CDSS Monthly Newsletter (May 2026)

Cloud-Delivered Security Service: The Monthly Newsletter for Security That Never Sleeps

Welcome to the May edition of the Cloud-Delivered Security Service (CDSS) Newsletter

This month brings powerful momentum across CDSS, from our industry-first AI-powered malware defense integration with Google Cloud to new AI-driven security capabilities that help organizations rapidly assess their exposure to emerging threats. 

We're also expanding protections across DNS, web, network, and cloud environments with new product enhancements, advanced threat detections, and operational efficiencies designed to help security teams stay ahead of increasingly sophisticated AI-powered attacks. Dive in to explore the latest innovations, product updates, and security insights shaping the future of cyber defense.

What’s New In CDSS 

• Palo Alto Networks and GCP Announce the Industry’s Only Integrated, AI-Powered Malware Defense @ GoogleNext ‘26 Cloud NGFW Advanced Malware Sandbox, in preview now, to help defend against highly evasive zero-day threats. This capability is powered by Palo Alto Networks Advanced Wildfire, trained on data from more than 70,000 Palo Alto Networks customers to stop 99% of known and unknown malware.

Security Spotlight of the Month: The Rise of AI-Powered Phishing Attacks

Generative AI is making it easier than ever for cybercriminals to create convincing phishing emails, fake websites, and social engineering campaigns at scale. Attackers can now rapidly generate personalized content that mimics trusted brands, executives, and business communications, making phishing attempts harder for users to identify.

These AI-powered attacks are helping threat actors increase the speed, sophistication, and effectiveness of their campaigns while lowering the technical expertise required to launch them. As a result, organizations are seeing an increasing number of phishing attempts designed to steal credentials, deliver malware, and gain unauthorized access to sensitive systems and data.

What Security Teams Should Do:

• Strengthen defenses across web, DNS, email, and network layers.
• Implement phishing-resistant authentication methods such as MFA.
• Regularly educate employees on emerging phishing techniques.
• Monitor for suspicious domains, impersonation attempts, and malicious downloads.
• Leverage AI-powered security tools to detect and block threats in real time.

As phishing attacks continue to evolve, a layered security strategy remains one of the most effective ways to reduce risk and protect users from increasingly sophisticated threats.

Latest Product Updates Across CDSS Core Subscriptions

PREVIEW Threat Impact Assessment Agent The Impact Assessment Agent in Strata Cloud Manager automates the frantic process of verifying protection against new zero-day threats and ransomware. By mapping Unit 42 intelligence directly to your environment, it replaces manual log searches with instant visibility into your security posture and historical exposure. This AI-driven tool provides 100% confidence in your defenses by identifying configuration gaps and delivering actionable remediation steps.

FedRAMP Moderate: FedRAMP Moderate authorization for ALL of the CDSS Core Subscriptions is complete. Refer to all Palo Alto Networks FedRAMP Authorized services here.

Insights: New SecureIQLab 2026 Advanced Cloud Firewall Public Validation Report 

Palo Alto Networks Leads in Advanced Cloud Firewall Public Validation: Delivered nearly 20% stronger protection than the closest competitor in an independent public evaluation. Topped with a Security Efficacy of 99.07%, and 97% Operational Efficiency. What does this mean for PANW customers? 

• Higher threat detection rates

• Reduced breach risk from advanced attacks

• Better operational efficiency for security teams

• Stronger protection across hybrid and cloud-native environments

Advanced URL Filtering

• We are excited to announce that Advanced Extension Security is launching on May 8th. This new capability gives organizations real-time visibility and control over browser extensions, blocking malicious and risky extensions before they can reach end users. Resources: Review the Blog, YouTube Video

Advanced Wildfire

• In-Line Cloud Analysis to effectively defeat metamorphic malware: Generally Available for Prisma Access 6.1.1 with Explicit Proxy. It supports the scanning of all file types, up to 100MB, ensuring prevention within seconds. Blog
• Inline Prevention support for CMD file type: Advanced WildFire has started supporting inline prevention for malware inside CMD files.
• Codegene: The proprietary Codegene database to automatically identify and fingerprint shared malware logic. By identifying "fingerprints" in malicious code logic reused across malware families, the system automatically deploys high-confidence YARA rules.

Advanced Threat Prevention

• CVE Insights (Early Access) validates ATP threat detections against industry-standard CVEs, thus empowering NetSec Admins to confidently manage CVE risks to their organizations. CVE Insights includes
• Threat Logs enrichment - With Native CVE mapping and CVSS severity 
• A dedicated SCM dashboard - To provide an aggregate view of CVE-exploits detected in the network
• In-product CVE research to validate Palo Alto Networks coverage, & historical indicators

• Competitive third-party validations:
• NSS Labs EFW 2025 – “Recommended” rating.  
• SecureIQ 2025 Command and Control Comparative Report. 

Advanced DNS Security

• Advanced DNS Security Resolver (ADNSR) now supports primary and secondary IPv6 Anycast addresses, processes DNS queries from both IPv4 and IPv6 clients simultaneously, and delivers the same threat detection, sinkholing capabilities, and block page regardless of IP version. Review the Tech Doc
• Advanced DNS Security Resolver (ADNSR) now supports automated syslog events for real-time visibility into license updates, configuration changes, and quota monitoring, enabling seamless SIEM integration for enhanced operational oversight and compliance. Review the Tech Doc
• New Detections:
• Malicious Software Hosting Domains: Detections for domains that mimic legitimate software providers to distribute fake or malicious software)
• Stealthy Redirection to Dangling Domains: Proactively identify and block DNS requests to dangling DNS domains that have been, or could be, repurposed for malicious activities.
• Advanced DNS Security Resolver (ADNSR) for Prisma Access Agent: Extends real-time protection to every Windows and macOS endpoint, regardless of location. Armed with ADNSR, the prisma access agent can now stop zero-day DNS threats even when the tunnel is disconnected: Blog, Tech Doc Tech Doc2

Tips & Best Practices

Tip of the Week: Before rolling out AI broadly, classify your data and define which information AI tools can and cannot access. A strong governance foundation helps reduce security, privacy, and compliance risks while accelerating adoption.

Best Practice: Require human review for high-impact AI outputs, including customer-facing communications, security actions, compliance decisions, financial reporting, and executive deliverables. Use AI to accelerate work, but maintain accountability through appropriate oversight.

Why It Matters: Organizations are increasingly adopting AI assistants for productivity, research, content creation, and workflow automation. The most successful deployments combine AI innovation with governance, security controls, and clear review processes to maximize value while reducing risk.

Did You Know Threat Facts & Insights

Did you know… According to the 2026 Unit 42 Global Incident Response Report, identity-related phishing and social engineering attacks remain among the leading causes of security incidents. Attackers are increasingly using AI to create convincing phishing emails, fake websites, and impersonation campaigns at scale.

How Palo Alto Networks CDSS Helps...

Palo Alto Networks Cloud-Delivered Security Services provide layered protection across the attack lifecycle. Advanced URL Filtering helps prevent access to phishing websites, Advanced DNS Security blocks malicious domains, Advanced Threat Prevention stops exploit and command-and-control activity, and Advanced WildFire identifies and analyzes unknown malware.

Together, these services help organizations reduce the risk of credential theft, malware infections, and unauthorized access from modern phishing attacks.

Explore More Cloud-Delivered Security Services  Resources

• CDSS Website 
• CDSS 30-day Free Trial Page 
• Advanced Threat Prevention 
• Advanced WildFire
• Advanced DNS Security | Advanced DNS Security Resolver 
• Advanced URL Filtering 
• Device Security
• Palo Alto Networks LIVEcommunity YouTube channel 
• Cloud Delivered Security Service YouTube Channel 
• CDSS PAN TV Episodes 
• CDSS Infographic
• CDSS Ebook

Stay Protected with Cloud-Delivered Security Services 

Palo Alto Networks Cloud-Delivered Security Services (CDSS) help organizations stay ahead of modern threats with unified, AI-driven protection across DNS, web, network, and device environments. 

To learn more about how CDSS can strengthen your security strategy, including hands-on experience through the CDSS Ultimate Test Drive, contact your Palo Alto Networks representative. Check back next month for the latest innovations and product updates!