Trust no one. That’s the maxim that organisations should keep close to heart as they apply artificial intelligence (AI), including agentic, across their workflows.
At least, that is what industry proponents are advising, particularly as advancements in frontier AI threaten to significantly speed up the rate at which security vulnerabilities are exposed.
AI is creating new cyber and resilience challenges, said Jay Chaudhry, CEO, chairman, and founder of Zscaler, at the security vendor’s Zenith Live 2026 conference held in Vienna, Austria.
Traditional security frameworks, built on a moat-and-castle design, are no longer effective as enterprise networks expanded with the cloud, driving the need to build bigger moats, said Chaudhry.
This collapses further in an agentic environment, where traditional security is not designed for AI agents that autonomously act and access sensitive data at machine speed, he noted.
Organisations must look at security differently in order to embrace AI, he said, adding that security would have to be dynamic so AI can be safely operated at scale.
Frontier AI models will accelerate and automate attacks, said Deepen Desai, chief security officer and executive vice president at Zscaler, during a media briefing at the conference.
Stealing data with speed, scale
In a blog post last month, Desai had said frontier AI models presented a critical inflection point for enterprise security, noting that they expanded the attack surface for organisations.
“They reason across attack paths, weigh exploitability, and generate security-relevant workflows,” he said. “The threat chain remains the same. Attackers will continue to find what’s exposed, break in through a weak point, move laterally, and steal data. What’s changed is the expertise required, speed, and scale.”
As AI models continue to advance, he predicted that threat actors would leverage AI agents to phish other AI agents and scale phishing operations.
He added that phishing attacks in future could evolve into persistent multi-channel attacks, with deepfake impersonation redefining social engineering attacks.
In its advisory note about risks associated with frontier AI, Singapore’s Cyber Security Agency (CSA) also warned about the accelerated speed at which frontier AI models can identify vulnerabilities and engineer exploits.
It will potentially reduce the time needed for developers to fix identified bugs, it said.
In one test, Anthropic’s Mythos generated 181 working exploits against Firefox 147 by linking four bugs, according to PwC.
The median time to exploit for newly identified vulnerabilities also dipped to just under one day in 2026, compared to 23 days last year, PwC noted in a post about security risks from frontier AI.
The consulting firm added that the assumption organisations had days or weeks to run patch cycles, respond to security incidents, and conduct tests now no longer held true.
It urged enterprises to replace “point-in-time security testing” with continuous AI-enabled assessments.
This should be further hardened with zero trust, segmentation, and modern identity access management, PwC said.
“Apply the same zero-trust controls to AI agents -- least privilege, strong authentication, and full auditability,” it said.
CSA also noted the need to adopt zero-trust architecture principles, echoing PwC’s recommendation to implement continuous verification, least-privilege access, alongside runtime application security monitoring.
This prevents AI from exploiting vulnerabilities introduced during software development or third-party integrations, the Singapore government agency said.
Never trust, always verify at least-privilege
With Mythos-like attacks coming out, zero trust also is essential to minimise supply chain risks, Chaudhry said.
Zscaler espouses the importance of a zero trust architecture in an AI era, where trust must be continuously earned and not granted by default.
“It eliminates implicit network trust and enforces continuous, least-privilege verification for every user, device, workload, and connection -- regardless of network location…before access is granted,” the security vendor said.
This includes every application and AI system, it said.
Zero trust safeguards data, models, APIs (application programming interfaces), and AI agents from unauthorised access and misuse, it added.
It provides the resilience to mitigate cyber risks as well as supports a hybrid workforce, according to Gartner.
It also affords the flexibility to enable appropriate access methods, while removing implicit access based on location.
The research firm predicts that, by 2026, 10% of large enterprises will have a mature and measurable zero trust strategy in place, up from less than 1% in 2024.
Security teams today are concerned about the massive scale at which vulnerabilities can be uncovered by frontier AI models and exploited by threat actors, said Dhawal Sharma, Zscaler’s executive vice president of AI security and strategic initiatives.
At the same time, enterprises want to be able to use AI everywhere because it can be leveraged to build differentiation in their core business and applications, Sharma shared in an interview with FutureCISO, on the sidelines of the Zenith Live conference.
But they want to ensure they adopt and use AI safely, he said.
With a zero trust architecture, he noted that organisations can do so by hiding their attack surface, where potential vulnerabilities sit.
When a namespace, which typically refers to a logical container used to identify objects in particular groups, goes dark on the internet, it does not have exposure on the internet.
This concept is applied in a zero trust architecture, where organisations may not be able to patch every vulnerability, but can hide these vulnerabilities from exposure -- hence, reducing their attack surface.
And along with the use of decoys or honeypots, which emulate the vulnerabilities, high fidelity detection response signals can be integrated into an organisation’s SOC (security operation centre) to provide alerts should threat actors breach the network.
Tapping such tools, within a zero trust architecture, enterprises will be able to reduce the impact should the vulnerabilities be exploited, Sharma said.
Context is everything in finding vulnerabilities
Organisations looking to leverage AI models to identify vulnerabilities also will need to ensure they have the right context.
The quality and extent of context provided can influence the AI model’s ability to generate actionable findings and identify vulnerabilities more effectively, Desai noted.
He advised organisations to start with a reasonably good base, then adjust accordingly for their environment.
They have to finetune and tweak their test harnesses to ensure they continue to get the results they need, he said.
The art, it seems, is in finding the right balance.
Feed the test harnesses too much context and organisations will likely only end up with vulnerabilities they already know of. Too little context and they may end up with over stimulated results.
In test harnesses, AI agents are deployed within a controlled environment to run tests and simulations, based on data they are fed about the applications they are tasked to assess.
In Zscaler’s own tests, it discovered that grounding the AI model in its own environment proved essential.
“Providing architectural context, threat models, and known weaknesses significantly improved accuracy, [but] feeding the model examples of previously found issue classes caused it to anchor on those patterns and stop hunting for what hadn’t been discovered yet,” Desai explained.
Organisations have to keep adjusting for their environment, giving the AI models enough information about the applications, but not the class of vulnerabilities they are looking for, he said.
“Then adjust again until you find the spot where you’re finding [vulnerabilities] you weren’t finding before,” he noted.
Sharma added that there were risks if organisations fed the AI models “bad” context. For instance, models trained with poisoned data will generate wrong and undesired outputs.
He added that companies will have to decide when to use LLMs (large language models) or SLMs (small language models), that are trained on industry-specific data.
Safeguards needed as browsers get AI features
They also will need to assess whether their web browsers are sufficiently secured, especially as AI features increasingly are added to browsers, said Vivek Ramachandran, senior director at SquareX, which Zscaler acquired in February.
There are AI sidebars now where users can talk to the browsers and give instructions on activities they want carried out, said Ramachandran, who was the founder and CEO of SquareX.
Browsers are starting to evolve to become AI assistants to the user, he said in an interview with FutureCISO at the conference.
As they transition towards that role, for instance, helping users search for and book flights, the question then arises whether the AI agents -- that power the web browsers -- are guided by the same security policies and safeguards as those deployed within their organisation's network.
“What we are starting to see is that enterprises now want the ability to control, monitor, and enforce business policies on these browser-based agents,” Ramachandran said.
It still is an early phase at which these tools are being developed, he noted, adding that browsers traditionally are built as consumer software, without an enterprise focus.
Now, however, it seems they will need to be developed to support enterprise needs, he said.
Zscaler’s acquisition of SquareX is touted to “redefine browser security”, enabling organisations to embed extensions into browsers to provide enhanced security and bypass the need for third-party browsers.
It extends the zero trust architecture to browsers, enabling companies to secure user devices regardless of the browser users choose to run, such as Google Chrome and Microsoft Edge, according to Ramachandran.
And they can do so without having to implement a separate, third-party enterprise browser, he added.
