The company enhances its Cortex platform with a new security module that prevents risks from reaching production, integrating native and third-party data without changing development tools.
Palo Alto Networks, a global leader in cybersecurity, has announced the launch of Cortex® Cloud™ ASPM (Application Security Posture Management), a new module within its Cortex platform that introduces a “prevention-first” security approach for cloud-based applications and AI-driven systems. The solution aims to automatically block risks before they reach production, shifting from the traditional “detection and response” model to one focused on proactive prevention.
The company emphasizes that, with development accelerating due to AI-generated code, security teams can no longer be limited to hunting vulnerabilities post-deployment. According to Sarit Tager, vice president of product management at Palo Alto Networks, “security must adapt to the speed of innovation.” Cortex Cloud ASPM enables this by providing automatic protection throughout all stages of the application lifecycle.
A preventive, automated, and context-aware approach
Unlike other solutions that detect security failures after applications are in production, Cortex Cloud ASPM stops them in advance by leveraging comprehensive context from the code, cloud environment, and business to enforce security policies without disrupting the development workflow.
Three key pillars of the solution:
Prevention before deployment
Automatically and intelligently stops security issues before deployment by applying specific controls based on the full context of the application and business.Accurate prioritization of real risks
Correlates findings from native and third-party tools (without needing to change tools) to filter out false positives and focus on exploitable vulnerabilities that truly matter.Automated remediation
Includes automation to fix issues throughout the development lifecycle, avoiding bottlenecks and backlog accumulation in security tasks.
An open AppSec ecosystem for frictionless developer experiences
One of the most innovative aspects of this new module is the creation of an open AppSec partner ecosystem, allowing organizations to integrate their preferred code scanners directly into Cortex. This centralizes all data into a single view, eliminating the need for developers to switch tools.
Notable technology partners include Black Duck, Checkmarx, GitLab, HashiCorp, Semgrep, Snyk, and Veracode, ensuring compatibility with some of the most widely used modern application security solutions.
This move strengthens Cortex Cloud’s position as a unified platform, which already combined leading capabilities in cloud-native application protection (CNAPP) and cloud detection and response (CDR). Now, with ASPM, Palo Alto Networks extends this vision toward comprehensive security posture management for applications.
Designed for AI and the rapid pace of modern development
In a landscape where software creation is accelerated by AI-driven tools such as code generators, the ability to incorporate security from design through delivery is more critical than ever.
According to IDC analyst Katie Norton, “Risks reaching production remain a significant challenge. By connecting application security with the real threat landscape, Cortex Cloud ASPM enables organizations to respond faster and operate more efficiently.”
Currently, Cortex Cloud ASPM is in early access, with general availability expected in the second half of 2025.
Frequently Asked Questions (FAQ)
What is Cortex Cloud ASPM from Palo Alto Networks?
It’s a new module within the Cortex platform that manages application security posture (ASPM) with a prevention-focused approach, enabling risks to be blocked before code reaches production.
How does it differ from other application security solutions?
Unlike tools that only detect vulnerabilities, Cortex Cloud ASPM automatically blocks them before deployment by integrating code, cloud environment, and business data to make intelligent decisions.
Do I need to change my current development tools to use it?
No. Thanks to its open ecosystem, it’s compatible with popular code scanners like GitLab, Snyk, Veracode, Checkmarx, and others, without requiring changes to workflows or replacing tools.
What benefits does it offer development and security teams?
It accelerates the identification and resolution of real issues, reduces false positives, automates manual tasks, and helps deliver more secure software faster while maintaining team agility.