Cloud, AI make zero trust approach critical | Bengaluru News

Prague: As cyber threats become more sophisticated and workforces increasingly operate outside traditional office boundaries, the old model of network security – where anyone inside the system was automatically trusted – is no longer enough. Traditionally, security worked like a `castle and moat’: once inside the corporate network (the castle), you were trusted, and the moat (firewalls and perimeter defences) kept outsiders at bay. But as Jay Chaudhry, the India-born founder and CEO of cybersecurity company Zscaler, explained, this model fails in today’s cloud-first world, where users are no longer confined to a physical location.One widely accepted new approach that is reshaping cybersecurity globally is what’s called zero trust security. In this approach, said Chaudhry, nobody is allowed to roam the castle freely. “We escort them only to the meeting room they’re authorised for, and then escort them out once done. The moat approach does not hold good any longer,” he explained in his keynote address at Zenith Live 2025, the annual cybersecurity event Zscaler organises. He noted that the zero trust approach was becoming even more critical as AI accelerates. Because hackers can use AI to try and fool the system. Zero trust operates on the principle: trust no one, always verify – be it a user, a device, or a connection.“Data is everywhere. We serve over 50 million users globally – employees accessing tools like Salesforce, Microsoft 365, SAP, LinkedIn, and YouTube through our secure platform,” said Chaudhry. “Think of us as an international checkpoint: we log every transaction – who accessed what, when, and from where. These digital records act like visitor logs, allowing us to capture early signs of malicious activity. Every day, we process around 500 billion transactions, generating 500 trillion data points – that is half a quadrillion. Analysing that is like finding a needle in a haystack. That’s where generative AI helps – spotting anomalies and powering tools like breach prediction to stop threats before they unfold,” said Chaudhry.That same principle, he said, must now extend to the next frontier: agentic AI. “Agentic AI can act autonomously and access a broad range of applications and data, so the need for Zero Trust is more urgent than ever,” Chaudhry emphasised. To meet this challenge, Zscaler, he said, is working with several partners, including Microsoft, to define and manage the identities of AI agents. “Once an agent’s identity is established, we’re expanding our platform to apply Zero Trust principles to them – so you’re not just protecting users, but also the AI agents acting on their behalf,” he said.Phil Tee, a pioneer in using AI in IT operations with his venture Moogsoft (acquired by Dell in 2023), joined Zscaler earlier this year as EVP and head of AI Innovation, excited by the opportunities for AI use on top of the company’s 500 trillion data points. He said if there’s a security incident in a company, it can take hours to months to diagnose what went on and take remedial action. “But if we are able to use AI to extract the answer from the logs, we could shrink that from months to minutes to maybe zero. And then you can couple that with an agentic architecture, and you can have maybe an auto heal, an autonomic security system,” he said.Given that many employees now use AI tools, the company is also working on a solution to do deep prompt inspection, just like cybersecurity tools do deep packet inspection to identify viruses and malware. This is to ensure there’s, for instance, no accidental data exfiltration, where an engineer might paste some source code to a foundation model because they’re trying to debug it or optimise it. That data could find its way into the training set of the model. “We can see the interaction between our clients and, let’s say, a copilot. We can use language models to look at the prompt to check if it is just plain text, or is it source code, is it malicious intent, inappropriate content,” said Tee.(The correspondent was in Prague at the invitation of Zscaler)