My year started off with a cornucopia of events – CES, the National Retail Federation show and the World Economic Forum in Davos — and though they’re three completely different events, there was one thread that cut across all of them: artificial intelligence. Like the internet did 30 years ago, AI will change the way we work, live, learn and play. However, also like the internet, AI will bring several new security threats, prompting organizations to rethink their cyber strategies.
At Davos, I discussed this with Mike Rich, chief revenue officer for Zscaler Inc. “Companies could move much faster if they had the right governance in place,” he said. “The pressure to deploy AI is coming from the CEO and being pushed down, and because the right governance and trust models are in place, that’s slowing things down.”
This week Zscaler announced it’s expanding its AI Security Suite with new features that give enterprises more visibility and control over how AI is being used across their environments. The idea is to make security less of a hurdle as companies move from experimenting with AI to systems that rely on agents and automation.
Most companies don’t know where AI is running inside their organizations. Generative AI tools are everywhere, AI is being baked into software-as-a-service platforms, and companies are building their own models and agents internally as well. Couple this “shadow AI” problem with rapid infrastructure changes, and security teams are left trying to figure out where the risks are.
Basic access control is also difficult to manage. AI traffic doesn’t look like normal user activity. Much of it comes from automated systems talking to each other, and traditional security tools weren’t built for that. Then there are the AI-specific threats. Attacks like prompt injection or model tampering go straight after the AI itself. Those don’t show up in traditional red teaming exercises or standard posture checks, which creates additional management challenges for security teams.
The reality is most existing security products weren’t built for AI because they were built in an era where the number of users, the location they worked in, and the nature of traffic was very predictable. AI agents can be invoked, run for 30 seconds and be deprecated, and that creates a level of randomness bordering on chaotic for security teams.
Adding to the challenge is that security teams don’t want to stitch together multiple point solutions. Zscaler’s security platform gives enterprises a clearer view of their entire AI environment. It shows where AI is running, who can access it, and what data it touches, so companies don’t lose visibility as AI becomes more embedded in day-to-day operations.
More specifically, the updated platform addresses enterprise AI security in three ways.
- AI Asset Management provides chief information security officers, the information technology department and governance teams a comprehensive inventory of AI apps, models, infrastructure, agents and usage. This brings visibility to shadow AI, understand what data AI touches and prioritize risk by providing visibility on AI usage.
- Secure Access to AI helps security teams safely enable sanctioned AI services like developer tools and AI models with Zero Trust controls, inline inspection and prompt classification to reduce data loss and misuse while preserving productivity. Zscaler data shows that AI has seen a massive 91% surge in activity with nearly 40% being blocked due to security concerns. The secure access can help enable businesses to use AI and give organizations the confidence to move forward.
- Secure AI Infrastructure and Apps enables application teams to protect AI development across the lifecycle with automated AI red teaming, prompt hardening, runtime guardrails and continuous risk posture assessment from build to runtime.
Zscaler says its approach is about managing AI security continuously instead of doing one-time assessments. The company is rolling out additional protections, including a new Model Context Protocol gateway for secure automation and AI deception tools that defend against attacks targeting AI models.
A comprehensive AI security suite like the one Zscaler offers can help change the way businesses view security. Historically, most organizational leaders look at security as something that gets in the way of the business, since that has been the reality. Security baked into the AI processes allows companies to move forward with confidence, turning security into a business enabler.
A key theme of Davos was “trust,” taking many forms. Within the context of AI usage, for companies to get the full value of AI, they must trust that the actions AI is taking are what they need to be, using the data AI is allowed to touch, and isn’t putting the company at risk.
Zeus Kerravala is a principal analyst at ZK Research, a division of Kerravala Consulting. He wrote this article for News.
Photo: Zscaler
Support our mission to keep content open and free by engaging with theCUBE community. Join theCUBE’s Alumni Trust Network, where technology leaders connect, share intelligence and create opportunities.
- 15M+ viewers of theCUBE videos, powering conversations across AI, cloud, cybersecurity and more
- 11.4k+ theCUBE alumni — Connect with more than 11,400 tech and business leaders shaping the future through a unique trusted-based network.
About News Media
Founded by tech visionaries John Furrier and Dave Vellante, News Media has built a dynamic ecosystem of industry-leading digital media brands that reach 15+ million elite tech professionals. Our new proprietary theCUBE AI Video Cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
