Two years ago I did my first deep dive on Palo Alto Networks and their stated goal of consolidating as much as possible of the cybersecurity market on their platform. The journey since then has taken some surprising turns, to say the least. On one hand, they've made significant strides towards realizing that vision.

Palo Alto Networks today is clearly one of the most successful cybersecurity companies operating in the space. If CrowdStrike did not exist, they would've been considered the defining security company of the AI pivot.

This is not the present that we live in, however.

The key takeaway

For tech sales and industry operators: Palo Alto Networks is making a classic "definite pessimist" move: they don't believe they can invent the future of security internally, so they're buying every possible outcome that might lead them to "the platform." The problem with this approach is that they are making too many leveraged bets at a time when execution risk is at its highest. The perceived weakness externally seems to be playing out on the inside as well, with restless teams, political games and overall negative sentiment. The platformization story clearly resonates with the largest enterprises signing $40-50M deals, but for the vast majority of PANW's field organization, that story is a pitch deck, not the reality on the ground. If you will drive a key account for Palo Alto Networks, your experience will likely be a positive one. The unfortunate reality is that this opportunity today is mostly reserved for the top 5% of accounts and several significant bets need to pay off in order for it to expand. Many seem to doubt this actually happening.

For investors and founders: The PANW thesis requires you to believe in three simultaneous outcomes: that platformization drives enough upsell to justify the acquisition costs, that the CyberArk integration goes smoothly despite the high execution and technical risk, and that Chronosphere can pivot from struggling pure play observability to integrated security analytics without losing its existing customer base. The 119% net retention among platformized customers looks bulletproof in a stable environment, but those $50M+ commitments also carry the most renegotiation leverage if CISO budgets tighten, and PANW's revenue concentration in top accounts cuts both ways. The bigger problem is obsolescence risk. The Anthropic AppSec announcement that triggered this week's selloff is a preview of what happens when AI native companies start building security capabilities from the ground up rather than bolting them onto legacy architectures. Many categories that were previously bought as "best in class" point solutions are quickly becoming expected features, and rather than rebuilding the platform of the future from first principles, PANW's technology is starting to look like the patchwork of poorly integrated tools it was meant to replace. Whoever executes on those problems from scratch has a legitimate shot at defining the next era of enterprise security.

Platforms in the age of AI

Nikesh Arora: We delivered a strong Q2 fueled by robust demand for cybersecurity and continued execution against our platformization strategy. This led to strong organic results in Q2 with NGS ARR up 28% and revenue growth of 15%, excluding the impact of recently closed Chronosphere. We saw broad-based strength across our products from SASE, software firewalls and XSIAM to our emerging leadership in AI security with Prisma AIRS. We paired this growth with improving profitability, achieving a 30% plus operating margin for the third consecutive quarter.

We're excited to head into the second half of the year, having closed both the CyberArk and Chronosphere acquisitions, and I want to extend a warm welcome to both teams. Both companies continue to deliver record numbers in their most recent quarters, and we look forward to building on the momentum as we hit the ground running on our integration plans. These investments are a direct response to the inflections we see taking shape in the market. And while it's still early, the initial feedback from our customers has been very encouraging. We believe we're now entering the next phase of AI adoption.

Large enterprises are moving beyond experimentation and beginning to integrate foundational models into real workflows. As AI becomes embedded in day-to-day work, the central question that organizations face is shifting from capability to control. That shift has meaningful implications on security.

As AI becomes more pervasive across the enterprise, it expands the attack surface area, more agents, more infrastructure, more machine-to-machine activity and new classes of risk that simply did not exist before. In that environment, security cannot sit on the sidelines. Despite the current sentiment about AI and software, we firmly believe that security is enabling layer that allows innovation to move forward safely and at scale.

And as AI agents become autonomous employees, the old security playbook is not just slow, it's obsolete. Security must operate in real-time at the critical control points where decisions are made across network, endpoint, cloud, browser and identity. This is where Palo Alto Networks operates. And as AI becomes more embedded across the enterprise, those control points are converging.

A fragmented defense of disparate products is no longer a viable strategy. The risk is simply too high when adversaries are moving at machine speed. Our latest Unit 42 research confirms this, end-to-end attacks are now 4 times faster than a year ago, and in nearly a quarter of the cases attackers were able to break in and exfiltrate data in under an hour.

The good news is that 90% of those breaches were preventable, caused by basic gaps in visibility and controls across multiple attack vectors. This is why we committed to our platformization strategy a few years ago.

A platformized approach built on a real-time data-driven model that gets smarter with scale is the only way to secure the modern enterprise, and our results continue to prove that out. In Q2, we delivered approximately 110 net new platformizations, a quarterly record outside of our seasonally strong Q4.

This brings our total platformizations count approximately 1,550, up 35%. The success of this strategy is also reflected in our best-in-class net retention rate amongst platformized customers, which stands at 119% with lowsingle digit churn. This proves that once customers adopt our platform, they not only stay but continue to invest more with us over time.

Unit 42 is PANW's managed security service that is used as an escalation point when companies need to contain significant breaches. Interestingly enough, according to their annual report, the majority of incidents are indeed correlated to identity breaches, which often go undetected due to a fragmented tool landscape; this has been the case for the last 5 years.

Coming back to Nikesh, I think that while he's been very directionally correct on platformization as an approach (before AI became the topic that it is today), the actual execution of the strategy poses some obvious technical challenges. The playing around here on "35% growth of platformizations" while landing at 15% YoY growth in actual dollar value is revealing.

Nikesh Arora: This momentum isn't accidental, it is a result of a deliberate flywheel motion we built. When we committed to our platformization strategy years ago, we're betting on a shift that has now become an industry standard. This approach allows us to not only solve today's problems, but also provides the foundation to address new ones as they emerge. It starts by providing multiple clear landing paths.

In network security, customers can begin with SASE, hardware or software firewalls, and now AI security with Prisma AIRS. In the SOC, they can rely on our Cortex platform via XDR, cloud security or directly onto XSIAM, from any starting point customer experience, the superior outcomes of an integrated platform which leads them to adopt more deeply across our ecosystem.

In a market changing this quickly, we believe our responsibility is to anticipate the next inflection and ensure our platform is ready. That philosophy guides our strategic investments, and the results give us the confidence to continue.

Our secure browser for example, was one such early investment that is now accelerating our SASE business with over 9 million licenses sold to-date. Similarly, in AI security, Prisma AIRS launched just a few quarters ago and already rapidly scaling with over 100 customers ending in Q2. This is the discipline we now plan to apply for the two large established markets poised for inflection, identity and observability.

If AI becomes a new interface for how work gets done, identity security will be required to create the permissions and boundaries that teams can trust. And as AI introduces unprecedented scale, observability is essential for building resilient systems that can operate reliably.

By bringing our platformization discipline to these new pillars, we believe we can deliver even greater value to our customers and solidify our role as a trusted partner to navigate the complex security and data challenges of AI era.

Most of the narrative around PANW currently is quite reliant on how they are positioning acquisitions, rather than internal innovation. This is typically a bit of a red flag, although in the case of Nikesh, he has a strong track record of integrating not just the company, but the actual team and senior leadership within his existing org structure. While CyberArk is an obvious acquisition that allows them to acquire an emerging market leader and a significant install base, with Chronosphere things are a little bit more shaky. The company was struggling to navigate the observability market and was one of the few players trying to make it as a pure-play vendor, at a time when many of those companies have established strong footholds in security analytics (Splunk, Datadog, Elastic).