* [Blog](https://www2.paloaltonetworks.com/blog) * [Security Operations](https://www2.paloaltonetworks.com/blog/security-operations/) * [AI and Cybersecurity](https://www2.paloaltonetworks.com/blog/security-operations/category/ai-and-cybersecurity/) * What's New for Cortex (Ju... # What's New for Cortex (July '25) [](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2Fsecurity-operations%2Fwhats-new-for-cortex-july-25%2F) [](https://twitter.com/share?text=What%E2%80%99s+New+for+Cortex+%28July+%E2%80%9825%29&url=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2Fsecurity-operations%2Fwhats-new-for-cortex-july-25%2F) [](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2Fsecurity-operations%2Fwhats-new-for-cortex-july-25%2F&title=What%E2%80%99s+New+for+Cortex+%28July+%E2%80%9825%29&summary=&source=) [](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://www2.paloaltonetworks.com/blog/security-operations/whats-new-for-cortex-july-25/&ts=markdown) \[\](mailto:?subject=What’s New for Cortex (July ‘25)) Link copied By [Scott Simkin](https://www.paloaltonetworks.com/blog/author/scott-simkin/?ts=markdown "Posts by Scott Simkin") Jul 24, 2025 6 minutes [AI and Cybersecurity](https://www.paloaltonetworks.com/blog/security-operations/category/ai-and-cybersecurity/?ts=markdown) [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown) [Product Features](https://www.paloaltonetworks.com/blog/security-operations/category/product-features/?ts=markdown) [Cortex Cloud](https://www.paloaltonetworks.com/blog/tag/cortex-cloud/?ts=markdown) [Cortex Email Security Module](https://www.paloaltonetworks.com/blog/tag/cortex-email-security-module/?ts=markdown) [Cortex XSIAM](https://www.paloaltonetworks.com/blog/tag/cortex-xsiam/?ts=markdown) [Vulnerability Management](https://www.paloaltonetworks.com/blog/tag/vulnerability-management/?ts=markdown) ## Delivering Proactive Security with the Latest Updates in Cortex (July '25 Release) Adversaries are using AI to move at machine speed. With our latest updates, we're giving defenders the firepower to stop AI-fueled attacks with new innovations across the entire Cortex portfolio. These updates reflect a clear focus: harnessing AI to deliver more proactive security, expand visibility across every environment, and streamline workflows so security teams can move faster and stop threats with confidence. Let's dive into the key innovations. ## [**Cortex XSIAM 3.2**](https://docs-cortex.paloaltonetworks.com/r/Cortex-XSIAM/Cortex-XSIAM-3.1-Release-Notes/Cortex-XSIAM-Release-Information)**: The AI-Powered SOC Gets Smarter** This release expands on the industry-leading capabilities of our #1 SecOps platform with new **AI-powered Exposure Management and Email Security add-on modules** and **streamlined operational workflows**. ### **Proactive, AI-driven Exposure Management** XSIAM's leading protection capabilities are expanding to give you an edge against even more threats. Our **AI-powered Exposure Management** reduces alert fatigue by cutting vulnerability noise by up to 99%, prioritizing critical risks and automating remediation across your entire enterprise. This allows you to prioritize critical Common Vulnerabilities and Exposures (CVEs) and automate remediation across your entire enterprise, ensuring that efforts are focused on the vulnerabilities that truly matter. To learn more, visit our [deep-dive blog](https://www.paloaltonetworks.com/blog/security-operations/disrupting-legacy-vulnerability-management/). ![Product screen of the new Exposure Management Command Center, showing security data from multiple sources being scanned to highlight critical risks.](https://www.paloaltonetworks.com/blog/wp-content/uploads/2025/07/word-image-342104-1.png) New Exposure Management Command Center ### **AI-Powered Advanced Email Security** We're introducing a new Cortex **Advanced Email Security** add-on module, which leverages the full power of the Cortex platform to go beyond email-centric protection. It uses advanced AI, including large language models (LLMs) and behavioral analytics, to understand true email intent and detect even the most advanced phishing and business email compromise (BEC) attacks. By correlating email threat data with identity, endpoint, and network telemetry, you'll receive insights into everything from trending attack vectors to Automation Recommendations. Learn more about this release from our [deep-dive blog](https://www.paloaltonetworks.com/blog/security-operations/cortex-advanced-email-security-built-for-todays-ai-threats/). ![Product screen of the new New Advanced Email Security dashboard showing trending email attack vectors and employees who are at a higher risk of falling victim to phishing.](https://www.paloaltonetworks.com/blog/wp-content/uploads/2025/07/word-image-342104-2.png) New Advanced Email Security Trending Attack Vectors Dashboard ### **Improved Collaboration and Control** Cortex XSIAM 3.2 introduces new features that foster better teamwork and give you more granular control over your security environment. **Ticket Synchronization** integrates with systems like Jira and ServiceNow, improving coordination between security and development teams. **Scope-Based Access Control (SBAC)** lets you enforce corporate policies by precisely defining which users can access specific assets and what actions they can perform. And **Streamlined Automation** now allows you to exclude specific assets from workflows, giving you more precise control over remediation. ![Product screen of the Scope-Based Access Control (SBAC) workflow, showing how access control can be automatically applied based on various factors including assets, cases, or endpoints.](https://www.paloaltonetworks.com/blog/wp-content/uploads/2025/07/word-image-342104-3.png) Scope-Based Access Control (SBAC) ### **Enhanced Integration and Visibility** We're making it easier to connect your security ecosystem and gain deeper insights. The **Generic Webhook Integration** simplifies ingesting external data without needing custom APIs. And with **Enhanced Analytics Insights**, you can now view the full detection logic behind all analytics and behavioral indicators of compromise (BIOCs) directly in the console, giving you immediate clarity on why alerts were triggered. ![Product screen of the Enhanced Analytics Insights dashboard showing the full detection logic behind all analytics and behavioral indicators of compromise (BIOCs).](https://www.paloaltonetworks.com/blog/wp-content/uploads/2025/07/word-image-342104-4.png) Enhanced Analytics Insights Dashboard ### **ASM for XSIAM: Proactive External Risk Discovery and Investigation** New features in the ASM module for XSIAM help you proactively defend against external threats and accelerate investigations. **Digital Risk Protection** uncovers risks beyond your traditional assets, such as leaked credentials and brand impersonation on the open internet. To speed up response, the **Global Lookup** feature provides instant threat intelligence on any IP or domain, empowering your team to make faster, more informed security decisions. ***Note:*** *Cortex XSIAM 3.2 includes all features released in Cortex XDR 4.2. Customers on XSIAM 2.7 will receive upgrade guidance in the coming weeks.* ## [**Cortex XDR 3.15**](https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR/Cortex-XDR-Release-Notes/Release-Information)**/** [**4.2**](https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR/Cortex-XDR-4.1-Release-Notes/Release-Information)**: Smarter AI, Stronger Endpoint Protection, and Enhanced Control** This release delivers significant advancements in **AI-driven threat prevention** , expands **endpoint security capabilities across operating systems** , and offers more **flexible control over your security environment**. ### **Deeper Endpoint Security Across All OS** This update brings enhanced protection to the core of your endpoints, no matter the operating system. We're now providing **Kernel Module Examination for Linux** , allowing us to detect and prevent sophisticated attacks by scanning kernel modules at load time. For Windows, we've strengthened our defense with **Enhanced Driver Threat Prevention** , offering unique visibility into user-to-kernel interactions to block privilege escalation. And for macOS, **Network Packet Inspection** enhances security and EDR telemetry by detecting and preventing malicious network activity directly from the endpoint. ![Product screen of the Kernel Module Examination in Linux dashboard, showing detections of potential threats and options to take action on each alert.](https://www.paloaltonetworks.com/blog/wp-content/uploads/2025/07/word-image-342104-5.png) Kernel Module Examination in Linux ### **Granular Control and Streamlined Operations** We're giving you more flexibility and control over your security infrastructure. With **Flexible Control over Automatic Agent Upgrades**, you can now set specific upgrade schedules for each endpoint profile. This ensures a safer, more efficient upgrade workflow that minimizes disruption while keeping your security consistently up-to-date. ## [**Cortex XSOAR 8.11**](https://docs-cortex.paloaltonetworks.com/r/Cortex-XSOAR/Cortex-XSOAR-Releases/Cortex-XSOAR-Releases)**: Streamlined Automation and Integration** Cortex XSOAR 8.11 enhances your experience by focusing on streamlined automation and expanded connectivity. New features help you work faster and smarter, with **advanced search capabilities** allowing you to quickly find and reuse existing playbooks and scripts to save time. To ensure your most critical security automations run without a hitch, you can now **clear incident queues** to prevent bottlenecks. Furthermore, it's now easier than ever to bring in external data through a **new generic webhook**, allowing you to connect a wider range of services to XSOAR and get a more complete view of your security posture, even without a formal API integration. ## [**Cortex Xpanse 2.10**](https://docs-cortex.paloaltonetworks.com/r/GsMvg2DJtyDyRi3RXc~HGg/root)**: Broader Attack Surface Coverage** The latest Xpanse release expands attack surface testing and detection capabilities to give you a more comprehensive view of your external attack surface. ### **Comprehensive Attack Surface Visibility and Response** The latest Cortex Xpanse release delivers value by focusing on expanded threat detection and more decisive risk management. This update significantly enhances your ability to find and stop attacks with **new detection rules** that proactively identify applications leaking credentials. It also broadens visibility into active threats that are already inside your network, such as ransomware and web shells. To help you prioritize what matters most and save valuable time, you can now instantly see confirmed exploits for emerging vulnerabilities within a single **unified view in the Threat Response Center** . This streamlined insight is complemented by **new bulk action capabilities**, allowing your team to manage alerts and assets more efficiently. ![Product screen of the unified view of attack surface threats in the Threat Response Center of Cortex Xpanse. It shows confirmed exploits for emerging vulnerabilities within a single unified view in the Threat Response Center. This streamlined insight is complemented by new bulk action capabilities, allowing your team to manage alerts and assets more efficiently](https://www.paloaltonetworks.com/blog/wp-content/uploads/2025/07/word-image-342104-6.png) Unified View of AST in the Threat Response Center These are just the highlights from a feature-packed month. The July 2025 releases demonstrate a clear commitment to providing a more integrated, intelligent, and proactive security strategy. For a detailed breakdown of these enhancements, please refer to the [full release notes](https://docs-cortex.paloaltonetworks.com/). To learn more about these and other innovations, visit the [Cortex portfolio](https://www.paloaltonetworks.com/cortex). *** ** * ** *** ## Related Blogs ### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [News and Events](https://www.paloaltonetworks.com/blog/security-operations/category/news-and-events/?ts=markdown), [Product Features](https://www.paloaltonetworks.com/blog/security-operations/category/product-features/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown) [#### Introducing XSIAM 3.0](https://www2.paloaltonetworks.com/blog/2025/04/introducing-cortex-xsiam-3-dot-0/) ### [AI and Cybersecurity](https://www.paloaltonetworks.com/blog/security-operations/category/ai-and-cybersecurity/?ts=markdown), [Automation of the Week](https://www.paloaltonetworks.com/blog/security-operations/category/automation-of-the-week/?ts=markdown), [Product Features](https://www.paloaltonetworks.com/blog/security-operations/category/product-features/?ts=markdown), [Uncategorized](https://www.paloaltonetworks.com/blog/category/uncategorized/?ts=markdown) [#### A Day in the Life with Your AgentiX Automation Engineer Agent](https://www2.paloaltonetworks.com/blog/security-operations/a-day-in-the-life-with-your-agentix-automation-engineer-agent/) ### [Product Features](https://www.paloaltonetworks.com/blog/security-operations/category/product-features/?ts=markdown), [Uncategorized](https://www.paloaltonetworks.com/blog/category/uncategorized/?ts=markdown) [#### Beyond the Cloud Dashboard: Exposure Management Requires Full-Scope Visibility and Real Action](https://www2.paloaltonetworks.com/blog/security-operations/beyond-the-cloud-dashboard-exposure-management-requires-full-scope-visibility-and-real-action/) ### [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [Product Features](https://www.paloaltonetworks.com/blog/security-operations/category/product-features/?ts=markdown), [Uncategorized](https://www.paloaltonetworks.com/blog/category/uncategorized/?ts=markdown) [#### Breaking Down Security Silos: How XDL Powers Advanced Threat Operations](https://www2.paloaltonetworks.com/blog/security-operations/breaking-down-security-silos-how-xdl-powers-advanced-threat-operations/) ### [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [Product Features](https://www.paloaltonetworks.com/blog/security-operations/category/product-features/?ts=markdown), [Uncategorized](https://www.paloaltonetworks.com/blog/category/uncategorized/?ts=markdown), [Use-Cases](https://www.paloaltonetworks.com/blog/security-operations/category/use-cases/?ts=markdown) [#### Cortex Advanced Email Security -- Built for Today's AI Threats](https://www2.paloaltonetworks.com/blog/security-operations/cortex-advanced-email-security-built-for-todays-ai-threats/) ### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Application Security](https://www.paloaltonetworks.com/blog/cloud-security/category/application-security/?ts=markdown), [Cloud Security](https://www.paloaltonetworks.com/blog/category/cloud-security/?ts=markdown), [CNAPP](https://www.paloaltonetworks.com/blog/cloud-security/category/cnapp/?ts=markdown), [News and Events](https://www.paloaltonetworks.com/blog/security-operations/category/news-and-events/?ts=markdown), [Product Features](https://www.paloaltonetworks.com/blog/security-operations/category/product-features/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown) [#### Introducing Cortex Cloud --- The Future of Real-Time Cloud Security](https://www2.paloaltonetworks.com/blog/2025/02/announcing-innovations-cortex-cloud/) ### Subscribe to Security Operations Blogs! Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more. ![spinner](https://www2.paloaltonetworks.com/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up Please enter a valid email. By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder. This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply. {#footer} {#footer} ## Products and Services * [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown) * [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown) * [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown) * [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown) * [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown) * [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown) * [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown) * [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown) * [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown) * [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown) * [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) * [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown) * [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown) * [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown) * [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown) * [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown) * [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown) * [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown) * [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown) * [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown) * [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown) * [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown) * [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown) * [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown) * [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown) * [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) * [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown) * [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown) * [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown) * [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown) * [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown) * [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown) * [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown) * [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown) * [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown) * [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown) * [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown) * [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown) * [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown) * [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown) * [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown) ## Company * [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown) * [Careers](https://jobs.paloaltonetworks.com/en/) * [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown) * [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown) * [Customers](https://www.paloaltonetworks.com/customers?ts=markdown) * [Investor Relations](https://investors.paloaltonetworks.com/) * [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown) * [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown) ## Popular Links * [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown) * [Communities](https://www.paloaltonetworks.com/communities?ts=markdown) * [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown) * [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown) * [Event Center](https://events.paloaltonetworks.com/) * [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center) * [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown) * [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown) * [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown) * [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown) * [Tech Docs](https://docs.paloaltonetworks.com/) * [Unit 42](https://unit42.paloaltonetworks.com/) * [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd) ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg) * [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown) * [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown) * [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) * [Documents](https://www.paloaltonetworks.com/legal?ts=markdown) Copyright © 2026 Palo Alto Networks. All Rights Reserved * [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks) * [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown) * [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/) * [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks) * [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks) * EN Select your language