Microsoft and Palo Alto Are Defining Agent Security. Here's What's Still Missing.

In the past week, Microsoft announced Agent 365 — a unified control plane for observing, governing, and securing AI agents across the enterprise — and Palo Alto Networks published research showing how their contextual red teaming approach uncovered a $440,000 financial manipulation vulnerability that standard security testing completely missed. Both announcements matter. Together, they reveal both where agent security is heading and where significant gaps remain. The short version: Microsoft is solving agent visibility and identity. Palo Alto is solving agent vulnerability discovery. Neither is solving organizational policy enforcement. And that's the layer that regulated industries actually need most. What Microsoft Built Agent 365, generally available May 1 at $15 per user per month, is Microsoft's answer to a problem every enterprise is quietly panicking about: they have no idea how many AI agents are running in their environment. Microsoft's own internal deployment found over 500,0