* [Blog](https://www2.paloaltonetworks.com/blog)
* [Palo Alto Networks](https://www2.paloaltonetworks.com/blog/corporate/)
* [Announcement](https://www2.paloaltonetworks.com/blog/category/announcement/)
* Cortex Leads New Ways to ...

# Cortex Leads New Ways to Introduce AI-powered Capabilities

[](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2F2023%2F06%2Fa-new-wave-of-ai-powered-capabilities%2F)  
[](https://twitter.com/share?text=Cortex+Leads+New+Ways+to+Introduce+AI-powered+Capabilities&url=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2F2023%2F06%2Fa-new-wave-of-ai-powered-capabilities%2F)  
[](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2F2023%2F06%2Fa-new-wave-of-ai-powered-capabilities%2F&title=Cortex+Leads+New+Ways+to+Introduce+AI-powered+Capabilities&summary=&source=)  
[](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://www2.paloaltonetworks.com/blog/2023/06/a-new-wave-of-ai-powered-capabilities/&ts=markdown)  
\[\](mailto:?subject=Cortex Leads New Ways to Introduce AI-powered Capabilities)  
Link copied  
By [Gonen Fink](https://www.paloaltonetworks.com/blog/author/gonen-fink/?ts=markdown "Posts by Gonen Fink")  
Jun 26, 2023  
6 minutes  
[Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown)  
[Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown)  
[Cortex XDR](https://www.paloaltonetworks.com/blog/tag/cortex-xdr/?ts=markdown)  
[Cortex XSOAR](https://www.paloaltonetworks.com/blog/tag/cortex-xsoar/?ts=markdown)  
[Expander](https://www.paloaltonetworks.com/blog/tag/expander/?ts=markdown)  
[what's next with cortex](https://www.paloaltonetworks.com/blog/tag/whats-next-with-cortex/?ts=markdown)  
[XSIAM](https://www.paloaltonetworks.com/blog/tag/xsiam/?ts=markdown)

With AI and machine-learning at the forefront of innovation for Palo Alto Networks and Cortex, we are continuously finding new ways to [improve and advance the modern SOC](https://www.paloaltonetworks.com/blog/2023/03/whats-next-in-cortex/) to revolutionize security operations. Today, we are proud to announce that Palo Alto Networks is introducing new AI-based active attack surface management capabilities within Cortex Xpanse in Expander 2.2, as well as continuous refinement of the latest releases for our Cortex XSIAM 1.5, XDR 3.7 and XSOAR 8.3 solutions.

This launch further expands the advanced capabilities of the entire Cortex Portfolio when it comes to AI and machine-learning capabilities. The latest features found in [Expander 2.2](#post-296884-_77j58vce3ar8) will help organizations better prioritize and remediate attack surface risks by utilizing real-world intelligence and AI-assisted workflows. Organizations can now effectively manage and shrink their overall attack surface by proactively identifying and responding to internet emergencies and detecting vulnerabilities before they become a major threat to an organization. These new active attack surface management capabilities provide security teams with advanced visibility and intelligence that is needed to make informed and powerful remediation decisions quickly and effectively.

XSIAM 1.5, this new release boosts enhanced playbook incident context, as well as more advanced automation capabilities and use cases for playbook development via the Playbook Playground. You can now also leverage the new high-availability cluster for the Broker VM -- a critical data collection component -- or utilize the comprehensive health monitoring of all the data sources you collect, which is available in both XSIAM 1.5 and XDR 3.7.

Learn more about the newest features now available across the Cortex Portfolio below and [**sign up for our newsletter**](http://register.paloaltonetworks.com/cortex-mailing-list-sign-up) to stay up to date on the latest innovations from Cortex.

## **What's Next with Cortex**

#### Cortex XSIAM 1.5

Cortex XSIAM is designed to provide a powerful data-centric foundation for the largest and most advanced environments. As data is a primary element of the Cortex XSIAM strategy, it is critical to ensure that data ingestion is highly reliable and continuously monitored, which is exactly what you're getting with this new [Cortex XSIAM 1.5 release](https://docs-cortex.paloaltonetworks.com/r/Cortex-XSIAM/Cortex-XSIAM-Release-Notes/Cortex-XSIAM-Release-Information).

* **Data Ingestion Health --** Expanded data health offers security engineering visibility into significant health issues. The granular health metrics provide visibility into the data pipeline, as well as out-of-the-box health alerting capabilities. Health alerts are currently in beta.
* \*\*Broker VM High Availability (HA) --\*\*Customers can safeguard their Broker VM deployment by creating HA Clusters that provide redundancy of specified Broker VM components in one or more clusters.
* \*\*Playbook Incident Context --\*\*This enhances the investigation and response process, and improves incident management with cross-alert, playbook decision-making. This new feature offers to run playbooks on alerts while accessing incident-level information.
* \*\*Playbook Playground --\*\*Allows easier playbook development without impacting production environments by running a playbook in a sandbox environment.
* \*\*Multi-Tenancy --\*\*This supports multi-tenancy through a new parent-child deployment option to address the unique requirements of distributed organizations with multiple Cortex XSIAM tenants.

#### Cortex XDR 3.7

The latest [Cortex XDR 3.7 release](https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR/Cortex-XDR-Release-Notes) delivers new features and enhancements, including improved identity threat visibility, enhanced built-in automation tools, and bolstered endpoint protection. These new features will make it easier than ever to manage forensic investigations while reducing operational overhead. Additionally, you can now ensure streamlined Broker operations using high-availability architecture.

* **eXtended Threat Hunting (XTH) Module** **--** Delivers analytics-driven detection capabilities that empower security teams to prevent threats faster and detect effectively with more precision.
* **Broker VM High Availability (HA) Cluster** **--** Customers can safeguard their Broker VM service by creating HA Clusters that provide redundancy of specified Broker VM components in one or more clusters.
* **Identity Threat Module (ITDR) Enhancements** **--** Customers can broaden their ITDR investigative capabilities with added asset and role exposure.
* **Simplified Automation Enhancements** **--** Expands simple automation actions with forensic-related actions and configurable thresholds of additional response.
* **New Security Module for IIS Protections** **--** Improve customers' detection and protection coverage capabilities with the new module for early detection of threats targeting IIS-based applications.

#### Cortex XSOAR 8.3

The new Cortex [XSOAR 8](https://www.paloaltonetworks.com/blog/security-operations/xsoar-8-re-architected-for-performance-scalability-and-reliability/) delivers all the rich automation capabilities of XSOAR, but with new and improved performance and user experience, plus cloud-native support for SaaS deployments. This latest 8.3 release is focused around enhancing the new platform, which is also relevant to other Cortex products.

* **New Platform level enhancements**-- Enhanced role-based access control (RBAC), user-group management and incident navigation.
* **Content Pack enhancements** - Simplify and enhance existing packs focusing on Palo Alto Networks product integrations with XSOAR, XSIAM and ITDR playbooks.
* **XSOAR 8 migration**- Continued focus on migration of hosted customers to XSOAR 8 SaaS, with new licensing options for SaaS customers.

#### Cortex Xpanse --- Expander 2.2

In the new [Expander 2.2 release](https://docs-cortex.paloaltonetworks.com/r/Cortex-XPANSE/Cortex-Xpanse-Expander-Release-Notes), we've improved our active-risk prioritization features from our 2.1 release by adding in a new Cortex Xpanse Threat Response Center, which will allow teams to learn about the latest threats and identify the organization's public-facing exposures. It will also help security teams manage and proactively resolve risks. Additionally, we've added several powerful augmentation features that automatically enrich an incident to aid analysts in the investigation and provide faster response using our newly advanced AI-powered incident investigation capabilities and playbooks.

* **Threat Response Center** **--** Improves zero-day response and prioritizes exposures that matter, using Risk Scoring and the Threat Response Center.
* **Incident Risk Scoring** **--** Security teams can now use adaptive risk scores based on threat, and exploit intelligence to better prioritize and focus efforts on the exposures most likely to be attacked.
* **Security Rating Dashboard** **--** Organizations can assess their security health and hygiene, track risk trends over time, compare their ratings with industry peers and reduce cyber insurance premiums.
* **AI-Powered Exposure Resolution** **--** Improves attack surface remediation using AI-powered playbooks, including the new Remediation Path Rules, Onboarding Configuration Wizard and Active Response Content.
* **Business Unit Management** **--** Organizations can exert more control over their distributed attack surface by transferring assets between business units.
* **Integration with Prisma Cloud --** Reduces the cloud attack surface by gaining visibility into unknown and unmanaged cloud assets, using Prisma Cloud for comprehensive cloud security and central policy enforcement.

Register for our [**Cortex** **Xpanse Webinar,**](http://register.paloaltonetworks.com/risk-curated-xpanse-launch-event)**"Risk, Curated: Dynamically prioritize attack surface risks with the latest Xpanse" on August 30th, 2023** . Learn more about the new Expander 2.1 and 2.2 features, as well as an inside look at the latest **2023 ASM Threat Report**.

*** ** * ** ***

## Related Blogs

### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [News and Events](https://www.paloaltonetworks.com/blog/security-operations/category/news-and-events/?ts=markdown), [Product Features](https://www.paloaltonetworks.com/blog/security-operations/category/product-features/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown)

[#### What's Next with Cortex](https://www2.paloaltonetworks.com/blog/2023/03/whats-next-in-cortex/)

### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Incident Response](https://www.paloaltonetworks.com/blog/category/incident-response/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown), [Threat Prevention](https://www.paloaltonetworks.com/blog/category/threat-prevention-2/?ts=markdown), [Unit 42](https://unit42-dev2.paloaltonetworks.com)

[#### Introducing Unit 42 Managed XSIAM 2.0](https://www2.paloaltonetworks.com/blog/2026/02/introducing-unit-42-managed-xsiam-2-0/)

### [AI Application Security](https://www.paloaltonetworks.com/blog/network-security/category/ai-application-security/?ts=markdown), [AI Governance](https://www.paloaltonetworks.com/blog/category/ai-governance/?ts=markdown), [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Firewall](https://www.paloaltonetworks.com/blog/category/firewall/?ts=markdown), [Next-Generation Firewalls](https://www.paloaltonetworks.com/blog/network-security/category/next-generation-firewalls/?ts=markdown), [Partners](https://www.paloaltonetworks.com/blog/category/partners/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown)

[#### Palo Alto Networks Announces Support for NVIDIA Enterprise AI Factory](https://www2.paloaltonetworks.com/blog/2026/01/support-nvidia-enterprise-ai-factory/)

### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [News and Events](https://www.paloaltonetworks.com/blog/security-operations/category/news-and-events/?ts=markdown), [Product Features](https://www.paloaltonetworks.com/blog/security-operations/category/product-features/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown), [Reports](https://www.paloaltonetworks.com/blog/category/reports/?ts=markdown)

[#### A Leader in the 2025 Gartner Magic Quadrant for EPP --- 3 Years Running](https://www2.paloaltonetworks.com/blog/2025/07/named-a-leader-gartner-magic-quadrant/)

### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [News and Events](https://www.paloaltonetworks.com/blog/security-operations/category/news-and-events/?ts=markdown), [Product Features](https://www.paloaltonetworks.com/blog/security-operations/category/product-features/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown)

[#### Introducing XSIAM 3.0](https://www2.paloaltonetworks.com/blog/2025/04/introducing-cortex-xsiam-3-dot-0/)

### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [News and Events](https://www.paloaltonetworks.com/blog/security-operations/category/news-and-events/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown), [Reports](https://www.paloaltonetworks.com/blog/category/reports/?ts=markdown)

[#### MITRE ATT\&CK Evaluations --- Cortex XDR Among Elite in Endpoint Security](https://www2.paloaltonetworks.com/blog/2025/02/mitre-attck-evaluations-cortex-xdr-among-elite-endpoint-security/)

### Subscribe to the Blog!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.
![spinner](https://www2.paloaltonetworks.com/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up  
Please enter a valid email.  
By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.  
This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply.  
{#footer} {#footer}

## Products and Services

* [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown)

* [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown)

* [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown)

* [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown)

* [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown)

* [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown)

* [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown)

* [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown)

* [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown)

* [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown)

* [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown)

* [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown)

* [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown)

* [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown)

* [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown)

* [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown)

* [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown)

* [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown)

* [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown)

* [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown)

* [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown)

* [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown)

* [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown)

* [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown)

* [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown)

* [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown)

* [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown)

* [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown)

* [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown)

* [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown)

* [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)

* [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown)

* [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown)

* [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown)

* [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown)

* [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown)

* [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown)

## Company

* [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown)
* [Careers](https://jobs.paloaltonetworks.com/en/)
* [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)
* [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown)
* [Customers](https://www.paloaltonetworks.com/customers?ts=markdown)
* [Investor Relations](https://investors.paloaltonetworks.com/)
* [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown)
* [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown)

## Popular Links

* [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown)
* [Communities](https://www.paloaltonetworks.com/communities?ts=markdown)
* [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown)
* [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown)
* [Event Center](https://events.paloaltonetworks.com/)
* [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center)
* [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown)
* [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown)
* [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown)
* [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown)
* [Tech Docs](https://docs.paloaltonetworks.com/)
* [Unit 42](https://unit42.paloaltonetworks.com/)
* [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd)
  ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)
* [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown)
* [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown)
* [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown)
* [Documents](https://www.paloaltonetworks.com/legal?ts=markdown)

Copyright © 2026 Palo Alto Networks. All Rights Reserved

* [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks)
* [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown)
* [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/)
* [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks)
* [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks)
* EN  
  Select your language