Since Zscaler Inc.‘s launch, the company’s mission has been to disrupt traditional access and security with its Zero Trust platform. At its user event, Zenith Live, in Las Vegas, the company made its case for what its next act would look like: becoming the foundational “zero trust for agentic AI” platform.

For enterprises, the keynote by Chief Executive Jay Chaudhry (pictured) highlighted that securing artificial intelligence agents, including their connections, data paths and device footprint, is now a board-level architectural decision, not a bolt-on control, and that this will require a rethinking of security.

Here are my top takeaways from Chaudhry’s day 1 keynote at Zenith Live:

Agentic AI as the new risk plane

Throughout his keynote, Chaudhry framed agentic AI as the next major giga-wave after cloud and mobile, arriving faster and with fundamentally different risk characteristics. He warned that enterprises will soon face “dozens of AI agents for every employee,” each running continuously, spawning other agents and autonomously accessing enterprise systems and data. “Agents don’t take coffee breaks, they don’t sleep and they can create more agents,” he said, underscoring the shift from a human-centric to a machine-centric threat model.

This shift reframes users as just one part of a much larger digital workforce, where agents may hold more privileges than people. Chaudhry argued that governance built for humans — periodic certifications, training and manual approvals — cannot keep pace with agents operating at machine speed and scale. “You can’t rely on policies written for people when machines are making decisions in milliseconds,” he told the audience, making the case for a new control plane grounded in identity, data and application context rather than in networks and IP addresses.

Zero Trust Exchange evolves into an agent fabric

A second major takeaway is that Zscaler is evolving its crown jewel, the Zero Trust Exchange, from a user-to-app fabric into an “agent fabric” that brokers interactions among users, workloads and AI agents. Zscaler’s longstanding thesis holds that the internet can become your corporate network and that applications should be hidden behind a policy-driven exchange. This now extends to AI agents as first-class entities. “We always believed the internet should be your corporate network,” Chaudhry reminded the audience. “Now we must treat every AI agent as an untrusted outsider, just as we do with every user.”

That continuity is strategically important for customers who have already standardized on Zscaler for Zero Trust and Security Service Edge. Rather than standing up a new, parallel “AI security stack,” enterprises can onboard AI agents into the same fabric used today to connect users and applications. The platform can then enforce least-privilege access for agents, hide internal applications from direct exposure, and monitor all interactions for anomalous behavior. This positions Zscaler as a logical extension of the existing architecture, not a disruptive rip-and-replace solely to secure AI.

AI Broker: From AI gateway to policy engine for agents

On the product side, the most notable announcement is the Zscaler AI Broker, designed to sit between AI agents and the systems they access, including MCP-based agents and agent-to-agent interactions. With an integrated Agent Registry, the Broker tracks each agent’s identity, purpose and permitted data and actions, enabling granular policies such as restricting financial agents to specific systems or limiting customer-support agents’ access to personally identifiable information. This moves beyond the first generation of AI gateways, which focused largely on prompt filtering and model routing.

Chaudhry positioned AI Broker as the control plane for an emerging agentic ecosystem rather than another inspection point. “We can’t just watch what agents are doing; we must control what they are allowed to do from the very beginning,” he said. For enterprises experimenting with internal orchestrators and AI frameworks, AI Broker offers a way to centralize governance, contain the blast radius, and demonstrate compliance to regulators by treating agents as highly privileged service accounts with continuous authorization.

Endpoint AI Security: Taming shadow AI on devices

Zscaler also addressed the growing reality that much AI experimentation occurs at the endpoint — through browsers, extensions, local tools and plugins — by introducing Endpoint AI Security. These capabilities extend Zscaler’s reach into AI-related activity on endpoints, detecting and blocking behaviors such as malicious browser extensions acting as agents, unmanaged AI tools accessing sensitive files, and data exfiltration through AI assistants. Rather than becoming a traditional extended-detection-and-response provider, Zscaler is leveraging its existing visibility into encrypted traffic and software-as-a-service usage to correlate that visibility with endpoint-level AI behavior.

The goal is to give organizations a way to rein in “shadow AI” without stifling innovation. As Chaudhry put it, “Your employees will use AI, whether you have a policy or not. The question is, will you have visibility and control?” Endpoint AI Security effectively closes a critical blind spot between the cloud security stack and endpoint agents, providing security teams with a unified view of how AI is used across browsers, devices and SaaS applications.

AI Access Graph and AIGuardian: Turning telemetry into AI governance

Finally, Zscaler introduced AI Access Graph, powered in part by its Symmetry Systems acquisition, to map how identities, data and applications connect across the enterprise. This data-centric graph can answer questions such as which users and agents can access a particular sensitive dataset and what access chain led to a specific AI action. For AI governance, this level of lineage and visibility is increasingly critical, especially as regulators and boards demand proof of who or what interacted with sensitive data and under which policies.

AI Access Graph slots into the broader AI-Guardian initiative, which combines Zscaler’s Zero Trust Everywhere framework, AI Broker, Endpoint AI Security and AI Access Graph, with consulting and integration support from global system integrators. This recognizes that securing agentic AI is as much an operating-model challenge as a technology challenge.

“We see our customers as partners in this transformation,” Chaudhry said. “Our job is not just to provide technology, but to give you a path to adopt AI safely and at scale.” For large enterprises, this ecosystem approach may be the difference between staying stuck in pilot mode and confidently moving AI into production.

Mythos creates a long-term tailwind for Zscaler

Mythos wasn’t addressed at length in the keynote, but I did ask Chaudhry about it during the analyst Q&A. Given the confusion around this, I felt it was worth getting Chaudhry’s thoughts. He explained that Mythos creates a long-term tailwind because it validates the company’s core thesis that eliminating the attack surface matters more than chasing every new vulnerability, especially in an era when frontier models can find and weaponize bugs at machine speed.

The Mythos “SaaSpocalypse” narrative assumes that AI-accelerated vulnerability discovery is existential for SaaS security vendors, but Zscaler’s model is structurally different from that of a typical exposed SaaS app. Its Zero Trust Exchange is designed to hide applications from the public internet, remove public IPs and open ports, and make users and workloads reachable only through identity and policy-driven connections.

As Anthropic’s Project Glasswing and the Claude Mythos leak have already shown, most catastrophic exposures trace back to misconfigured internet-facing services rather than sophisticated exploits. This directly supports Zscaler’s message that “if you are reachable, you are breachable” and that shrinking what’s reachable is the only sustainable response to AI-driven reconnaissance. By being an early Glasswing partner, feeding Mythos with rich telemetry from hundreds of billions of daily transactions, and using it to harden both its own stack and customers’ attack surfaces, Zscaler can turn the same frontier AI that terrifies the market into a differentiator for its Zero Trust Everywhere architecture, reinforcing its relevance as AI makes legacy perimeter and VPN models obsolete.

Final thoughts

For chief information security officers and chief information officers, the key takeaway from Zenith Live is that AI security can no longer be deferred until projects “settle down.” Chaudhry acknowledged that many organizations remain in pilot mode not because they lack AI ideas, but because they don’t trust their ability to govern AI access to sensitive systems and data. By extending zero-trust principles to AI agents and anchoring them in a unified platform, Zscaler aims to give enterprises a credible path to move from experimentation to production with guardrails.

I expect that as AI moves into the mainstream, the secure access service edge and SSE vendors will ride a rising tide that lifts most of them. It’s critical that Zscaler and its peers clearly articulate their agentic AI strategies and how they integrate with or compete against emerging AI security fabrics.

For enterprises, Zenith Live provides a blueprint: Converge user, app and agent connectivity on a single zero-trust fabric; treat AI agents as untrusted yet governable entities; and use data-centric visibility, not network topology, as the foundation of AI governance. In Chaudhry’s words, “This is the kind of moment Zscaler was built for,” and the company is clearly betting that securing the agentic future will define the next decade of cybersecurity.

Though this is the kind of message one would expect from Zscaler’s CEO, the reality is that information technology has continued to grow in complexity and security, and that environment is an order of magnitude more complicated. Zscaler’s message has always been about shrinking the attack surface and limiting east-west traffic to minimize the blast radius of a breach. With AI coming, and coming fast, those basic principles can make the difference in security teams being able to keep up with the business or falling behind.

Zeus Kerravala is a principal analyst at ZK Research, a division of Kerravala Consulting. He wrote this article for SiliconANGLE.

Photo: Zeus Kerravala