SASE Vendor News Q1 2026: Acquisitions, Launches, Shifts

Major SASE vendor moves in Q1 2026. Acquisitions, product launches, and strategic shifts from Cisco, Fortinet, Palo Alto, Zscaler, and Netskope that affect your buying decisions.

If you signed a SASE contract in 2025 and have not checked your vendor's release notes this quarter, you are probably missing capabilities you already paid for. Q1 2026 was the quarter where GenAI security went from roadmap to production across every major vendor, and two acquisitions closed that reshuffle the competitive landscape. Here is what changed and what it means for your evaluation or renewal.

The big picture

The dominant theme this quarter is GenAI integration. Every major vendor shipped or announced AI-powered policy assistants, threat investigation copilots, or natural-language query interfaces for their dashboards. The second theme is consolidation — two meaningful acquisitions closed this quarter, both aimed at filling DEM and SD-WAN gaps in SSE-first portfolios.

Zscaler

Zscaler continued to expand its data protection story with the general availability of its GenAI security controls, which include inline DLP for ChatGPT, Copilot, and Gemini prompts. The new controls can detect and block sensitive data in AI prompts without requiring a separate CASB policy — they are built into the SWG inspection pipeline. Zscaler also announced a partnership with a major DEM vendor to embed synthetic monitoring into its dashboard, acknowledging that its native DEM offering has been a weak point in competitive evaluations.

Palo Alto Networks

Palo Alto shipped a significant update to Prisma Access with what they call "AI Access Security" — a dedicated module for discovering, classifying, and controlling GenAI application usage across the enterprise. The module goes beyond simple URL blocking: it categorizes AI apps by risk level, identifies data exposure patterns, and integrates with their CASB for shadow AI discovery. On the SD-WAN side, Prisma SD-WAN added native integration with major cloud providers for automated branch-to-cloud tunnel provisioning.

Cisco

Cisco made its biggest SASE move of the year by completing the integration of its Secure Access (SSE) and Viptela (SD-WAN) platforms into a unified management console. This has been in progress since the Viptela acquisition in 2017, and the single-pane-of-glass management was the most requested feature from Cisco SASE customers. Early reviews suggest the integration is functional but the UI still feels like two products stitched together. Cisco also launched an AI-powered policy recommendation engine that suggests security policies based on observed traffic patterns.

Netskope

Netskope doubled down on its data-centric positioning with the launch of Netskope One DLP for GenAI, which provides real-time coaching for users who attempt to paste sensitive data into AI applications. Instead of a hard block, users see an inline warning explaining the risk and offering to redact the sensitive portions automatically. This approach has tested well in early deployments because it reduces security friction without sacrificing data protection. Netskope also expanded its PoP footprint to 78 locations globally, narrowing the gap with Zscaler's coverage.

Fortinet

Fortinet announced the general availability of FortiSASE with integrated SD-WAN, making it one of the few vendors offering a truly converged single-vendor SASE with both sides built in-house rather than acquired. The value proposition is clear for existing FortiGate customers: consistent policy syntax, familiar UI, and license portability from on-prem to cloud. The trade-off remains that Fortinet's SSE capabilities, particularly CASB, are less mature than the SSE-first vendors.

Cloudflare

Cloudflare continued its quiet expansion into the SASE market with new ZTNA features in Cloudflare One, including device posture integration with CrowdStrike and SentinelOne, and a new private network discovery tool. Cloudflare's edge network (over 330 cities) gives it a latency advantage for globally distributed workforces, and their pricing remains aggressive. The gap is in advanced CASB and DLP — Cloudflare's offerings here are functional but lack the depth of Netskope or Palo Alto.

What this means for buyers

If you are in an active evaluation, three things changed this quarter. First, GenAI security controls are now table stakes — every shortlisted vendor should have them. Do not accept a roadmap promise. Second, Cisco's unified console changes their competitive position for shops that already run Cisco networking. Third, the DEM gap is closing across all vendors, but it is still worth testing synthetic monitoring as part of your proof of concept.

If you signed a SASE contract in 2025, check your entitlements. Several vendors shipped GenAI security features as included updates rather than paid add-ons this quarter.

Looking ahead to Q2

Expect Gartner's updated Magic Quadrant for SSE in mid-2026, which will be the first to evaluate GenAI security controls as a formal criterion. Vendor positioning for that report is driving most of the feature launches you see right now. Also watch for further M&A: at least two SSE-first vendors are rumored to be evaluating SD-WAN acquisitions to complete their SASE story.

Sources

Gartner, "Magic Quadrant for Security Service Edge" (2024) — gartner.com
Zscaler, "Zscaler GenAI Security" — zscaler.com
Palo Alto Networks, "AI Access Security for Prisma Access" — paloaltonetworks.com
Cisco, "Cisco Secure Access" — cisco.com
Cloudflare, "Cloudflare One" — cloudflare.com

Related on sase.cloud

Vendor Rankings 2026 →Cisco Review →Palo Alto Review →

Get the next guide in your inbox

One email per publish. Unsubscribe anytime.

ShareLinkedIn X

Was this helpful?

← Previous

Shadow IT Discovery with CASB

Next →

Why SSE Is Enough for Most Teams