topic Re: Detection of AI Agent Run Time via XDR in General Topics

Detection of AI Agent Run Time via XDR

D.Ciftci — Thu, 19 Mar 2026 09:44:23 GMT

Hi everyone,

I’m curious about XDR’s capability to detect AI agent runtime activity. My understanding is that XDR is quite effective at identifying post-incident artifacts, C2 IPs, and similar indicators.

is it also possible to detect AI agent runtime behavior?

Re: Detection of AI Agent Run Time via XDR

Vinothkumar_SBA — Thu, 19 Mar 2026 11:33:49 GMT

Hello @D.Ciftci

YES, Cortex XDR is capable of detecting AI agent runtime behavior in addition to identifying post-incident artifacts.

The platform uses AI, behavioral analytics, and machine learning to monitor endpoint, network, and cloud activity in real time, allowing it to uncover evasive threats. It provides behavioral threat protection by tracking malicious event chains and anomalies, such as fileless attacks or unexpected process behavior, that might result from AI agents.

With its agentic AI recognition in Cortex XDR 5.0, the system can identify when AI tools act autonomously inappropriately or maliciously. Runtime analysis and causality chain reconstruction enable XDR to detect malicious child processes spawned by legitimate applications, such as automation scripts or browsers. Additionally, user and entity behavior analytics (UEBA) profiles normal behavior to detect deviations that may indicate AI activity or compromise.

While XDR excels at identifying post-incident artifacts like C2 IPs, its focus on behavioral analytics and real-time monitoring allows it to detect and prevent active threats at runtime rather than relying solely on file signatures.

Cortex XDR 5.0 Release Notes & Features (includes AI-driven threat detection updates) - https://www.paloaltonetworks.com/blog/security-operations/introducing-cortex-xdr-5-0-the-new-standard-for-endpoint-security/

Please help out other users and “Accept as Solution” if a post helps solve your problem !

Re: Detection of AI Agent Run Time via XDR

kiwi — Thu, 19 Mar 2026 11:37:31 GMT

Hi @D.Ciftci ,

The short answer is yes—XDR can definitely catch an AI agent in the act, but it isn’t actually looking for "AI" itself. Instead, it’s watching for the weird, hyper-active behavior that these agents tend to have when they're running.

Since most AI agents usually run inside something like a Python interpreter, XDR keeps a close eye on that "parent" process. If it suddenly starts acting like a frantic human—spawning a bunch of command shells, running network scanners, or poking at random system files—it triggers an alert. Because an agent can "hallucinate" or just try things a lot faster than a person can type, that high-speed iteration is a huge red flag for a behavioral threshold.

It also catches agents trying to "live off the land." If an agent decides it needs to find credentials to finish a task and starts grepping through your .ssh folders or trying to read your Chrome password database, XDR sees that as "Credential Access" behavior. It doesn't care if a human or a bot typed the command; the action itself is shady.

Even if the agent is being sneaky and generating code on the fly in memory to avoid leaving files on the disk, modern XDR can intercept those scripts right at the moment they execute.

XDR watches the "heartbeat" of the agent. If a computer that usually stays quiet suddenly starts chatting constantly with an LLM provider like OpenAI and follows that up with a bunch of internal "discovery" traffic, the XDR engine connects those dots as one single suspicious chain of events.

Cheers

Re: Detection of AI Agent Run Time via XDR

D.Ciftci — Thu, 19 Mar 2026 20:10:01 GMT

Thanks for the reply. I am more referring to runtime telemetry as mentioned here (The OWASP Agentic Top 10). The scenarios you are referring mostly related post incident activity.

Re: Detection of AI Agent Run Time via XDR

lawyu98 — Thu, 19 Mar 2026 23:58:44 GMT

Thanks for sharing, I am wondering does Cortex XDR relies on the upload of the relevant telemetries from managed endpoints to detect or the detections are done at endpoint level (possibly through installed agent on endpoints)?