When Security Becomes Infrastructure: Google Cloud + Palo Alto Go All-In on AI Workloads

A significant agreement between Google Cloud and Palo Alto Networks signals thatsecurity becomes cloud infrastructure. The announcement of the deal, which happened on December 19, is the largest security services agreement that Google Cloud has ever dealt with, as cloud infrastructure and cybersecurity continue to merge speedily as businesses scale their AI systems.

Deal Snapshot

• Announced: December 19, 2025
• Size: Approaching $10 billion (Reuters source)
• Components: Cloud migration + joint AI security development
• Tech Stack: Prisma AIRS + Vertex AI/Agent Engine
• Partnership History: Since 2018; 75+ integrations; $2B marketplace sales

The collaboration will include two complementary components: Palo Alto Networks will shift some of the most important tasks within the organization to the infrastructure of Google Cloud, and both parties will collaborate to create the next generation of AI-based security solutions. BJ Jenkins writes that AI-generated demand was enormous, and the partnership was aimed at serving both organizations that are at once ramping up cloud adoption and are simultaneously encountering threats to AI infrastructure never before seen.

The Magnitude and Structure of the Agreement

Neither company disclosed precise terms; Reuters reported “approaching $10 billion.” Based on the disclosed scope, the partnership blends cloud migration of Palo Alto’s existing security products and internal operations with co-development of AI-native security capabilities. This dual-track approach differs fundamentally from traditional cloud migration deals.

This system focuses on the co-development of next-generation security features as well as infrastructure transition, as opposed to the latter and establishing competitive advantages over competitors, which places Google Cloud as the service of choice to those companies eager to implement AI in a safe setting.

The AI Security Crisis: Endemic Attacks Across Organizational Landscape

In the Palo Alto survey, 99% reported AI infrastructure attacks. This number shows that the attacks formed by AI infrastructure have become common and no longer extraordinary, bringing record-breaking security concerns to companies that have deployed generative AI systems.

These attacks cut across the various architectural layers. Conventional security strategies tackle the threats to the network perimeter and at the data center: AI workloads manifest themselves with essentially new attack surfaces:

Control Plane Attacks: Prompt injection exploits targeting language model systems, where malicious inputs manipulate model outputs to reveal training data or bypass safety guardrails.

Data Plane Attacks: Adversarial training data injection Model poisoning, whereby attackers inject small-scale corruptions in training datasets and make models act predictably to adversaries without being detected by human testers.

Model Plane Attacks: Proprietary model extraction Model extraction attacks Model extraction attacks: Here, the attacker queries the model in a systematic way, aiming to rebuild architecture, weights and training data or provide supply chain vulnerabilities in base models where attacks on the supply chain extend to final users.

These new threat vectors make the old-fashioned firewalls, intrusion detection and perimeter defense systems provably inadequate. Matt Renner emphasized secure AI development, positioning security as foundational rather than an add-on.

The Technical Architecture: Prisma AIRS and Vertex AI Integration

The partnership integrates Prisma AIRS with Google Cloud infrastructure, protecting live AI workloads, including Vertex AI and Agent Engine, across multiple security domains.

Prisma AIRS offers AI Posture Management to see AI infrastructure, AI Runtime Security to detect threats in real-time when inferring models, AI Agent Security to systems with autonomous systems, AI Red Teaming to prevent vulnerabilities proactively, and AI Model Security to scan models themselves. This holistic method recognizes that AI security should not be provided at any tier, but protection must be safeguarded on both code, model, runtime, and infrastructure levels.

Also, Palo Alto uses Vertex AI integration, in which AI provides security to AI systems. This is a large language model-based threat analysis, policy recommendation, and automated response, which is too expensive to deploy, by far, with a conventional rule set-based system.

Competitive Context: Repositioning Against AWS and Azure

The date of this agreement means that there is increased competition between hyperscalers of cloud. The acquisition of Wiz (32 billion) by Google Cloud is still pending, which means that they are serious about making security a competitive edge. At the same time, Palo Alto declared that it would purchase the software company Chronosphere to gain observability and artificial intelligence control to the tune of 3.35 billion.

In the case of Google Cloud, the Palo Alto alliance fills a strategic void: AWS and Azure have even more complex customer relationships both in cloud infrastructure and in security, which allows them to package security services as standard capabilities of the platform. Through a collaboration with Palo Alto, the largest independent security software vendor in the world, Google Cloud can facilitate the provision of enterprise clients with built-in AI security at the platform.

In the context of the case of Palo Alto, the alliance is a great strategic repositioning: the company will also have to stay relevant as the cloud-native and AI-native workloads gain dominance in the market, but it will be extremely capital-intensive to develop its own cloud infrastructure. This investment by making Google Cloud the main infrastructure platform and investing multibillions into the joint development, Palo Alto makes itself the security layer of Google Cloud. It does not compete with the whole stack of the cloud.

Historical Partnership Foundation: 75 Integrations and $2 Billion in Marketplace Sales

This expanded agreement builds on an established relationship: Palo Alto and Google Cloud have achieved 75+ joint integrations and generated $2 billion in sales through Google Cloud Marketplace since 2018. This substantial existing collaboration provides evidence that the organizations can execute at scale.

Also, the Palo Alto CEO is a former Google executive, Nikesh Arora, who worked as the chief business officer between 2011 and 2014, building personal connections and institutional memory that allows negotiating complicated strategic deals.

Strategic Implications: The Rise of Security-First Cloud Architecture

This agreement signals a fundamental shift in enterprise cloud deployment architecture. Security is no longer an afterthought or compliance requirement, it is becoming a core architectural principle determining competitive advantage.

Companies implementing AI systems have options to make: they can create security piecemeal by utilizing separate point services, or they can implement integrated services where security is integrated at all levels of the AI development and deployment process. The Palo Alto-Google Cloud alliance makes itself the latter. Security decisions are made at once at the architectural level on this single platform instead of being made multiple times for each operational level.

This architectural approach will likely drive significant industry consolidation, as independent security vendors struggle to compete with integrated platforms combining cloud infrastructure, foundational AI models, and security capabilities.

Three Signals to Watch: Measuring Partnership Impact

The real test of this partnership’s strategic value will become evident through three metrics:

1. Palo Alto Workload Migration: Has Palo Alto genuinely migrated significant production workloads to Google Cloud? Monitoring announced timelines and publicly disclosed spend levels will indicate whether this is genuine infrastructure consolidation or primarily a marketing alignment.

2. Prisma AIRS Adoption Within Vertex AI: Do enterprise customers adopt Prisma AIRS that is integrated with Vertex AI on a significant level? The rate of success over AWS and Azure security models and the increase in the number of customers in integrated deployments will indicate whether the technical integration is a perceived competitive advantage.

3. Large Enterprise Deal Win Rates: Are Google Cloud and Palo Alto winning disproportionately against AWS+native-security and Azure+partner-security combinations? Market share gains in enterprise AI infrastructure deals will ultimately determine whether this partnership reshapes competitive dynamics.

Conclusion: When Security Becomes Infrastructure

The $10 billion Google Cloud-Palo Alto Networks agreement represents the industry’s recognition that AI security is no longer distinguishable from cloud infrastructure. As enterprises deploy increasingly complex AI systems across multicloud environments, securing those systems at the platform level becomes a fundamental competitive requirement.

Similar mega-partnerships will likely follow. Expect AWS to deepen security partnerships or acquire security vendors, and Azure to pursue parallel strategies. The competitive battlefield is shifting: the cloud provider that most effectively integrates AI capabilities with security-first architecture will capture the dominant share of enterprise AI workloads. With this agreement, Google Cloud has made a significant move toward that objective.

About Author

Netanel Siboni is a technology leader specializing in AI, cloud, and virtualization. As the founder of Voxfor, he has guided hundreds of projects in hosting, SaaS, and e-commerce with proven results. Connect with Netanel Siboni on LinkedIn to learn more or collaborate on future project.