Security teams are dealing with environments that are growing more complex each year. Cloud infrastructure, hybrid networks, remote users, and AI applications are now part of the same operating environment. At the same time, security teams are managing large volumes of alerts and often working across multiple tools.
Fortinet’s FortiOS 8.0 release focuses on simplifying that reality. The update introduces new controls around AI usage, expands SASE and SD-WAN capabilities, and brings additional automation into security operations. The goal is to give organizations a single platform that can manage networking and security together.
Understanding and Governing AI Usage
AI tools are quickly becoming part of everyday business workflows. Employees may use generative AI for productivity, while autonomous agents interact with applications and data across systems. For security teams, the challenge is often understanding what tools are being used and how information flows between them.
FortiOS 8.0 introduces new visibility capabilities designed to address that issue. FortiView for AI allows security teams to see how AI applications are used across the network. This includes identifying approved services, detecting unsanctioned tools, and monitoring how users interact with AI systems.
The platform also adds AI-aware application controls, which allow organizations to permit certain AI tools while limiting actions that could expose sensitive data. Visibility has also been expanded into agent-to-agent interactions through support for Model Context Protocol (MCP), giving security teams a clearer view of automated activity between AI systems and applications.
Data protection capabilities were expanded as well. Updated data loss prevention with optical character recognition (OCR) can detect sensitive information embedded inside screenshots, scanned documents, and other image-based files.
According to a Fortinet spokesperson, the goal is to give organizations enough context to guide AI governance decisions.
“Depending on the organization, there could be solid AI guidance in place already, or only loose guidance has been issued and the IT and security teams are being asked what tools are actually being used,” the spokesperson told MSSP Alert.
“With the enhanced visibility, organizations can see the application, the use case, where the servers are located, and our security rating for the service. That information can help guide internal policies about which AI tools should be allowed and how they should be used.”
Organizations can then determine how quickly those policies should be enforced.
“They may decide to block certain applications immediately, or they may use the visibility to issue warnings first before moving to stronger enforcement,” the spokesperson said. “Additional DLP controls can also help prevent sensitive data from being used in AI tools even if those tools remain allowed.”
Operationally, FortiOS 8.0 also introduces AI agents across the Security Fabric to help guide troubleshooting and configuration tasks within firewall and SD-WAN environments.
Extending SASE and Network Security
As organizations move users and applications outside traditional data centers, SASE architectures have become an important part of network security. FortiOS 8.0 expands how these environments can be deployed and managed.
One of the additions is SASE Outpost, which allows organizations to run SASE enforcement points in locations they control, such as on-premises infrastructure or colocation facilities. While management remains centralized in the cloud, traffic inspection can occur closer to users or applications where performance or regulatory requirements demand it.
Another option introduced in the release is sovereign SASE deployment, which allows organizations to control where security processing, logs, and management infrastructure reside. This flexibility is increasingly important as data residency and sovereignty regulations continue to expand across regions.
The spokesperson said the architecture is designed to keep policies consistent regardless of where the infrastructure runs. "FortiOS delivers a unified SASE architecture built on a single operating system, policy engine, and management framework that spans cloud, on-premises, and hybrid environments. Capabilities such as SASE Outpost and sovereign SASE allow organizations to run security services and localize traffic inspection and analytics within their own infrastructure or trusted jurisdictions,” the spokesperson said.
This approach allows organizations to maintain control over where data is processed while continuing to apply the same security policies across environments. It allows organizations to meet regulatory and sovereignty requirements while maintaining consistent Zero Trust enforcement and connectivity across users and applications.
FortiOS 8.0 also introduces unified SD-WAN bundles and multipath IPsec tunnels, designed to improve network resilience and simplify deployment across distributed sites.
Preparing for Future Encryption Risks
Alongside networking updates, FortiOS 8.0 also expands support for post-quantum cryptography.
Although practical quantum computing attacks are not yet common, many organizations are beginning to plan for a future where traditional encryption methods may become vulnerable. The new release introduces quantum-resilient cryptographic controls designed to secure management access and VPN connections.
SSL inspection capabilities were also updated to support hybrid key exchange models that combine traditional encryption with post-quantum algorithms. These changes allow organizations to begin preparing for long-term cryptographic risks while maintaining compatibility with current infrastructure.
A More Unified Security Operations Platform
While network security remains central to the platform,
Fortinet is also extending its capabilities across security operations.Security teams often rely on multiple systems for log analysis, automation, threat intelligence, and incident response. Managing those tools separately can slow investigations and increase operational complexity.
Fortinet’s new FortiSOC service aims to bring those functions together into a single cloud-delivered platform. The system supports log ingestion, correlation, investigation, automation, and case management while integrating telemetry from both Fortinet products and third-party environments.
The spokesperson explained that the platform builds on the company’s broader SOC architecture.
“FortiSOC is built on the broader Fortinet SOC Platform, which unifies detection, investigation, threat intelligence, and response across endpoints, networks, cloud, identities, and data through a shared telemetry fabric and unified data lake,” the spokesperson said.
The platform combines capabilities traditionally delivered through several tools.
“FortiSOC brings together FortiAnalyzer, FortiSIEM, FortiSOAR, and FortiTIP under one console and one data model with a simplified licensing approach,” the spokesperson said. “Organizations can start anywhere in their SOC journey and expand capabilities without changing platforms.”
Automation is another focus area. FortiAI capabilities embedded in the SOC platform help automate tasks such as alert triage, investigation, and threat hunting. FortiAI continuously analyzes telemetry, performs alert triage, correlates threat intelligence, and assists with investigations.
“These capabilities reduce alert noise and help analysts focus on high-confidence threats while investigations move faster,” the spokesperson said.
Expanding Managed Security Opportunities
The broader SOC architecture also supports FortiGuard SOC-as-a-Service, which allows partners to offer managed SOC capabilities without building their own operations center.
“FortiGuard SOC-as-a-Service gives partners a way to offer managed SOC services without having to build and staff their own SOC,” the spokesperson said.
Because the service now supports telemetry from third-party environments, it can operate across mixed vendor infrastructures.
“That allows resellers, MSPs, and MSSPs to bring managed SOC services to more customers,” the spokesperson said. “Partners can add a security service to their portfolio while Fortinet handles the underlying SOC operations.”
Endpoint security has also been simplified through
FortiEndpoint, which consolidates multiple protections into a single agent and management framework.
Why the Update Matters
Security environments continue to expand as organizations adopt cloud infrastructure, distributed networks, and AI-driven tools. At the same time, security teams are working with limited resources and increasingly complex technology stacks. FortiOS 8.0 addresses that challenge by bringing AI governance, networking security, and security operations together inside one platform architecture.
For organizations already running Fortinet infrastructure, the release expands visibility into AI activity, introduces more flexible SASE deployment models, and integrates investigation and response capabilities more closely with the network itself. The overall direction reflects how security platforms are evolving as organizations look for ways to manage growing infrastructure complexity without adding more operational overhead.
