Cato embeds AI security in SASE
Cato Networks
This move turns AI security from a separate procurement into a feature switch inside Cato’s existing network path. Because Cato already sits inline between employees, branch sites, cloud apps, and private applications, it can inspect prompts, uploads, model responses, and agent traffic where traffic already flows. That makes AI Firewall and AI Security Posture Management easier to buy, faster to deploy, and harder for a standalone tool to displace.
-
Aim brought two concrete products into Cato in September 2025. AI Firewall protects internal AI apps and agents at runtime, while AI-SPM scans models and agent stacks for misconfigurations and compliance gaps before production. That gives Cato both inline enforcement and posture management in one platform.
-
The budget shift matters because a Cato customer can now expand the same SASE contract instead of adding another AI security vendor, console, and policy engine. Cato already frames account growth as activating more modules over time, including AI policy capabilities, which raises ARR per site without a separate sales cycle.
-
This is the same playbook larger security platforms use in adjacent categories. Palo Alto Networks packages AI Access Security, AI-SPM, and AI Runtime Security inside a broader platform, showing that AI security is becoming a platform add on, not just a standalone category. Cato is bringing that motion into SASE earlier and more natively.
The next phase is a land and expand cycle where AI usage becomes one more reason to standardize on fewer security vendors. If Cato can make AI controls feel like a natural extension of branch, user, and cloud security policy, it can pull AI budget into the core SASE spend and deepen account penetration as Copilot, custom LLMs, and agents spread across the enterprise.