Cato Networks said it can protect customers against newly disclosed vulnerabilities within 45 minutes, reflecting what it described as a new approach to CVE mitigation.
The claim marks a sharp reduction from the days or weeks often associated with vulnerability response in security estates that rely on customer-managed appliances and patching cycles. Cato said it had previously reduced that process to hours through its software design and has now shortened it further by using AI-driven threat research with automated delivery across its cloud service.
Cybersecurity vendors and customers are under growing pressure to respond faster as the number of disclosed vulnerabilities rises. Cato cited data from the US National Institute of Standards and Technology showing CVE submissions rose 263% between 2020 and 2025, while filings in the first three months of 2026 were nearly one-third higher than in the same period a year earlier.
At the same time, many organisations still struggle to remediate vulnerabilities quickly. Cato pointed to Verizon’s 2025 Data Breach Investigations Report, which found that about 54% of edge device vulnerabilities were fully remediated during the year, with a median remediation time of 32 days.
How It Works
Cato said its process uses AI agents, with human supervision, to monitor disclosed vulnerabilities, triage information from multiple sources, extract indicators of compromise, reproduce exploits in a lab environment, develop threat signatures, test them for false positives, and deploy protections across the Cato Cloud.
Because the platform is cloud-based, customers do not have to patch or reconfigure distributed appliances before receiving the mitigation, according to the company. That removes a step that often slows response times in traditional security environments, where vendors must develop updates and customer teams must then test and install them across large estates.
Cato framed the announcement as an architectural argument as much as an operational one. It said rapid mitigation depends on combining network visibility, platform-wide context, and cloud-based enforcement in a single system rather than relying on separate products and local appliance upgrades.
That position goes to the centre of a wider cybersecurity debate over whether older infrastructure models can keep up with attack timelines that continue to shrink. Security teams have long measured performance by time-to-protect, but the industry is increasingly focused on time-to-exploit as attackers move more quickly from disclosure to active abuse.
Shlomo Kramer, Co-Founder and Chief Executive Officer of Cato Networks, said the change in attack speed exposes the limits of appliance-led security operations.
“Attackers move in minutes. Appliance-centric security still moves in patch cycles,” Kramer said.
“Cato closes the gap by turning new CVE intelligence into protections deployed globally across our cloud service, with zero customer effort. In the AI era, security architecture is no longer a matter of efficiency. It is a do-or-die security decision,” he said.
Industry Shift
Cato said the latest reduction in response time came from applying agentic AI to stages of the vulnerability protection lifecycle that it had already automated over several years. Those stages include monitoring CVEs, creating protections, validating them, and deploying updates across the company’s cloud infrastructure.
In Cato’s account, the latest step is less about replacing existing systems than compressing the time needed to complete each part of that cycle. The company said AI agents now help automate vulnerability analysis, exploit reproduction, protection generation, and validation, while humans remain in a supervisory role rather than carrying out each step manually.
That reflects a broader shift across parts of the security market, where vendors are trying to use AI not just for detection but also for operational response. The central promise is that machine-led workflows can reduce the lag between a newly published vulnerability and a live defensive control.
Elad Menahem, Senior Vice President of Research at Cato Networks, said the significance was not limited to a faster headline number.
“The breakthrough here is not just speed,” Menahem said.
“It’s that vulnerability response itself can now operate continuously and at machine scale,” he said.
Cato, known for its secure access service edge platform, said thousands of organisations use its network and security services across cloud, hybrid, and distributed environments. The latest announcement places that platform architecture at the centre of its pitch to customers facing a heavier flow of vulnerability disclosures and shorter windows to act.
By arguing that protection can be deployed globally in minutes without customer action, Cato is also making the case that mitigation speed is becoming a defining measure of security infrastructure rather than an added feature. It said AI-era security cannot depend on manual customer operations or appliance patch cycles.
The benchmark it has set will now test how quickly other security providers can demonstrate similar response times as vulnerability volumes continue to rise and exploit activity becomes harder to contain within traditional operational windows.
