Zscaler has announced a series of enhancements to its Zero Trust Exchange platform aimed at securing agentic AI environments, as organisations increasingly deploy autonomous AI agents across enterprise workflows.
The new capabilities are designed to address emerging security, governance and visibility challenges associated with AI agents that operate autonomously, access enterprise data and interact with multiple systems at machine speed.
The announcement reflects a broader shift in enterprise security requirements as AI adoption evolves from human-assisted tools to autonomous agents capable of performing tasks, making decisions and initiating actions independently. Unlike traditional users, AI agents can create temporary identities, spawn sub-agents and interact with applications and data sources in ways that can be difficult to monitor using conventional security frameworks.
To address these challenges, Zscaler has introduced new capabilities intended to extend Zero Trust principles to AI agents, their communications and the environments in which they operate.
Among the key additions is Zscaler AI Broker, which is designed to secure communications between AI agents through Model Context Protocol (MCP) and agent-to-agent (A2A) interactions. The solution includes an integrated agent registry that provides visibility into agent identities, permissions and access rights, enabling organisations to apply more granular access controls.
The company has also introduced Zscaler Endpoint AI Security, a capability focused on identifying and mitigating AI-related threats on employee devices. The solution extends visibility into browsers, extensions, plugins and local AI tools, areas that are often outside the scope of traditional endpoint security products.
A central component of the announcement is the introduction of Zscaler AI Access Graph, a capability designed to map relationships between users, AI agents, applications and enterprise data sources. The technology leverages capabilities acquired through Zscaler’s acquisition of Symmetry Systems and aims to provide organisations with greater visibility into data lineage, access paths and identity relationships across AI-driven environments.
According to the company, the AI Access Graph can help security teams understand how data moves between agents, users and applications, while enabling policy enforcement and risk reduction through more informed access controls.
The announcement also includes enhancements to Zscaler AI Protect, the company’s AI security platform introduced earlier this year.
The updates span three areas:
- AI Asset Management, with expanded discovery capabilities for embedded AI services in SaaS applications and internet traffic, identification of AI agents and MCP servers in cloud environments, code scanning for agentic applications and endpoint-level visibility into AI activity.
- Secure Access to AI, which now includes broader monitoring of interactions across more than 250 generative AI applications, enhanced conversational visibility and support for compliance-focused integrations.
- Secure AI Infrastructure and Applications, featuring AI red-teaming capabilities for MCP servers, prompt-hardening services and governance tools aimed at strengthening compliance and risk management.
The developments come as enterprises increasingly evaluate how to secure AI ecosystems that extend beyond conventional user identities and application boundaries. Industry observers note that governance, visibility and access management are becoming critical requirements as AI agents gain access to business processes, sensitive data and operational systems.
Jay Chaudhry, Chairman and Chief Executive Officer of Zscaler, said the security industry must adapt to a future in which millions of autonomous agents interact with enterprise resources and data. He noted that the company’s latest innovations are intended to extend Zero Trust security principles beyond users and workloads to AI-driven environments.
Commenting on the broader implications of agentic AI adoption, John Israel, Global CISO at KPMG, highlighted the growing importance of data lineage, visibility and governance as organisations deploy AI agents to automate business operations.
The announcement underscores an emerging trend across the cybersecurity industry, where vendors are increasingly developing dedicated security frameworks for agentic AI. As enterprises move from experimentation to production-scale AI deployments, security controls capable of governing autonomous agents, data access and machine-to-machine interactions are becoming a growing area of focus.