Zero trust: the architecture that will shield AI agents

What happened?

Jay Chaudhry, CEO of Zscaler, has stated that AI agents — autonomous systems that execute tasks without human supervision — are becoming the new 'weakest link' in computer security, displacing the human user who was traditionally the vulnerable point. In an interview with TechRadar, Chaudhry said: 'Yesterday, the user was the weakest link. Today, these agents are becoming the weakest link.' To mitigate this risk, he proposes applying a zero trust architecture that verifies every action of the agent, regardless of its origin or context. This statement comes at a time when the adoption of AI agents is accelerating: according to Gartner, by 2026, 30% of large enterprises are expected to use AI agents to automate at least one critical business function, up from 5% today. Chaudhry's warning is not isolated: in February 2025, a CrowdStrike report noted that attacks targeting large language models (LLMs) increased 400% year-over-year, although most were proof-of-concept.

Why is it important?

AI agents, such as advanced chatbots or autonomous productivity assistants, operate with elevated permissions and access to sensitive data. Unlike human users, they can be exploited through prompt injection, model manipulation, or supply chain attacks. Without an adaptive security model, a single compromised agent can unleash a cascade of damage. The zero trust proposal — never trust, always verify — aligns with the need to continuously monitor agent behavior, restrict their privileges to the minimum necessary, and segment their access. Historically, computer security has evolved in phases: in the 1990s, the network perimeter was the boundary; in the 2010s, with cloud and mobile, user identity became central. Now, with AI agents, the identity and behavior of the agent become the new perimeter. According to an IBM study from 2024, 60% of companies that implemented AI agents reported security incidents related to misconfigurations or excessive permissions, underscoring the urgency of an approach like Zscaler's.

Consequences for businesses and users

Companies adopting AI agents will need to implement zero trust policies from the design phase. This involves network microsegmentation, multifactor authentication for each agent action, and real-time audit logging. For users, it will mean greater transparency and control over what data and systems agents can access. In the long term, a security standard for AI agents could emerge, similar to OAuth for APIs. Zscaler, as a cloud security provider, is positioned to capitalize on this trend by offering zero trust solutions for agents. In market terms, AI agent security could become a multi-billion dollar segment: Allied Market Research estimates the global AI security market will reach $38 billion by 2030, with a compound annual growth rate of 23%. Companies like CrowdStrike have already launched specific modules to protect agents, and Palo Alto Networks announced in April 2025 a partnership with OpenAI to integrate security controls into their models.

What readers should know

• AI agents are not inherently insecure, but their autonomous nature requires new security models.
• Zero trust is not a technology but an architecture that combines policies, tools, and continuous monitoring.
• Practical implementation includes: strong agent identity, context-based access control, and policy orchestration.
• Companies like Zscaler, CrowdStrike, and Palo Alto Networks are already working to adapt their platforms to this new paradigm.
• Regulators may require security certifications for AI agents in critical sectors, as already happens with high-risk AI systems in the EU under the AI Act.

“AI agents are the new security perimeter. Zero trust allows us to protect them without assuming they are trustworthy by default.” — Jay Chaudhry, CEO of Zscaler

Context and comparison

Historically, security has shifted from protecting the network perimeter to protecting user identity. Now, with AI agents, the focus moves to agent identity and behavior. Similar to how cloud adoption drove zero trust, mass adoption of AI agents will do the same. Companies already using AI assistants for tasks like report generation or customer service must assess their risks. A paradigmatic case occurred in 2024, when an AI agent at a financial company was manipulated via prompt injection to transfer funds to an external account, although the attack was detected by manual controls. This incident, reported by KrebsOnSecurity, illustrates the real vulnerability. Comparatively, the transition to agent security recalls the adoption of multifactor authentication (MFA) after the wave of phishing attacks in 2016-2018: initially seen as a burden, it later became standard.

Speculation and unconfirmed

There is no evidence that a large-scale attack against AI agents has occurred yet. Chaudhry's warning is prospective. Nor is it confirmed that Zscaler has a specific product for agent security; so far it is a strategic direction. However, industry sources suggest Zscaler could announce a dedicated solution at its annual Zenith Live conference in June 2025. Additionally, although Chaudhry does not mention concrete figures, Gartner analysts speculate that the security market for AI agents could represent 15% of total cloud security spending by 2027, a projection that still needs to be validated with quarterly data.