Inline Detection and Prevention of AI-Generated Malware for Prisma Access Explicit Proxy 

In 2026, the threat landscape is no longer static. Attackers are increasingly leveraging the latest generative AI, Large Language Models(LLMs) & Machine Learning tools to launch hyper-dynamic campaigns, resulting in a 72% surge in AI-driven incidents over the past year. This evolution has introduced several critical risks:

• Increase in zero-day AI-Generated Malware: Attackers are now using LLMs to create unique, zero-day malware variants at scale. Recent data shows a 1,265% surge in phishing attacks linked to generative AI, many of which use polymorphic code to bypass legacy signature-based defenses.
• The Speed of the "Unknown": The gap between the discovery of a vulnerability and its automated exploitation has shrunk to minutes. In 2025, nearly one-third of vulnerabilities were exploited before a patch was even released, and 'breakout times' have plummeted to an average of just 48 minutes. In this environment, the 'predictive window' for defenders hasn't just shrunk—it has collapsed.

This proliferation and speed of unique, AI-generated malware present a critical challenge for security teams. The legacy hash matching approach is inadequate for preventing such large volumes of unique, advanced malware variants. For effective protection, every malware, even though unique, needs to be stopped inline in seconds, without impacting user experience. 

Moving Beyond Passive Detection: In-Line Enforcement with Advanced WildFire

To defeat this new generation of threats, Palo Alto Networks is embedding a new level of defense directly into Advanced WildFire to provide inline malware prevention.  Recently introduced, Code Genome technology creates resilient fingerprints to capture malware's true intent, enabling rapid detection and prevention of large volumes of unique AI-generated malware.

Prisma Access Explicit Proxy with Advanced Wildfire blocks threats in-line, before malware reaches a user’s device. A low-latency cloud architecture is deployed to ensure in-line prevention without impacting user experience. Protection extends to malware across all common file types, including documents (PDF, Microsoft Office), scripts (PowerShell, JavaScript), executables, archives, and for file sizes up to 100MB. (Supported on Prisma Access 6.1.1 Release with PAN-OS 12.1.6).

Step-by-Step Guide for Prisma Access 

Configure in Strata Cloud Manager

STEP 1. Enable Inline Cloud Analysis in the WildFire Profile.

1. Go to Security Services > WildFire and Antivirus, and select your WildFire profile.
2. Enable Inline Cloud Analysis.
3. Specify a rule defining an action to take when Advanced WildFire Inline Cloud Analysis detects advanced malware.

STEP 2. Attach the WildFire Profile to the Security Policy.

1. Attach your WildFire Profile to a Profile Group and then to Security Policy.

STEP 3. Enable Advanced File Handling (Explicit Proxy).

1. Go to Configuration > NGFW and Prisma Access.
2. Set the Configuration Scope to Explicit Proxy and select Setup.
3. On the Setup tab, select Set Up Advanced Security Settings.
4. Select the Enable Advanced File Handling checkbox.

Configure in Panorama

STEP 1. Enable Inline Cloud Analysis in the Wildfire Profile.

1. Go to Objects > Security Profiles > Wildfire Analysis.
2. Select your Wildfire Profile, select the Inline Cloud Analysis tab, and enable cloud inline analysis.
3. Specify a rule defining an action to take when Advanced WildFire Inline Cloud Analysis detects advanced malware. 

STEP 2. Attach the WildFire Profile to the Security Policy.

1. Attach your WildFire Profile to a Profile Group and then to a Security Policy. Commit and push the rule to devices. 

STEP 3. Enable Advanced File Handling on Explicit Proxy.

1. On Panorama Cloud Service Plugin( 6.1 version), go to Configuration > Explicit Proxy, and then select the settings icon.
2. Select the Advanced tab and select the Enable Advanced File Handling checkbox.

The Zero-Delay Standard: Securing the Future with In-Line Precision

The proliferation of AI-generated malware necessitates a fundamentally evolved strategy for malware protection. Palo Alto Networks' Advanced WildFire, integrated with Prisma Access Explicit Proxy, effectively intercepts the novel AI-generated malware before it reaches your end-user devices. This robust defense mechanism enables organizations to proactively prevent "patient zero" infections and comprehensively secure their hybrid workforce.

Ready to enable in-line prevention? Reach out to your Palo Alto Networks representative for a deep dive into the latest Advanced WildFire capabilities or to learn more about optimizing your Prisma Access Explicit Proxy deployment.

Source: 

1. Palo Alto Networks Unit 42 Research
2. The State of Phishing 2023