The Problem Nobody Fully Solved Yet
Traditional security tools were designed around humans. Predictable login patterns. Known identities. Controlled access windows.
Autonomous agents break all of that. They can act independently or on behalf of users, create short-lived identities, delegate tasks to sub-agents, and consume permissions in milliseconds. That’s not a gap in your security posture — it’s a canyon.
As businesses move from experimenting with AI to actually deploying it across operations, the question shifts from “can we use AI?” to “can we trust what it’s doing?”
AI Broker
AI Broker is Zscaler’s answer to the agent-to-agent communication problem. It includes an Agent Registry — essentially a ledger of what each agent is permitted to access — and applies granular access controls across enterprise AI environments.
It also secures agentic communications through MCP and A2A brokers, which matters as multi-agent architectures become more common. Think of it as a traffic controller for AI agents that would otherwise be passing data around with very little oversight.
Endpoint AI Security
This one targets the device layer — browsers, extensions, plugins, and locally running AI tools on employee machines. Most endpoint security tools don’t look closely at that layer. Zscaler is betting that’s exactly where the next wave of enterprise AI risk lives.
It’s a reasonable bet. As workers install AI browser extensions and local models, the endpoint becomes a new attack surface that sits well outside traditional perimeter thinking.
AI Access Graph: Seeing the Whole Picture
Zscaler also introduced AI Access Graph, built on technology from its acquisition of Symmetry Systems. It maps relationships between identities, applications, and data sources across an organization in real time.
The practical value: security and compliance teams can see which agents are talking to which models, which data sources they’re touching, and whether any of that matches company policy. Data lineage, visualized. That’s not a small thing when regulators start asking questions.
AI Protect Gets Smarter Too
The existing AI Protect suite received updates across three areas worth noting:
AI asset management — New discovery tools surface embedded AI inside SaaS applications and internet traffic, identify AI agents and MCP servers in public cloud environments, and scan codebases for agentic risks.
Secure access to AI — Expanded controls now cover prompt extraction across more than 250 generative AI applications, with full conversational views, support for Anthropic and OpenAI compliance APIs, and guardrails for multi-turn conversations.
Secure AI infrastructure — Zscaler added AI red teaming for MCP servers, a standalone prompt hardening service, and compliance heat maps to tighten governance across development and deployment.
Why This Matters Right Now
Jay Chaudhry, Zscaler’s CEO, framed it plainly: “Traditional security was never designed for millions of autonomous agents that act and reach sensitive data at machine speed.”
That’s not marketing language — it’s an accurate description of where enterprise AI is heading. The security industry is scrambling to catch up, and Zscaler is making a clear play to own the Zero Trust layer for AI agents the same way it did for cloud workloads.
KPMG’s Global CISO John Israel put the governance angle well: “Managing data security is no longer just about building high walls; it is about scaling visibility and treating data as a highly active, strategic asset.”
For compliance teams, that framing is everything. Knowing an agent can access something is very different from knowing it should — and proving the difference to an auditor is harder still.
The Bigger Picture
Zscaler operates across more than 160 data centers globally, serving large enterprises, critical infrastructure, and government agencies. That scale gives these new tools immediate relevance for organizations that can’t afford to treat AI governance as an afterthought.
The broader signal here is clear: the cybersecurity industry is pivoting hard toward agentic AI. The companies that define the security layer for autonomous agents now will have significant leverage as deployments scale.
Zero Trust was built for humans navigating the internet. The next version has to work for software that never sleeps, never logs out, and moves faster than any human security team can manually track.
Zscaler just made its case for being that next version.
Comments (0) No comments yet
Want to join this discussion? Login or Register.
No comments yet. Be the first to share your thoughts!