Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

WebPromptTrap - New Indirect Prompt Injection Vulnerability in BrowserOS

Cato researchers have discovered a new indirect prompt injection exploit pattern workflow in BrowserOS (an open-source agentic AI browser). We named it “WebPromptTrap” because the prompt originates from untrusted web content and it traps users into approving an authorization step through a trusted-looking AI summary.

When Quantum Turns Encryption Into a Time Problem

If your encrypted traffic was captured today, would it still be private in ten years? That question changes the conversation. Leaders are used to asking, “Is it encrypted?” Now they are asking, “How long does it stay confidential?” That is where post quantum cryptography, or PQC, comes in. Its role is to strengthen the foundations of a secure connection by improving how trust is established before any data is exchanged. Today’s encryption still works.

Where Cato Sits in the AI Economy

Every major technological shift reshapes the landscape, creating both winners and losers. AI will be no different. The key question is which companies are positioned to capture the value it generates, and which ones may fall behind as it unfolds. If you look at previous technology shifts, the winners were not always the companies building the most visible products. They were often the ones that enabled the shift to happen in the first place, or those that benefited from the structural changes it created.

Cato CTRL Threat Research: Vishing and Microsoft Teams Used to Deliver PhantomBackdoor

Cato CTRL has discovered a q-based delivery technique used against an Italy-based consumer services company associated with PhantomBackdoor, a multi-stage WebSocket-based backdoor previously reported in a Ukraine-focused spear phishing operation by SentinelOne. In SentinelOne’s earlier reporting, initial access relied on phishing lures and a ClickFix-style flow that triggered a staged PowerShell and ended with a WebSocket backdoor.

Secure Enterprise AI Apps and Agents: Visibility, Governance, Runtime Protection

When you deploy an AI application, do you know what's being sent into it — or what's coming back out? Cato AI Security provides runtime protection for the AI applications your organization builds and deploys, with real-time enforcement, sensitive data anonymization, and a complete audit trail across every interaction. Learn more or request a demo at catonetworks.com.

Meet the Industry's First GPU-Powered SASE Platform with Native AI Security

AI has moved from experimentation to a strategic enterprise imperative. It’s no longer about whether organizations will adopt AI, but whether their security architecture can govern it at the speed and scale at which it is being embedded into the business. This is not a future concern. It is today’s operational mandate to: Securing AI is not limited to software applications and agents.

Cato AI Security: Is Your Security Stack Built for How AI Works?

AI adoption is accelerating across enterprises — often faster than security teams can respond. Employees are using AI tools and copilots across SaaS apps and workflows, creating new exposure around sensitive data, shadow AI, and attack surfaces that traditional tools weren't built to see. This video breaks down the four AI security challenges every enterprise is facing, where existing controls fall short, and how Cato AI Security gives you visibility, guardrails, and enforcement across the AI your employees use, the applications you build, and the agents acting on your behalf.

Code Review That Learns: Inside Cato R&D's Self-Evolving PR Review Agent

Agentic AI promises to improve work processes in all domains and industries. R&D is no different. Recently, Cato R&D built an internal self-evolving pull request (PR) review agent that keeps reviewers in flow by commenting only on high-impact, high-confidence issues, validating every change against its spec from the PR and Jira, and learning continuously from developer feedback through long-term, episodic memory. What were the results?

Cato CTRL Threat Brief: Middle East Escalation and Summary of Notable Iranian-Linked CVEs

On February 28, 2026, Israel and the United States launched a joint attack against Iran. In retaliation, Iran launched its own attacks against Israel and US-allied countries and bases in the region. The escalation in the Middle East is ongoing. Cato CTRL is currently monitoring the threat landscape in the region.

AI in Cybersecurity Certification

Positive feedback can lead to unintended consequences. A dog learned that saving kids from the River Seine earned food and praise. So he started dragging them in to “save” them. AI models optimize for feedback in a similar way. Cato’s AI in Cybersecurity course shows how to manage the risks. It’s free and earns you CPE credits.