Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

From September – November 2025, Cato Networks threat researchers observed a global campaign involving suspicious Modbus/TCP (transmission control protocol) activity against internet-exposed PLCs (programmable logic controllers). The targeted footprint spanned 70 countries and 14,426 distinct targeted IPs, with the largest share of activity in the United States.

Enterprises don’t struggle with whether users should have access. They struggle with how that access happens and how to secure it without creating more complexity. Employees work from managed laptops, personal devices, and third-party systems. Contractors need fast onboarding. Partners can’t install agents. Some users rely entirely on a browser. This mix isn’t temporary; it’s how modern enterprises operate.

There’s a little neighborhood coffee shop I love that runs like a Swiss watch. Every night, the owner doesn’t just flip the sign to “Closed.” They run a checklist: count the till, lock the back door, log fridge temps, sanitize the espresso wand, test the alarm, and write it all down. Not because they expect trouble, but because consistency is foundational to security. The shop earns trust the boring way: by doing the right things, repeatedly, even when nobody’s watching.

In a world where technology, threats, and business priorities evolve constantly, the real challenge is not predicting the future, but choosing an architecture that can adapt to it.

What began as reports about Anthropic’s Mythos model has now moved into a gated research preview called Mythos Preview. For cybersecurity, that immediately raises an important question: what happens when advanced AI can accelerate offensive workflows such as vulnerability analysis, exploit development, and attack planning? In a recent Cato blog post, we addressed the broader strategic shift this represents.

There’s a fundamental shift happening in enterprise IT. It’s not about another feature or another product category. It’s about economics. We call it the Platform Economy, and it defines a new operating reality for IT teams. For years, enterprises have operated in what’s described as the portfolio economy: multiple products, sometimes from the same vendor, packaged together and presented as a suite. On paper, it looks consolidated.

When static perimeters were a thing, networking and security vendors sold organizations products to fix an IT need or problem. That fix would expose a gap somewhere else, so the market named the gap, built a category around it, and organizations were sold another product to plug it. That model didn’t age well as environments changed.

Most major breaches do not spiral out of control because attackers get in. They spiral because attackers are free to move once they are inside. After gaining an initial foothold through compromised credentials, a misconfigured cloud workload, a remote device, or a third-party connection, sophisticated attackers pivot. They scan the network, escalate privileges, and move laterally across the LAN and datacenter until they reach critical systems.

Anthropic’s upcoming Mythos model points to something far more consequential than another leap in artificial intelligence. It signals a shift that could redefine the balance between attackers and defenders in cyberspace.

For decades, enterprise IT has been shaped by point solutions and stitched-together architectures. Many so-called platforms are product portfolios in disguise, made up of separately built or acquired solutions that run on disparate architectures and are loosely connected at best. Today, there’s a fundamental shift happening in enterprise IT. It’s not about another feature or another product category. It’s about economics.