Palo Alto Networks completes CyberArk acquisition, plans Tel Aviv listing
The $25 billion deal makes identity security a core strategy as AI agents multiply corporate risks. Secondary listing would make Palo Alto largest company on Tel Aviv exchange.
Palo Alto Networks has completed its $25 billion acquisition of CyberArk, a landmark deal that recasts identity security as the core of the world’s largest cybersecurity company just as artificial intelligence multiplies the number of digital entities that must be protected.
The closing of the transaction, the second-largest ever of an Israeli company, came one day after the largest ever local acquisition, Google’s $32 billion purchase of Wiz, neared completion with approval from EU regulators.
Alongside the closing, Palo Alto Networks announced its intention to pursue a secondary listing on the Tel Aviv Stock Exchange under the ticker “CYBR,” while maintaining its primary Nasdaq listing as PANW. The move would make Palo Alto the largest company on the Tel Aviv exchange by market capitalization and underscores the strategic weight of Israel in its operations.
During a visit to Israel two months ago, his first in three years, CEO Nikesh Arora was explicit about the country’s importance. “I firmly believe that the most amount of innovation in cybersecurity comes out of Israel. It’s not for debate; it’s a fact,” he told local media. Palo Alto currently employs about 1,600 people in Israel and expects the CyberArk deal to double that workforce. Even during the war, Arora noted, the company hired roughly 700 employees locally.
Palo Alto’s Israeli R&D center has grown to occupy 22 floors of Tel Aviv’s Alon Tower, more than half the building, following a string of acquisitions. Since Arora took the helm in 2018, the company has executed a double-digit number of startup purchases worth billions of dollars, many of them Israeli. At the height of the 2023 conflict it acquired the Israeli firms Talon Cyber Security and Dig for a combined $1 billion.
The CyberArk transaction is different in scale and structure: it is Palo Alto’s first acquisition of a large publicly traded company. Arora said the integration should not trigger broad layoffs. “Things inevitably change when two companies merge, but it shouldn’t affect most of the organization,” he said in December. “This is not about 10% or 20% cuts. We have no such intention.” Because Palo Alto previously had no products in identity management, he added, “there’s no reason to cut there. On the contrary, we plan to invest more.”
Palo Alto Networks said nearly 90% of companies have already suffered an identity-centric attack, while machine identities now outnumber human ones by more than 80 to 1. Three-quarters of organizations admit that their access models remain outdated and overly permissive, conditions that have made credential abuse the dominant threat vector.
“Identity has emerged as the primary attack path,” the company said, arguing that traditional defenses built around networks and endpoints no longer match the reality of cloud automation and AI agents operating continuously with elevated privileges.
By absorbing CyberArk, a pioneer in privileged access management, Palo Alto Networks intends to extend tight controls beyond a small circle of administrators to every identity, human, machine and autonomous agent. The company says organizations using such identity-driven controls can accelerate breach response by up to 80% by preventing attackers from moving laterally once they compromise a single credential.
Arora described the deal as preparation for an era in which software agents will act on behalf of companies around the clock. “The emerging wave of AI agents will require us to secure every identity—human, machine, and agent,” he said. For customers, he promised, this would mean “the end of identity silos,” allowing privileged access to be managed from the same platform that already handles network security and security operations.
CyberArk’s products will continue to be offered as a standalone platform, an assurance aimed at customers wary of forced consolidation. Integration is underway to embed its technology across Palo Alto’s ecosystem, though the company pledged no disruption to existing deployments.
Matt Cohen, CyberArk’s CEO, called the combination “the definitive cyber guardian for the modern enterprise,” saying the merger would create “the most robust combination of proven technologies to stop identity-driven breaches.”
