At Cato Networks, we are committed to ensuring that artificial intelligence (AI) is developed and deployed responsibly, securely, and transparently across our SASE platform and supporting services.
These FAQs address how Cato designs, governs, and manages its AI-driven capabilities (“AI Features”), reflecting our adherence to privacy-by-design, security-by-design, and responsible innovation principles.
Yes. Cato Networks’ Responsible AI Policy governs the design, development, and use of AI technologies within our platform.
Our framework is based on five core principles:
- Transparency – Customers are informed when AI is used.
- Accountability – Human oversight is required before applying AI-driven insights.
- Fairness – AI outputs are continuously tested to mitigate bias.
- Privacy and Security – AI systems are designed with privacy-by-design and protected by robust security controls.
- Compliance – AI development aligns with global regulatory frameworks, including the EU AI Act and GDPR.
No. Cato does not use customer personal data to train or retrain its AI models.
Our AI capabilities are trained using aggregated, anonymized network telemetry and other non-personal operational data, enabling predictive and behavioral analysis without processing identifiable customer information.
Cato performs benchmark testing and continuous monitoring of all AI models.
Performance, accuracy, and potential drift are evaluated regularly to ensure models perform reliably within expected parameters.
Feedback loops and retraining are executed under controlled governance conditions, ensuring quality, security, and compliance.
Cato uses AI across three different layers:
- Context enrichment – enables Cato’s platform to detect, analyze, and respond to threats in real time, directly within the traffic flow. By leveraging AI-driven analytics, continuous inspection, and context enrichment, Cato delivers both inline and out-of-band visibility and control. The platform uses AI to identify emerging threats and suspicious activity, classify devices and assets, and categorize destinations, allowing it to automatically block malicious behavior, enforce security policies, and mitigate risks as they occur with precision and speed.
- Insights – Cato Copilot uses AI to deliver actionable insights across network performance, security threats, and policy effectiveness, enabling intelligent, data-driven optimization, identifying anomalies, and providing network and experience predictions
- Conversational – an intelligent assistant that empowers customers to work faster and more efficiently. It leverages the Cato Knowledge Base, Cato public API, and each customer’s unique data, events, and network configurations. It provides precise answers to custom questions, automates troubleshooting, and delivers actionable insights. However, it always requires human interaction and confirmation, and is not allowed to make changes independently
Yes. In limited cases, Cato integrates trusted third-party AI infrastructure or inference services to enhance performance or analytics capabilities.
All such providers are subject to Cato’s Vendor Risk Assessment and must meet stringent security, privacy, and compliance requirements.
Cato applies the same multi-layered security controls that protect our global SASE infrastructure to our AI systems, including:
- Access control and strong authentication
- Data encryption in transit and at rest
- Continuous monitoring and anomaly detection
- Network segmentation and isolation
- Security incident management and audit logging
All AI environments operate within Cato’s secure cloud-native architecture, ensuring resilience, availability, and compliance with international security standards.
Cato’s Incident Response Plan includes procedures for detection, containment, remediation, and post-incident review.
All incidents are managed under the company’s Information Security Incident Management Program, ensuring accountability, transparency, and timely customer notification where applicable.
Cato integrates guardrails and retrieval-augmented generation (RAG) mechanisms to ensure AI outputs remain factual, relevant, and aligned with Cato’s operational data.
Regular audits, testing, and human validation reduce risks of inaccuracy or bias.
Cato doesn’t alter configuration or make changes to the system without human validation.
Cato Networks’ products and services do not fall under the definition of High-Risk AI Systems under the EU AI Act, nor do they constitute any prohibited AI practices under the Act. To the extent that Cato Networks includes any AI functionalities that may interact with an individual, it fully complies with the transparency requirements under the Act.
- Backups: Maintained per Cato’s Backup and Disaster Recovery Policy.
- Retention: Data related to AI features is retained in line with the customer’s DPA and Cato’s internal data governance policy.
Cato invests in continuous AI education and training across engineering, product, and compliance teams.
Our AI Literacy Program ensures employees understand responsible AI development, ethical standards, and emerging legal obligations.
What governance and control measures does Cato apply to ensure responsible and secure use of AI in its systems?
- Policies – clear governance policies defining permissible AI use, data handling, and approval of workflows.
- Technical measures– automated controls such as access restrictions, data anonymization, and activity monitoring.
- Procedural measures– mandatory human reviews, risk assessments, and audit logging for any AI features or processes that may affect customer data or service reliability.
0 comments
Please sign in to leave a comment.