AI will redefine how we live, work and experience life in the coming decades. That's the message from Meerah Rajavel, chief information officer at Palo Alto Networks, who has spent the past two years transforming how the company operates through AI-driven innovation.
But that transformation brings substantial security challenges.
In a recent interview on the Threat Vector podcast, Rajavel emphasized that security cannot be an afterthought. "Security is much easier if you integrate [it] from the get go as a design principle, rather than trying to use it like a seasoning at the end of preparation of that food," she said. "It is not going to taste [as] well."
For CIOs navigating this transformation, Rajavel's insights offer a roadmap for balancing velocity with security, efficiency with risk management, and enhanced user experience with data protection.
The Three Pillars of AI Business Value
Rajavel framed AI's business impact around three core capabilities:
- Velocity: Move from zero to scale at unprecedented speed, getting from one to 100 to one million quickly. "With AI, you can really gain velocity," Rajavel explained. "That's really important when you think about speed in today's context of business."
- Efficiency: Transform how employees spend their time by automating routine tasks and elevating strategic work. How do you confirm every seller uses their time efficiently in front of customers? How do you make sure employees focus on work that drives outcomes? AI provides answers.
- Experience: Shift from one-way searches to dynamic dialogues where AI becomes a thought partner. "If I wanted to dialogue with it, to frame and sharpen my ideas, it's a great tool," Rajavel noted.
These aren't abstract concepts. They're measurable outcomes that Palo Alto Networks has achieved through deliberate AI implementation.
Transform Employee Support from Tickets to Conversations
Palo Alto Networks processes 280,000 IT support tickets annually for 20,000 employees. That's 14 tickets per employee per year. Rather than accept this as normal, Rajavel's team analyzed every ticket and reimagined the support experience around an AI agent called Panda AI.
The transformation has been dramatic. Before Panda AI, the company automated just 12% of IT requests. Within a year, that number jumped to 72%. The shift wasn't purely technological. It combined AI-driven user experience with process reengineering and traditional automation tools that now serve as capabilities for the AI agent.
Rajavel categorized tickets into three buckets. First, information retrieval requests like "how to" questions represent about 20% of tickets. Panda AI now handles 19.5% of these without human intervention. Second, automation is able to handle 89% of service requests with deterministic outcomes, like password resets or access provisioning. Third, break-fix issues requiring troubleshooting remain the hardest challenge, though AI helps by gathering complete context before escalating to humans.
The experience shift is subtle but powerful. Users receive instant responses instead of waiting on hold. The system maintains conversation memory, eliminating repetitive questions. When escalation is necessary, human agents see the complete interaction history. Most importantly, Panda AI solicits feedback after every interaction, creating a continuous learning loop that improves over time.
Rethinking Software Development Beyond Code Generation
Developer productivity tools dominated early AI conversations, with bold claims that AI would eliminate the need for software engineers. Rajavel dismissed this as a fundamental misunderstanding of how software gets built.
Engineers spend only 20 to 30% of their time writing code. The remaining 70% involves design work, documentation, support, defect fixes and collaboration. More critically, the most expensive product gaps don't come from coding errors; they come from misunderstood requirements and flawed technical designs.
Rajavel explained:
If you focus all your effort on AI writing code for you, you're only solving a small portion [of the problem].
Her team has reimagined the entire software development lifecycle as AI-driven, completing seven pilot programs before moving to general availability.
The new process starts with gathering requirements. Instead of humans transcribing business discussions into documents, the team feeds Zoom recordings, emails and documentation directly into AI to generate product requirement documents. The AI then produces web interface mockups for immediate feedback, catching misalignments before expensive development work begins.
Better requirements drive better user stories, which feed into both development and quality assurance test plans. According to an internal pilot, for greenfield projects, we found that AI can generate 60% to 80% of the code. For brownfield work (or, incorporating new software or tech in the presence of legacy systems and infrastructure) in existing codebases, efficiency gains are lower but still meaningful because engineers work with higher-quality specifications.
The approach blurs traditional role boundaries. Product managers and analysts now perform similar functions, all requiring AI fluency. Documentation automatically stays current as products ship, because the AI maintains context throughout the development cycle.
The Security Risks Hiding in Plain Sight
Innovation at machine speed creates security challenges that many organizations don't recognize until it's too late. Rajavel's first priority when Palo Alto Networks embraced AI in early 2023 was simple: Gain visibility into what employees were already doing.
"If you think, ‘oh, we don't use AI.’ Guess what? Your teams are using AI," she warned. "Maybe you didn't know what they're using." The company deployed AI Access Security™ as its first product, running in production for nearly two years to understand AI usage patterns before expanding capabilities.
The security surface extends far beyond traditional concerns. For AI systems, the model and data become the primary attack vectors. "If I poison either one of them, AI can go haywire," Rajavel said. While frontier models from providers like Google and OpenAI carry lower risk due to extensive testing, most AI applications incorporate multiple specialized models.
Rajavel offered a practical example. Parsing long documents with tables and images works with large language models like Gemini, but it's slow and expensive. A specialized small language model does this single task in subseconds at lower cost. That model might come from Hugging Face or another third-party model repository, creating new supply chain risks.
Organizations must scan models for vulnerabilities, manage permissions appropriately and protect data access. Runtime security becomes critical because prompts function like code, and the LLM acts as an operating system. "That has to be protected like a software supply chain," Rajavel explained. Palo Alto Networks uses its own security products from code development through production deployment.
AI Security Cannot Be Bolted On
The most important takeaway from Rajavel's experience is that AI security must be integrated from the beginning. Organizations that treat security as a final step will struggle to protect themselves and their customers.
"AI is a titanic shift and it's not hype. It's here to stay," Rajavel emphasized. "With any technology that you bring, there are opportunities and threats. So know your threats. Security is super important."
CIOs face a choice: embrace AI transformation with security embedded in every decision, or watch competitors move faster while trying to retrofit protection after the fact. The organizations that succeed will treat security as a design principle, not a compliance checkbox.
Rajavel's teams prove this approach works at scale. They're innovating at AI speed while maintaining enterprise security standards. For CIOs wondering if it's possible to move fast and stay secure, Palo Alto Networks offers proof that both objectives are achievable when security thinking permeates every layer of AI implementation.
As Rajavel emphasized, security must be integrated from day one, not bolted on later. Learn how Cortex XDR® embeds AI-driven protection across endpoint, cloud, network and identity from the start.
Want to see Cortex XDR in action? Take our product tour today!