Thales S.A.

https://cpl.thalesgroup.com

Thales S.A., operating as Thales Group, is a French multinational corporation specializing in advanced electronics for the aerospace, defense, and digital identity and security sectors. Headquartered in Paris' business district, La Défense, France, the company's mission is to build a future that can be trusted by delivering sovereign, safety-critical, and secure technologies that protect people, infrastructure, and data.

The company's extensive portfolio includes a wide array of aerospace and military systems, devices, and equipment, alongside solutions in cybersecurity, digital identity, and space. Key offerings span avionics, air traffic management systems (with its TopSky systems controlling nearly 40% of global airspace), secure communications, radar, combat systems, satellites, ground systems, identity management, border control, and signaling and control systems for rail and urban mobility. Thales primarily serves government and defense agencies, commercial aerospace and airlines, the space ecosystem, digital identity and security clients, transport authorities, and critical infrastructure enterprises.

Led by Chairman and CEO Patrice Caine, Thales maintains a strong market position as a global technology leader, underpinned by a record consolidated order book of €51 billion by year-end 2024. The company invests over €4 billion annually in research and development, focusing on critical areas such as Artificial Intelligence, cybersecurity, quantum, and cloud technologies. Thales has been recognized as one of the world's 100 most innovative organizations for 13 consecutive years as of 2026. Recent strategic moves include the divestment of its Ground Transportation Systems to Hitachi in 2024 and significant investments in cybersecurity, notably through the integration of Imperva.

Latest updates

AI-Driven Bot Attacks Surge 12.5x, Blurring Security Lines

Event summary

  • Thales' 2026 Bad Bot Report reveals a 12.5x increase in AI-driven bot attacks compared to 2025.
  • Bots now constitute over 53% of all web traffic, surpassing human activity at 47%.
  • 27% of bot attacks are now targeting APIs, often appearing legitimate but exploiting business logic.
  • Financial services are disproportionately affected, accounting for 24% of bot attacks and 46% of account takeover incidents.
  • Thales defines a new category of internet traffic: 'AI agents,' which directly interact with applications and APIs.

The big picture

The rise of AI agents and the dominance of automated traffic represent a profound shift in the internet's architecture, moving beyond simple malicious activity to a state where automation is a pervasive and often legitimate element of digital infrastructure. This necessitates a move away from reactive security measures towards proactive governance and behavioral analysis, creating both significant risk and opportunity for cybersecurity vendors. The concentration of bot attacks on financial services highlights the potential for large-scale financial crime enabled by these advanced techniques.

What we're watching

Governance Dynamics
The shift from bot *blocking* to bot *management* will necessitate a fundamental re-evaluation of internal governance structures and security policies across organizations, potentially creating a new market for bot management platforms.
API Exposure
The increasing targeting of APIs will force organizations to prioritize API security measures beyond traditional perimeter defenses, including robust authentication, authorization, and rate limiting.
Regulatory Headwinds
Growing concerns around AI-driven automation and its potential for malicious use will likely lead to increased regulatory scrutiny and compliance requirements, particularly within the financial services sector.

Thales Drives European Cloud Sovereignty with SAP Partnership

Event summary

  • SAP and S3NS (a joint venture between Thales and Google Cloud) will deploy SAP RISE private cloud edition on S3NS’ PREMI3NS platform by H2 2026.
  • Thales is the first customer for this SAP Sovereign Cloud offering, undertaking a full ERP landscape refoundation.
  • The deployment ensures data storage, processing, and encryption remain within France under French jurisdiction.
  • S3NS currently serves over 60 customers and plans to add 30 managed services within the next 12 months.

The big picture

This partnership signifies a growing trend toward data localization and digital sovereignty in Europe, driven by regulatory pressures and geopolitical concerns. By combining SAP’s enterprise software with S3NS’ trusted cloud infrastructure, Thales is positioning itself as a leader in the emerging sovereign cloud market, which could represent a significant opportunity given the increasing demand from both public and private sectors. The move also underscores SAP’s commitment to expanding its presence in regulated industries and offering tailored cloud solutions.

What we're watching

Regulatory Headwinds
The success of this partnership hinges on navigating evolving European data sovereignty regulations, which could introduce unexpected compliance burdens or require significant platform modifications.
Execution Risk
The H2 2026 deadline for deployment represents a tight timeline; delays or technical challenges in integrating SAP’s platform with S3NS’ infrastructure could impact adoption rates and customer satisfaction.
Ecosystem Expansion
The ability of S3NS to attract additional SAP customers and software partners will be crucial for validating the model and achieving scale beyond Thales' initial commitment.

Thales Integrates Imperva Security Directly into Google Cloud

Event summary

  • Thales has introduced 'Imperva for Google Cloud,' a controlled availability offering.
  • The solution embeds Imperva's application security platform directly within Google Cloud's infrastructure using Service Extension traffic.
  • Thales received the 2026 Google Cloud Partner of the Year Award in the Sovereign Cloud category.
  • The offering aims to resolve friction between development and security teams and avoid latency issues associated with external security routing.

The big picture

Thales's integration of Imperva into Google Cloud addresses a growing pain point for enterprises: the need for robust application security without sacrificing performance or developer agility. This move reflects a broader trend towards native cloud security solutions and highlights the increasing importance of digital sovereignty in a complex regulatory landscape. The partnership also underscores Google Cloud's strategy of expanding its ecosystem through integrations with specialized security providers.

What we're watching

Adoption Rate
The success of Imperva for Google Cloud hinges on its ability to gain traction among Google Cloud users, particularly those seeking to avoid external security routing and maintain performance.
Sovereignty Demand
The partnership’s focus on sovereign cloud capabilities suggests Thales is anticipating increased demand from regulated industries, and the extent of this demand will dictate the offering's long-term viability.
Competitive Response
Other security vendors will likely respond to Thales’s move by developing similar native cloud integrations, potentially intensifying competition within the application security market.

Digital Trust Deficit Costs Firms Revenue as AI Adoption Accelerates

Event summary

  • Thales' 2026 Digital Trust Index surveyed over 15,000 consumers, business partners, and IT decision-makers across 13 industries.
  • 57% of consumers reported login issues in the past year, and 68% abandoned or switched providers due to slow performance or complicated sign-up processes.
  • Only 23% of consumers trust companies to use AI responsibly with their data, despite 93% of IT leaders planning AI initiatives.
  • The banking sector leads in consumer trust at 57%, significantly outpacing other industries like retail (10%) and social media (9%).
  • 66% of business partners admit to sharing or borrowing credentials due to slow provisioning, creating security risks.

The big picture

Thales' Digital Trust Index highlights a critical disconnect between the rapid adoption of digital technologies, particularly AI, and the corresponding levels of consumer trust. This lack of trust is translating into tangible business consequences, including customer churn and increased operational risk. The banking sector's lead in trust underscores the importance of prioritizing security and transparency in managing sensitive data, a lesson other industries must heed to remain competitive in an increasingly digital landscape.

What we're watching

AI Governance
The widening gap between AI adoption and consumer trust will force organizations to prioritize transparency and accountability in AI deployments to avoid further erosion of confidence.
Authentication Modernization
The significant disparity between IT leaders recognizing the importance of passkeys and their actual implementation suggests a near-term risk of security breaches and regulatory scrutiny.
Partner Security
The prevalence of credential sharing among business partners indicates a systemic vulnerability that, if left unaddressed, will continue to expose organizations to increased security risk and potential revenue loss.

Dominican Republic Deploys Thales-Powered E-Passports, Bolstering Digital Identity

Event summary

  • The Dominican Republic has issued its first electronic passports, marking a modernization of its national identity system.
  • The project is a collaboration between Thales and Midas Dominicana, with Thales providing advanced technologies and cybersecurity services.
  • The e-passports feature polycarbonate data pages with embedded electronic chips storing biometric data and ensuring authenticity.
  • Thales is deploying its ‘detect & respond’ cybersecurity solution to protect citizen data centers involved in the project.
  • Thales allocates €4.5 billion annually to R&D, focusing on areas like AI, cybersecurity, and quantum technologies.

The big picture

The Dominican Republic's adoption of e-passports reflects a growing global trend towards digital identity verification and enhanced border security. This project, valued at an undisclosed sum, positions Thales as a key player in the expanding market for secure digital identity solutions, a sector increasingly vital for governments seeking to combat fraud and improve citizen services. The move also highlights the increasing reliance on public-private partnerships to deliver complex technological infrastructure projects.

What we're watching

Data Security
The effectiveness of Thales’ cybersecurity solution in preventing data breaches will be critical, as the system handles sensitive biometric information and faces potential cyber threats.
Interoperability
The success of the Dominican Republic's e-passport program hinges on its ability to seamlessly integrate with international border control systems and avoid compatibility issues.
Expansion Risk
Thales’ success in the Dominican Republic could serve as a template for other nations seeking to modernize their identity systems, but replicating this model across diverse regulatory and infrastructural landscapes presents execution risk.

Thales Unveils SkyDefender, Signaling Shift to Integrated Air Defence

Event summary

  • Thales has launched SkyDefender, an integrated air and missile defence system designed to counter evolving threats from drones to hypersonic missiles.
  • SkyDefender combines short, medium, and long-range capabilities, extending detection range up to 5,000 km and leveraging satellite-based early warning systems.
  • The system utilizes Thales’ SkyView command and control system and is designed for interoperability with NATO and allied platforms.
  • Thales allocates €4.5 billion annually to R&D, with a focus on AI, cybersecurity, quantum, and cloud technologies.
  • SkyDefender’s modular architecture allows for integration with existing defence systems and partnerships with other industrial players.

The big picture

The launch of SkyDefender reflects a growing global demand for advanced air and missile defence capabilities driven by escalating geopolitical tensions and the proliferation of sophisticated drone and missile technologies. Thales’s focus on integrating AI and satellite-based early warning systems positions the company to capitalize on this trend, but also increases reliance on complex and potentially vulnerable technologies. The system’s open architecture and partnership-friendly design suggest a strategic shift towards collaborative defence solutions, potentially reshaping the competitive landscape.

What we're watching

Contract Dynamics
The ability of Thales to secure and expand contracts within NATO and allied nations will be critical to SkyDefender’s adoption, particularly given the complex procurement processes involved.
Integration Risk
The success of SkyDefender hinges on its seamless integration with existing legacy defence platforms, which could present significant technical and logistical challenges.
Competitive Landscape
How effectively Thales can differentiate SkyDefender from competing air and missile defence systems, particularly those from US and Chinese manufacturers, will determine its market share.

Thales eSIM Partnership Streamlines Verifone's Global Payment Terminal Deployments

Event summary

  • Thales and Verifone have partnered to integrate Thales' eSIM management technology into Verifone's payment terminals.
  • The partnership leverages GSMA SGP.32 IoT specifications for secure and interoperable connectivity management.
  • Verifone's new approach allows for standardized terminal manufacturing and remote activation, eliminating the need for removable SIM cards and country-specific variants.
  • Thales allocates €4.5 billion annually to R&D, including areas like cybersecurity and cloud technologies.
  • Verifone, a global payments technology provider, boasts an open ecosystem of over 2,500 integrations.

The big picture

This partnership reflects a broader trend towards embedded connectivity and remote device management across the payments ecosystem, driven by the need for greater agility and scalability. By shifting away from physical SIM cards, Verifone aims to reduce operational complexity and accelerate global deployments, a critical advantage in a rapidly evolving market. The move also underscores the growing importance of specialized eSIM management platforms like Thales's, as device connectivity becomes increasingly integral to core business functions.

What we're watching

Execution Risk
The success of this partnership hinges on Verifone's ability to rapidly integrate the eSIM technology across its existing terminal fleet and future product lines, potentially disrupting established manufacturing processes.
Competitive Response
Other payment terminal manufacturers will likely evaluate similar eSIM integration strategies, potentially intensifying competition and requiring Verifone to continually innovate to maintain its advantage.
Regulatory Scrutiny
Increased reliance on eSIM technology for critical payment infrastructure could draw greater regulatory scrutiny regarding data security and vendor lock-in, impacting long-term deployment flexibility.

Cielo Deploys eSIM Tech to Bolster Payment Terminal Resilience

Event summary

  • Cielo is modernizing its connectivity architecture for its nationwide payment terminal fleet.
  • The modernization leverages Thales’s eSIM technology to enable remote switching of mobile network operators over the air.
  • This implementation is one of the first large-scale deployments of the SGP.32 eSIM specification in Brazil’s POS sector.
  • Cielo allocates €4.5 billion per year in Research & Development.
  • Thales generated sales of €22.1 billion in 2025.

The big picture

Cielo's move highlights the increasing importance of network resilience for payment processors, especially in regions with potentially unreliable infrastructure. The adoption of eSIM technology, and the SGP.32 standard specifically, represents a shift towards more dynamic and automated network management, reducing operational costs and improving merchant experience. This strategy also positions Cielo to better compete in a market increasingly demanding seamless and secure payment experiences.

What we're watching

Competitive Response
Other payment processors in Brazil will likely evaluate similar resilience solutions, potentially accelerating adoption of eSIM technology across the sector.
Standard Adoption
The success of this SGP.32 implementation will influence the broader adoption rate of this standard within the Latin American POS market.
Cost Management
The long-term cost savings from reduced technician visits and simplified logistics will be a key factor in determining the ROI of this initiative for Cielo.

Thales Integrates eSIM Tech to Bolster Airalo's Global Connectivity

Event summary

  • Thales is integrating its eSIM technology into Airalo's global platform.
  • Airalo, the world’s largest travel eSIM platform, has over 20 million users.
  • The partnership aims to simplify eSIM configuration for travelers, reducing manual steps.
  • Thales was recognized as a “High-Flyer” by Kaleido and a “Gold Winner” by Juniper for its Travel eSIM technology.
  • Airalo was founded in 2019 and operates with a remote team of over 300 people.

The big picture

The partnership reflects the growing demand for seamless global connectivity among travelers, driven by the desire to avoid roaming charges and the increasing prevalence of eSIM technology. Airalo’s large user base and Thales’ established technology position the combined entity to capitalize on this trend, but the market remains fragmented with numerous smaller players. This move could signal a consolidation trend within the travel eSIM space as companies seek to differentiate through technological advancements and user experience.

What we're watching

User Adoption
The success of this integration hinges on Airalo’s ability to drive user adoption of the simplified configuration process, which will be a key indicator of the partnership’s value.
Competitive Response
Other travel eSIM providers will likely accelerate their own technology integrations to remain competitive, potentially leading to a price war or further innovation in the space.
Expansion Scope
The pace at which Thales’ eSIM technology is rolled out across Airalo’s 200+ destinations will determine the breadth of the partnership’s impact and potential for future expansion.

Thales Demonstrates Remote 5G Security Upgrade, Addressing Quantum Threat

Event summary

  • Thales has demonstrated a world-first capability to remotely update cryptographic algorithms on 5G SIM and eSIM cards.
  • The technology, termed 'crypto agility,' allows for over-the-air security upgrades without device replacement or service interruption.
  • The demonstration addresses the growing threat of quantum computing breaking current encryption methods, a concern for 5G network security.
  • Thales’ research teams contribute to post-quantum cryptography standardization efforts led by NIST.
  • Eva Rudin, VP Mobile Connectivity solutions at Thales, highlighted the immediate applicability of the technology.

The big picture

The demonstration highlights a critical vulnerability in existing 5G infrastructure – the potential for quantum computing to compromise encryption. Thales’ solution addresses a significant scaling challenge for telecom operators, who face the prospect of widespread device replacements to maintain security. This capability positions Thales as a key enabler for the long-term resilience and trustworthiness of 5G networks, a critical factor for national infrastructure and economic stability.

What we're watching

Adoption Rate
The speed at which telecom operators adopt Thales’ crypto-agile solution will depend on the perceived urgency of the quantum threat and the cost-benefit analysis of remote upgrades versus device replacement.
Standardization
The influence of Thales’ contributions to NIST’s post-quantum cryptography standardization process will shape the future landscape of quantum-safe security protocols.
Competitive Response
Other security vendors will likely accelerate their development of similar remote upgrade capabilities, potentially leading to a commoditization of this feature and pricing pressure.

AI Access Amplifies Data Risks, Threatening Enterprise Security

Event summary

  • Thales' 2026 Data Threat Report, conducted by S&P Global 451 Research, found 61% of organizations cite AI as their top data security risk.
  • The report highlights a concern that AI systems, increasingly granted broad data access, are becoming 'trusted insiders' with potentially weak controls.
  • Only 34% of organizations know where all their data resides, and 47% of sensitive cloud data remains unencrypted.
  • Nearly 60% of companies have experienced deepfake-driven attacks, and credential theft remains the leading attack technique (67%).
  • While 30% now dedicate specific budgets to AI security, 53% still rely on traditional security programs not adapted for automated systems.

The big picture

The Thales report underscores a critical shift in the threat landscape: AI is not just a tool for innovation but also a potential vector for data breaches, amplifying existing vulnerabilities and creating new ones. This trend highlights the inadequacy of traditional security models built around human users and perimeter defenses, demanding a fundamental rethinking of data governance and access control as AI becomes increasingly embedded in enterprise operations. The risk extends beyond malicious AI, encompassing the unintended consequences of granting automated systems broad access without adequate oversight.

What we're watching

Governance Dynamics
The disconnect between AI adoption and data control will likely force a reassessment of access policies and data visibility frameworks across industries, potentially leading to stricter regulatory oversight.
Execution Risk
The slow pace of security investment relative to AI’s expansion creates a significant execution risk for organizations, as they struggle to adapt existing infrastructure and expertise.
Regulatory Headwinds
Increased awareness of AI-driven attacks and data breaches will likely spur regulatory bodies to mandate enhanced data security measures and accountability for AI deployments.

Thales, Samsung Chip Collaboration Wins CES Award, Advances Post-Quantum Security

Event summary

  • Thales and Samsung Electronics jointly developed a post-quantum security chip, the S3SSE2A, recognized at CES 2026.
  • The chip integrates Thales’ secure operating system and quantum-resistant cryptographic libraries.
  • The collaboration addresses the growing threat of quantum computing to current encryption standards and the 'harvest now, decrypt later' risk.
  • Thales invests over €4 billion annually in R&D, including cybersecurity and quantum technologies.
  • Thales reported €20.6 billion in sales in 2024.

The big picture

The joint effort between Thales and Samsung highlights the escalating urgency surrounding post-quantum cryptography. The 'harvest now, decrypt later' threat, where encrypted data is intercepted and stored for future decryption with quantum computers, necessitates proactive security measures. This collaboration signals a shift towards embedding quantum-resistant security at the hardware level, moving beyond software-based solutions and impacting a vast ecosystem of connected devices, from consumer electronics to critical infrastructure.

What we're watching

Adoption Rate
The pace at which the S3SSE2A chip and similar post-quantum solutions are integrated into connected devices will determine the speed of industry-wide transition and the mitigation of 'harvest now, decrypt later' risks.
Competitive Landscape
Other semiconductor manufacturers and cybersecurity firms will likely accelerate their own post-quantum development efforts, potentially leading to a period of intense competition and innovation in the embedded security space.
Regulatory Impact
Government mandates and industry standards regarding post-quantum cryptography will significantly influence the adoption timeline and the overall market size for solutions like the Thales-Samsung collaboration.

Thales-Google Cloud JV S3NS Secures Top-Tier French Cloud Certification

Event summary

  • S3NS, a joint venture between Thales and Google Cloud, has achieved SecNumCloud 3.2 qualification for its PREMI3NS cloud offering.
  • The SecNumCloud 3.2 certification is the highest standard for cloud security in France and Europe, guaranteeing immunity from extraterritorial laws.
  • PREMI3NS now offers the most extensive range of cloud services with SecNumCloud 3.2 certification.
  • Thales has selected S3NS for its own internal IT and engineering needs, signaling internal adoption.
  • The qualification was achieved within three years of S3NS’s creation in 2022.

The big picture

The SecNumCloud 3.2 qualification represents a significant step towards European data sovereignty and reduces reliance on US-based cloud providers. This certification, coupled with Thales’ backing and Google Cloud’s technology, positions S3NS to capitalize on the growing demand for secure, locally-controlled cloud services within France and potentially across Europe. The move underscores the increasing importance of regulatory compliance and data protection in the cloud market, particularly for organizations handling sensitive information.

What we're watching

Market Adoption
The speed at which PREMI3NS can convert its early adopter base into long-term customers will be a key indicator of its commercial viability, particularly given the stringent requirements of SecNumCloud compliance.
Competitive Landscape
How other cloud providers will respond to S3NS’s offering and the broader push for European data sovereignty will shape the competitive dynamics within the French and wider European cloud market.
AI Integration
The successful and secure integration of generative AI solutions into PREMI3NS will be crucial for maintaining its competitive edge and attracting customers seeking advanced cloud capabilities.
CID: 639