As enterprises accelerate the adoption of generative and agentic AI, Zscaler has unveiled a new set of AI security innovations aimed at closing what it sees as a widening gap between AI innovation and enterprise security readiness.
The company says traditional security models — built for human-driven web traffic and static application patterns — are increasingly ineffective in an AI-driven environment. AI workloads introduce new protocols, non-human interaction patterns, and autonomous behaviour that legacy tools struggle to inspect or govern. The result, according to Zscaler, is growing exposure to data loss and cyberattacks at precisely the moment organisations are scaling AI across critical business functions.
That risk is already materialising. Findings from the ThreatLabz 2026 AI Security Report, released alongside the announcement, indicate that enterprise AI systems can be compromised in as little as 16 minutes, with critical flaws identified in every system analysed. The report highlights how limited visibility into AI usage — spanning models, agents, development environments, and embedded AI in SaaS platforms — leaves security teams unable to fully assess exposure or enforce policy.
Building visibility into the enterprise AI footprint
Zscaler’s expanded AI Security Suite is designed to give enterprises a consolidated view of their AI estate. Rather than treating AI as a standalone security problem, the platform maps dependencies across generative AI services, embedded AI in SaaS applications, AI development pipelines, MCP servers, models, agents, and supporting infrastructure.
By correlating asset discovery with access relationships, data lineage, runtime behaviour, and security posture, Zscaler aims to help organisations understand not just where AI exists, but how it interacts with sensitive data and systems — and where risk is being introduced.
Jay Chaudhry, CEO, Chairman, and Founder of Zscaler, said enterprises are no longer looking for incremental point solutions. As AI reshapes business operations, he noted, security leaders want a unified approach that allows them to innovate without sacrificing governance or control.
Three pillars of enterprise AI security
The updated AI Security Suite focuses on three core enterprise use cases. First is AI Asset Management, which provides CISOs and governance teams with a comprehensive inventory of AI applications, models, agents, and infrastructure. This is intended to surface shadow AI usage, clarify what data AI systems access, and prioritise risk based on real usage patterns.
Second is Secure Access to AI, which applies Zero Trust principles to sanctioned AI tools and services. Through inline inspection, prompt classification, and granular access controls, organisations can enable productivity while reducing the risk of data leakage or misuse.
The third pillar addresses AI infrastructure and application security, giving development and application teams tools to protect AI systems across their lifecycle. Capabilities include automated AI red teaming, prompt hardening, runtime guardrails, and continuous posture assessment from build to production.
Industry analysts see the move as a response to a fundamental shift in traffic patterns. Zeus Kerravala, Principal Analyst at ZK Research, pointed out that AI traffic behaves very differently from traditional web traffic — it is faster, autonomous, and often opaque to existing security stacks. Without security controls that understand the context of AI interactions, he warned, enterprises risk operating “blind” during one of the most consequential technology transitions in decades.
With enterprises preparing for a future where AI agents operate alongside — and sometimes independently of — humans, Zscaler’s latest announcement underscores a broader industry reality: securing AI adoption is no longer optional. Visibility, Zero Trust enforcement, and AI-aware governance are fast becoming foundational requirements for scaling AI safely across the enterprise.