03-19-2026 02:44 AM
03-19-2026 04:33 AM
Hello @D.Ciftci
YES, Cortex XDR is capable of detecting AI agent runtime behavior in addition to identifying post-incident artifacts.
The platform uses AI, behavioral analytics, and machine learning to monitor endpoint, network, and cloud activity in real time, allowing it to uncover evasive threats. It provides behavioral threat protection by tracking malicious event chains and anomalies, such as fileless attacks or unexpected process behavior, that might result from AI agents.
With its agentic AI recognition in Cortex XDR 5.0, the system can identify when AI tools act autonomously inappropriately or maliciously. Runtime analysis and causality chain reconstruction enable XDR to detect malicious child processes spawned by legitimate applications, such as automation scripts or browsers. Additionally, user and entity behavior analytics (UEBA) profiles normal behavior to detect deviations that may indicate AI activity or compromise.
While XDR excels at identifying post-incident artifacts like C2 IPs, its focus on behavioral analytics and real-time monitoring allows it to detect and prevent active threats at runtime rather than relying solely on file signatures.
Cortex XDR 5.0 Release Notes & Features (includes AI-driven threat detection updates) - https://www.paloaltonetworks.com/blog/security-operations/introducing-cortex-xdr-5-0-the-new-standar...
Please help out other users and “Accept as Solution” if a post helps solve your problem !
03-19-2026 04:37 AM
Hi @D.Ciftci ,
The short answer is yes—XDR can definitely catch an AI agent in the act, but it isn’t actually looking for "AI" itself. Instead, it’s watching for the weird, hyper-active behavior that these agents tend to have when they're running.
Since most AI agents usually run inside something like a Python interpreter, XDR keeps a close eye on that "parent" process. If it suddenly starts acting like a frantic human—spawning a bunch of command shells, running network scanners, or poking at random system files—it triggers an alert. Because an agent can "hallucinate" or just try things a lot faster than a person can type, that high-speed iteration is a huge red flag for a behavioral threshold.
It also catches agents trying to "live off the land." If an agent decides it needs to find credentials to finish a task and starts grepping through your .ssh folders or trying to read your Chrome password database, XDR sees that as "Credential Access" behavior. It doesn't care if a human or a bot typed the command; the action itself is shady.
Even if the agent is being sneaky and generating code on the fly in memory to avoid leaving files on the disk, modern XDR can intercept those scripts right at the moment they execute.
XDR watches the "heartbeat" of the agent. If a computer that usually stays quiet suddenly starts chatting constantly with an LLM provider like OpenAI and follows that up with a bunch of internal "discovery" traffic, the XDR engine connects those dots as one single suspicious chain of events.
Cheers
03-19-2026 04:58 PM
Thanks for sharing, I am wondering does Cortex XDR relies on the upload of the relevant telemetries from managed endpoints to detect or the detections are done at endpoint level (possibly through installed agent on endpoints)?
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
