Zscaler Introduces Enhanced Zero Trust Solutions for AI Governance

The rise of AI agents is reshaping enterprise operations, but their integration brings significant security challenges. In response, cybersecurity firm Zscaler has expanded its Zero Trust Exchange with new features designed to govern how these autonomous systems operate within corporate networks. This initiative, announced at Zscaler’s Zenith Live conference, underscores the growing need for effective AI governance in organizations.

Zscaler's latest tools—AI Broker, AI Access Graph, and Endpoint AI Security—collectively represent what Zscaler claims is the industry's first comprehensive Zero Trust framework specifically tailored for agentic AI. Swamy Kocherlakota, Zscaler’s executive vice president focused on agentic AI, points out that traditional security frameworks, which depend on established identity systems for human employees, are inadequate for the unique identities and operational speeds of AI agents.

Unlike human users, AI agents can create temporary identities and access systems at machine speed, often eluding detection by conventional security tools. Kocherlakota compares the current state of enterprise security to building a home incrementally, where solutions are added piecemeal, resulting in a disjointed collection of systems. This fragmented approach has left enterprises exposed as AI agents proliferate without appropriate oversight.

New Tools for AI Security

The AI Broker acts as a central intermediary for communications between AI agents, while the Endpoint AI Security feature addresses vulnerabilities across various devices connected to a network. With the AI Broker, Zscaler’s platform supports Model Context Protocol (MCP) and Agent2Agent (A2A) communications, enabling organizations to monitor and control the permissions of each agent. This focused approach ensures that an agent with access to financial data, for instance, does not accidentally gain entry to unrelated systems like HR or procurement.

Endpoint AI Security boosts visibility into potential threats by scanning devices for vulnerabilities within browsers and locally hosted AI tools. According to Kocherlakota, this capability allows Chief Information Officers (CIOs) and Chief Information Security Officers (CISOs) to manage which applications and tools employees can install, thereby minimizing risks associated with unauthorized access.

Addressing Complexity with AI Access Graph

To further manage the complexities of AI traffic, Zscaler has introduced the AI Access Graph, a real-time map that provides insights into identities, applications, and data sources within an enterprise. This tool aims to simplify the overwhelming complexity of managing numerous roles and entitlements, which can exceed 10,000 distinct accesses in a typical workforce of 1,000 employees. The AI Access Graph leverages technology from Zscaler's recent acquisition of Symmetry Systems, known for creating knowledge graphs that track user entitlements and access patterns.

Jay Chaudhry, Zscaler’s CEO, emphasizes that the demands of AI agents require a reevaluation of existing governance tools. As AI becomes more integrated into enterprise operations, the need for effective governance mechanisms grows more urgent. He asserts that traditional security protocols are insufficient, and organizations must adapt to the new challenges posed by AI.

Kocherlakota further highlights the necessity of proactively securing AI technologies, stating, “Protecting AI is the net new. If you don’t do protection, you will learn the hard way, and the cost of learning this hard way is not something enterprises are ready for at this time.” This perspective reflects a consensus that effective AI governance is not merely an enhancement of existing practices but a vital evolution in the cybersecurity landscape.

As Zscaler rolls out these new capabilities, the company positions itself as a leader in meeting the security needs of enterprises facing the complexities introduced by AI agents. With the Zero Trust Exchange at the heart of its strategy, Zscaler aims to equip organizations with the visibility and control necessary to protect their operations in an increasingly automated world.