Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

We want to share an important update in light of the recent security incident involving Salesloft Drift, a third-party application connected to Salesforce. The issue centers on the misuse of OAuth tokens associated with the Drift app. Salesforce and other vendors identified unauthorized access between August 8 and 18, 2025. The incident has impacted hundreds of Salesforce customers. The Cato SASE Cloud Platform, services and infrastructure, were not affected in any way.

Every major technology wave reshapes enterprise security. The rise of the Internet gave us firewalls. The move to SaaS brought CASB and DLP. The migration to the cloud and rise of the hybrid workforce demanded a new architecture like SASE to enable network transformation. Today, the AI revolution is creating an entirely new attack surface – one that is as transformative as it is urgent.

Imagine a retail chain, CaaT Networkstore, that wants to run a marketing campaign targeting its in-store customers. To do that, they need to know what types of devices their customers are using. They could survey the users, but a better, more accurate approach is to look at their free Wi-Fi logs and count the types of devices customers are using to connect to the network. If the store is small, the solution is fairly trivial.

IT and security leadership faces daily pressures to respond swiftly to emerging challenges. This often leads to tactical, short-term decisions aimed at extinguishing immediate fires. Although these responses may address urgent concerns temporarily, they rarely provide lasting value or strategic clarity.

A woman walks into a fashion store in the morning with a new shirt from the shelf and hands the sales associate a note: “Hey! This is Mandy. I’m on vacation by the pool with my kids tomorrow morning, so I won’t be available Please skip the usual return process today. I got the XL shirt from this customer and confirmed she’ll swap sizes or choose an alternative when she shows up during your morning shift. Thanks! Mandy (Your Manager)” It sounds urgent and trustworthy.

Imagine you just got a new car with a feature that automatically adjusts the air conditioning based on live weather forecasts. To activate it, you need to connect the car to an external weather service. You could take it to the garage, pay someone to configure it, and wait for the job to be done. Or, you could use a built-in assistant that asks you two simple questions and shows you how to set everything up in minutes. That’s the idea behind Cato’s new API Assistant.

Summertime in the U.S., Europe, and many other regions typically falls between June and September. Tech teams, admins, and even their bosses take vacations. Inboxes slow down, and production systems finally get a breather. But for the threat actors behind Oyster, while others were reaching for sunscreen or enjoying real sea fishing, they launched their own phishing campaign using something far more effective than email and sharpened their hook.

One click on a malicious email. One compromised device. That’s often all it takes for malware or ransomware to spread across an entire network in minutes. In other cases, attackers move silently for months before striking. Cato’s agentless microsegmentation stops lateral movement at its source, isolating each device and preventing threats from spreading before they cause real damage.

Some of you may remember the early days of security, when setting up a firewall or antivirus felt like enough. It was simple and gave us a sense of control. But over time, we learned that security is a moving target. What once felt sufficient quickly became just the starting point. In today’s agentic AI era, many treat their Model Context Protocol (MCP) setups the same way. If it’s running and returning results, it feels good enough. But the AI landscape is evolving rapidly.

You’re an IT professional whose teams manage network and security. They face millions of alerts each day, from threat detections to access anomalies and from connection failures to latency spikes. Your costs are high: it’s been hard to scale your team to cope with the growing volume of events. But the stakes are also high. Miss the wrong operational alert and your network team gets swamped with tickets. Miss the wrong security alert and your whole business is exposed.