Zscaler announced what it calls the first complete zero trust platform for agentic AI, aimed at securing how AI agents access data and talk to one another.
“Traditional security was never designed for millions of autonomous agents that act and reach sensitive data at machine speed,” said Jay Chaudhry, Zscaler’s chairman and CEO, in the Tuesday announcement.
The company will be extending its Zscaler Zero Trust Exchange platform to cover AI agents, including how they connect, how they access data, and how they run on devices.
According to Christina Powers, partner and cybersecurity consulting leader at management consulting firm West Monroe Partners, zero trust for agentic systems means treating every AI agent, tool, and action as untrusted until it is explicitly verified and authorized.
“As organizations give agents greater autonomy to access systems and make decisions, zero trust becomes essential because of the risk of unauthorized actions being executed at scale,” she says.
To this end, the new Zscaler AI Broker will secure MCP [Model Context Protocol] and A2A [Agent to Agent] communications. MCP and A2A are the top open standards for how AI agents connect to data and to each other, respectively.
Second, Zscaler Endpoint AI Security will help find and stop AI-related threats on employee devices. It covers browsers, plugins, extensions, and local AI tools — which traditional endpoint security tools can miss.
In addition to these two new security tools, Zscaler is announcing the Zscaler AI Access Graph, which maps how identities, applications, and data sources connect across the enterprise. This new tool is powered by Zscaler’s recent acquisition of Symmetry Systems.
“The integration of this technology with Zscaler’s Zero Trust Exchange enables organizations to understand and then enforce policies, reduce unnecessary access and risk, and track data lineage in real-time across every channel,” the company said in its announcement.
Finally, Zscaler is expanding Zscaler AI Protect, which was launched in January 2026. The platform will now include AI asset management, which will identify AI agents and MCP servers, discover embedded AI in SaaS and internet traffic, scan agentic code bases for risks, and provide visibility to AI activity on endpoints.
The platform will also have expanded controls for AI interactions, with prompt extraction, across more than 250 genAI apps. It includes full conversational views, support for Anthropic and OpenAI compliance APIs, and intent-based guardrails for multi-turn conversations.
Zscaler is also introducing AI red teaming for MCP servers, a standalone prompt hardening service, and compliance heat maps to strengthen AI governance.
Zscaler is entering an agentic AI security market that barely existed a year ago.
According to a report from the Dell’Oro Group, the AI systems security market is projected to grow from “essentially zero” to $8 billion by 2030 — and there are already nearly 60 vendors active in the space, offering everything from model and component security, to AI validation and red teaming, AI security posture management, runtime guardrails, and agent security.
Zero trust is just one component of the AI security puzzle, says Dell’Oro Group analyst Mauricio Sanchez.
At its heart, zero trust for agentic AI extends beyond users and devices to the agents themselves. “An AI agent should not inherit broad access simply because a user launched it or because it runs within a trusted application,” Sanchez says. “It needs its own identity, its own permissions, a clear scope of action, and continuous monitoring of its activities.”
Enterprises need to know who authorized the agent, what it’s allowed to do, what systems it can access — and whether it can be stopped quickly if it starts to misbehave. “This is important because agentic systems can act at machine speed,” he says. “They can call APIs, move data, trigger workflows, create content, and interact with other systems.”
The idea is to protect agents from both adversaries and accidental misconfigurations, says Michela Menting, vice president and analyst at ABI Research.
“I would say this is particularly important, as threat actors moving laterally within an organization tend to use other internal assets to escalate privileges and reach corporate crown jewels,” she says. “Agentic systems and agents are a powerful new asset that can be exploited quite easily without such controls, and could lead to catastrophic outcomes.”
Maria Korolov is an award-winning technology journalist with over 20 years of experience covering enterprise technology, mostly for Foundry publications — CIO, CSO, Network World, Computerworld, PCWorld, and others. She is a speaker, a sci-fi author and magazine editor, and the host of a YouTube channel. She ran a business news bureau in Asia for five years and reported for the Chicago Tribune, Reuters, UPI, the Associated Press and The Hollywood Reporter. In the 1990s, she was a war correspondent in the former Soviet Union and reported from a dozen war zones, including Chechnya and Afghanistan.
Maria won 2025 AZBEE awards for her coverage of Broadcom VMware and Quantum Computing.
Leave a Reply