use AI.’ Guess what? Your teams are using AI,” she warned. “You might not know what they’re using.” The company deployed AI Access Security™ as its first product, which has been in production for nearly two years, to understand AI usage patterns before expanding capabilities.

The security surface extends far beyond traditional concerns. For AI systems, models and data become the primary attack vectors. “If I poison even one of them, the AI ​​could go haywire,” Rajavel said. While frontier models from providers like Google and OpenAI carry less risk due to extensive testing, most AI applications involve many specific models.

Want to see Cortex XDR in action? Take a tour of our product today!