Secure access service edge (SASE) provider Cato Networks has announced a groundbreaking achievement in vulnerability management, claiming to have reduced the time required to protect against new Common Vulnerabilities and Exposures (CVEs) to just 45 minutes. This record-setting speed is made possible by the integration of artificial intelligence agents into the company’s cloud-native security architecture, enabling automated threat detection, analysis, and mitigation without human intervention. The development marks a significant departure from traditional appliance-based security models, which typically require weeks for patch cycles to be developed, tested, and deployed by customer teams.
The Vulnerability Challenge in Modern Cybersecurity
The cybersecurity landscape has been transformed by the explosive growth of vulnerability disclosures. Data from the National Institute of Standards and Technology (NIST) reveals that CVE submissions have surged by over 250% since the early 2020s, with a year-over-year increase of more than 33% in the first quarter of 2026 alone. This acceleration is partly attributed to advances in frontier AI models from companies like Anthropic and OpenAI, which are being used to discover and report vulnerabilities at an unprecedented pace. In response, NIST announced in April 2026 that it would revise its classification methodology, enriching only high-priority CVEs—such as those listed in the Cybersecurity and Infrastructure Security Agency's (CISA) Known Exploited Vulnerabilities (KEV) catalog or those with significant government exposure. Many other vulnerabilities will receive minimal information, placing the burden on organizations to identify and prioritize them independently.
Further complicating the situation is the slow pace of traditional patching. According to Verizon’s 2025 Data Breach Investigations Report, just over half of edge device vulnerabilities were fully mitigated within a year of disclosure. With attackers exploiting vulnerabilities in minutes, the gap between disclosure and protection is widening. Cato argues that security teams are no longer fighting to reduce time-to-protect but are instead racing to reduce time-to-exploit, a far more urgent metric. The traditional model relies on vendors developing patches, distributing them, and customers manually testing and deploying them—a process that can take weeks and depends heavily on the diligence of individual security teams. This model is increasingly inadequate in the face of automated, AI-driven attacks.
How Cato’s AI Agents Operate
Cato Networks has built its architecture on a cloud-native, software-defined platform that already compressed the patching cycle from weeks to hours. The addition of AI agents takes this capability further by automating the entire vulnerability response lifecycle under human supervision but without human involvement. The process begins with agents monitoring a wide range of vulnerability sources, including NIST’s NVD, vendor advisories, threat intelligence feeds, and underground forums. When a new CVE is identified, agents automatically extract indicators of compromise (IOCs) and attempt to reproduce the exploit within a sandboxed environment. This step is critical for understanding the attack vector and verifying the vulnerability.
Next, the agents develop and test threat signatures—rules or detection logic that can identify and block malicious activity associated with the CVE. These signatures are simulated against a large dataset of normal network traffic to minimize false positives and ensure they do not disrupt legitimate operations. Once validated, the signatures are automatically deployed to Cato’s global cloud platform, which protects all customer environments in real time. The entire process, from CVE disclosure to global protection, now averages 45 minutes, according to Cato’s testing.
Elad Menahem, Cato’s senior vice president of research, emphasized that the breakthrough is not just about speed but about enabling continuous, machine-scale operation. “Vulnerability response itself can now operate continuously and at machine scale,” he said. This contrasts sharply with human-driven processes that are batch-oriented and limited by team capacity. By automating triage, exploit reproduction, signature generation, and deployment, Cato effectively removes the bottleneck of manual effort, allowing defenses to keep pace with the rapid cadence of new threats.
Implications for Enterprise Security Teams
The advent of agentic vulnerability mitigation has profound implications for enterprise security operations. Security teams that rely on manual patch management are increasingly overwhelmed by the volume of CVEs, many of which may never be exploited but still consume valuable analyst time. Cato’s approach shifts the responsibility from the customer to the provider, offloading the heavy lifting of signature development and testing. This frees up internal security staff to focus on strategic initiatives, such as threat hunting, incident response, and security architecture improvements, rather than repetitive patching tasks.
Moreover, the reduction in time-to-protect directly reduces the window of opportunity for attackers. In the past, a zero-day vulnerability could be exploited for weeks before a patch was applied. Now, with Cato’s agentic system, the window shrinks to less than an hour, making exploitation far more difficult. This is particularly important for edge devices and remote offices, which are often the first point of entry for attackers and are notoriously difficult to patch due to their distributed nature. Cato’s cloud platform automatically updates all points of presence worldwide, ensuring that even the most remote branch is protected simultaneously.
However, the shift to AI-driven mitigation also raises questions about trust and oversight. Security teams must be confident that the automatically generated signatures are accurate and do not introduce false positives that could disrupt business operations. Cato claims near-zero false positives, but such claims require rigorous validation over time. The company’s 11-year track record in vulnerability monitoring and signature development provides some assurance, but enterprises will likely demand transparency into the agentic decision-making process. Additionally, the reliance on a single vendor’s platform for such a critical function introduces a concentration risk; if an error occurs in the automated pipeline, it could affect thousands of customers simultaneously.
Broader Industry Shift Toward Agentic Security
Cato’s announcement is part of a wider trend toward agentic AI in cybersecurity. Across the industry, vendors are exploring how AI agents can automate routine tasks, from alert triage to incident response. For example, other security platforms are developing agents that can autonomously quarantine compromised devices, block malicious IP addresses, or update firewall rules without human approval. The goal is to move from a human-in-the-loop model to a human-on-the-loop model, where AI handles the vast majority of low-level decisions while humans supervise and intervene only when necessary.
This shift is driven by the recognition that the speed of attacks has outstripped human reaction time. Even the most efficient security operations center (SOC) cannot process the thousands of alerts generated daily by modern tools. AI agents offer a path to scalability, enabling organizations to defend against an ever-growing number of threats without linearly increasing headcount. However, the technology is still maturing. Early implementations have faced challenges with false positives, context understanding, and explainability. As Cato demonstrates, the most promising use cases are those where the task is well-defined—such as applying specific protections for known vulnerabilities—rather than open-ended threat hunting.
The broader implications extend beyond individual vendors. If agentic vulnerability mitigation becomes standard, it could reshape the relationship between security providers and customers. Instead of selling tools that require manual configuration, vendors will increasingly offer services that deliver outcomes, such as “protection against critical CVEs within 45 minutes.” This model aligns with the growing demand for managed security services and might accelerate the adoption of SASE and cloud-native security architectures over legacy appliance-based solutions. Additionally, the automation of patch management could reduce the overall cybersecurity skills gap, as it diminishes the need for teams to perform repetitive tasks.
Technical Considerations and Future Outlook
For Cato’s approach to work effectively, several technical conditions must be met. The sandbox environment used to reproduce exploits must accurately simulate a wide range of target systems and configurations. The signature generation algorithms must be robust enough to distinguish between benign and malicious activity, even when faced with polymorphic or obfuscated attacks. The global cloud platform must have sufficient capacity to deploy updates rapidly across all edge nodes without degrading performance. Cato’s existing infrastructure, built over 11 years, appears to meet these requirements, but the company will need to continuously refine its AI models as attack techniques evolve.
The future of agentic security will likely involve greater specialization. Different AI agents may be tasked with monitoring different types of threats—network exploits, phishing, ransomware, API abuse—and each will require specialized training data and testing. Collaboration between vendors could lead to shared threat intelligence standards that allow agents from different providers to exchange information about new CVEs and mitigations. However, competition and data privacy concerns may slow such collaboration. In any case, the direction is clear: cybersecurity is moving toward autonomous, machine-speed defense.
As the industry digests Cato’s claim of a 45-minute time-to-protect, other vendors will likely scramble to achieve similar capabilities. The race is on to demonstrate the fastest response times, and artificial intelligence is the key enabler. For organizations that have struggled with patch fatigue and exposure windows, this development offers a glimpse of a future where vulnerability management is no longer a burden but an invisible, always-on protection layer. The challenge will be to ensure that this speed does not come at the cost of accuracy or security, and that human oversight remains in place for the most critical decisions.
Source: ComputerWeekly.com News