Advertisement

Palo Alto Networks to acquire CyberArk for $25 billion

The deal is a further example of tech market consolidation and positioning to guard against threats to enterprise AI systems.
Listen to this article
0:00
Learn more. This feature uses an automated voice, which may result in occasional errors in pronunciation, tone, or sentiment.
(Photo illustration by Cheng Xin/Getty Images)

Palo Alto Networks has agreed to acquire identity security firm CyberArk for approximately $25 billion, marking the cybersecurity giant’s largest acquisition and its formal entry into the identity security market as the industry continues consolidating amid rising cyber threats.

The transaction ranks among the largest technology acquisitions this year and underscores the market’s focus on identity security in an era of increasing artificial intelligence adoption.

CyberArk, founded over two decades ago, specializes in privileged access management technology that helps organizations control and monitor access to critical systems and accounts. The company’s customers include major corporations such as Carnival Corp., Panasonic, and Aflac. Its technology addresses what security experts consider one of the most vulnerable aspects of enterprise security: managing privileged credentials for both human users and machine identities.

The acquisition comes as cybersecurity companies face pressure to offer comprehensive solutions rather than point products, with customers seeking to streamline their vendor relationships following high-profile breaches. Recent cyberattacks, including Microsoft’s SharePoint vulnerabilities that affected over 100 organizations including U.S. government agencies, have heightened focus on identity protection and privileged access management.

Advertisement

For Palo Alto Networks, the acquisition represents a strategic expansion beyond its traditional network security roots. The company has evolved from a next-generation firewall provider into a multi-platform cybersecurity leader, and identity security represents what CEO Nikesh Arora describes as an inflection point in the market.

“The rise of AI and the explosion of machine identities have made it clear that the future of security must be built on the vision that every identity requires the right level of privilege controls,” Arora stated in a release.

The timing reflects broader industry dynamics driven by artificial intelligence adoption. As organizations deploy autonomous AI agents and systems, these technologies require sophisticated privileged access controls similar to human users, but at machine scale. The combined companies position themselves to address what they term “agentic AI” security, applying just-in-time access and least privilege principles to AI systems.

Industry analysts view the acquisition as addressing a gap in Palo Alto Networks’ portfolio while potentially accelerating growth in areas where the company has seen some deceleration. 

“Over the past several years, Palo Alto Networks has been on a mission to become a huge platform player in the security market,” said Allie Mellen, a principal analyst with Forrester. “Given its product portfolio as it stands today, identity security capabilities are a missing piece of that puzzle. This acquisition rounds out its approach, given its existing cloud, network, and endpoint security products.” 

Advertisement

The transaction follows other major cybersecurity consolidations, including Google’s $32 billion acquisition of Israeli startup Wiz earlier this year. This consolidation trend reflects customer preferences for integrated security platforms over managing multiple specialized vendors, particularly as cyber threats have grown more sophisticated and frequent.

Both companies’ boards have unanimously approved the transaction, which remains subject to regulatory clearances and CyberArk shareholder approval. The deal is expected to close during the second half of Palo Alto Networks’ fiscal 2026.

Greg Otto

Written by Greg Otto

Greg Otto is Editor-in-Chief of CyberScoop, overseeing all editorial content for the website. Greg has led cybersecurity coverage that has won various awards, including accolades from the Society of Professional Journalists and the American Society of Business Publication Editors. Prior to joining Scoop News Group, Greg worked for the Washington Business Journal, U.S. News & World Report and WTOP Radio. He has a degree in broadcast journalism from Temple University.

Latest Podcasts