CyberRatings Ends SASE Program, Citing AI's Disruptive Speed

AUSTIN, Texas – March 11, 2026 – Independent testing organization CyberRatings.org has announced a significant strategic realignment of its initiatives, concluding a three-year partnership with industry consortium Mplify to certify Secure Access Service Edge (SASE) products. The non-profit cited the accelerating pace of innovation and the evolving threat landscape, driven largely by artificial intelligence, as the primary catalyst for the change, signaling a potential turning point for how the cybersecurity industry validates its most advanced technologies.

The decision brings an end to the SASE Certification Program launched in collaboration with Mplify (formerly MEF) in 2023. This move away from a formalized, standards-based certification highlights the growing challenge of keeping pace with a market where both threats and defenses are being reshaped by AI at an unprecedented rate.

The End of a Landmark Partnership

The agreement between CyberRatings.org and Mplify was established to bring a new level of trust and transparency to the burgeoning SASE market. Mplify, having introduced its first SASE standard and Zero Trust framework in late 2022, sought to provide its global technology and service provider members with a credible certification process. CyberRatings.org, with its legacy of rigorous, independent testing inherited from NSS Labs, was chosen to provide the methodology and product ratings.

During its three-year term, the program was active and successful in evaluating and certifying products against Mplify's standards for SASE components, including SD-WAN, Security Service Edge (SSE) Threat Protection, and Zero Trust Network Access (ZTNA). For instance, Fortinet's Unified SASE solution achieved MEF 3.0 SASE Certification in mid-2024, demonstrating the partnership's operational success.

However, the landscape has shifted dramatically since the agreement was signed. "With the rapid evolution of AI, the cybersecurity landscape is changing, and our priority is ensuring that our testing programs keep pace with that reality," said Vikram Phatak, CEO of CyberRatings.org, in the official announcement. This statement underscores a pivot from long-term, static certification models toward a more agile approach better suited for a dynamic environment.

AI's Double-Edged Sword Reshapes Testing

The realignment by CyberRatings.org is a direct response to the profound impact AI is having on the entire cybersecurity ecosystem. Artificial intelligence is simultaneously empowering defenders and arming attackers, creating an arms race that outpaces traditional validation cycles. On the offensive side, AI enables cybercriminals to automate the discovery of vulnerabilities, generate highly convincing phishing campaigns and deepfake content at scale, and create adaptive malware that can change its behavior in real-time to evade detection.

This new breed of AI-driven threats makes point-in-time certifications a precarious measure of a product's true effectiveness. A security solution that proves effective against known threats one quarter may be easily bypassed by a novel, AI-generated attack the next. The speed and sophistication of these attacks demand a new paradigm for security validation.

Conversely, AI is also a powerful tool for defense, transforming security testing itself. AI-powered tools can scan millions of lines of code for vulnerabilities, predict potential threats by analyzing historical data, and automate routine monitoring, freeing human analysts to focus on more complex challenges. This capability for continuous learning and adaptation is precisely what makes rigid, long-term certification frameworks seem increasingly inadequate. The very technology driving the threat is also providing the means for a more fluid and continuous defense, a reality that testing bodies must now reflect in their own methodologies.

A Fragmented SASE Validation Landscape

The conclusion of the CyberRatings-Mplify program leaves a notable void in the quest for a universal, independent SASE certification, but it also reflects a broader market reality. The SASE market, projected to grow to over $28 billion by 2028, is characterized by a fragmented validation landscape. In the absence of a single, widely accepted standard, enterprises are left to navigate a complex ecosystem of vendor-specific certifications.

Major SASE vendors like Palo Alto Networks, Cato Networks, Fortinet, and Netskope all offer their own certification tracks, which are valuable for validating expertise on their specific platforms but do little to provide objective, cross-vendor comparisons of security efficacy. This environment places a greater burden on enterprise security teams to conduct their own due diligence and testing.

This shift is pushing the industry toward a model of continuous security validation. This approach, deeply aligned with the core principles of Zero Trust, moves away from the idea of one-time approval and toward ongoing, automated testing that simulates real-world attacks to proactively identify misconfigurations and security gaps. The end of a formal certification partnership from a key industry watchdog may accelerate this trend, encouraging organizations to invest in tools and processes that provide constant assurance rather than a static certificate.

A Strategic Pivot for an Industry Watchdog

For CyberRatings.org, this move is less an admission of failure and more a strategic pivot to maintain its relevance and authority. As a 501(c)6 non-profit founded by the former leadership of NSS Labs, the organization's mission has always been to provide objective, evidence-based ratings to empower enterprises. Its reputation is built on a rigorous methodology that uses live malware and advanced evasion techniques to simulate real-world conditions, a stark contrast to many vendor-sponsored tests.

By stepping back from a formal, multi-year certification program, CyberRatings.org is positioning itself to be more agile. The organization continues its critical testing work across other domains, including Cloud Network Firewalls, Enterprise Firewalls, and standalone SSE solutions, recently awarding Zscaler a top score in a Q2 2025 test. This demonstrates a focus on adapting how it tests to reflect the modern threat landscape, rather than abandoning key technology areas.

While the official partnership with Mplify has concluded, both organizations stated their shared objective remains to promote transparency and strengthen security. However, this strategic realignment by a respected third-party tester serves as a clear indicator for the entire cybersecurity industry. In an era defined by the speed of AI, the value of security validation will increasingly be measured not by a static certificate on the wall, but by the ability to continuously adapt and prove resilience against an ever-changing digital battlefield.