Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Employees are leveraging AI to boost productivity and adopt skills that would take years to learn. This ranges from drafting content, writing code, and building automated workflows. Some of this use is approved. Much of it is not. For many security teams, the first instinct is to treat this risk like they would any other SaaS risk: discover the app, allow or block access, apply DLP rules, and report on usage. That model works for traditional SaaS, but AI is different.

Today, Cato Networks announced an integration of Cato XOps with the Cyera AI-native Data Security Platform Management (DSPM). The integration brings Cyera’s data security telemetry directly into Cato XOps, giving security teams visibility into the sensitivity and exposure of data involved in security events. In today’s distributed environments, data lives across the cloud, SaaS, endpoint, and network.

The cybersecurity industry has long relied on a simple idea: find vulnerabilities, patch them, and measure success by how fast you close the gap. “Time-to-patch” became a badge of honor. That model no longer holds. The rise of Mythos-class Frontier AI Models introduces a different kind of threat. AI-driven, agentic attacks operate continuously, discover weaknesses automatically, and execute at a scale no human team can match.

In April 2026, Cato CTRL identified and blocked an attempted intrusion against a global manufacturing customer involving TencShell, a previously undocumented, Go-based implant derived from the open-source Rshell C2 framework. The activity appeared in traffic associated with a third-party user connected to the customer environment.

Think of your environment like a medical clinic. Patients with new “symptoms” show up every day, such as an overly permissive firewall rule or a missed TLS inspection policy. A good doctor triages the most severe case and prescribes the right fix before the “symptoms” escalate.

Frontier AI is changing the economics of cybersecurity. Advanced models can accelerate vulnerability research, exploit-path analysis, attack planning, and disclosure workflows, making vulnerability discovery more continuous, automated, and AI-driven. This raises the bar not only for enterprises that need faster protection, but also for cybersecurity vendors that must adapt secure development, production security, runtime validation, incident response, and AI-assisted workflows to keep pace.

CVE-2026-41940 is a critical authentication bypass vulnerability in cPanel & WHM, including DNSOnly, and WP Squared. The issue affects cPanel software versions after 11.40 and can allow an unauthenticated remote attacker to gain unauthorized access to exposed hosting control panels. cPanel released patched versions and published official remediation and detection guidance.

Over a decade ago, Cato Networks helped shift cybersecurity to a new frontier: a converged, cloud-native platform that combines security and networking. As a long-time security researcher, the Cato platform was a radical change, providing researchers with the rich context and end-to-end visibility we needed to identify threats faster and deliver accurate protections.

Cato CTRL has discovered high-severity vulnerabilities in NVIDIA NeMo (CVE-2025-33236 with a CVSS score of 7.8) and Meta PyTorch that turns AI model files into remote code execution (RCE) vectors. The NeMo vulnerability allows RCE by importing a malicious AI model. The NeMo framework silently executes threat actor-controlled code with no warning.