CyberWire Daily - The role of AI in Zero Trust. [CyberWire-X]
Episode Date: November 6, 2025Zero Trust has been top of mind for years, but how is AI changing what that actually looks like in practice? In this episode of CyberWire-X, Dave Bittner is joined by Deepen Desai, Chief Security Offi...cer at Zscaler, to discuss the transformative impact of AI on Zero Trust security frameworks. The discussion outlines how AI enhances threat prevention, automates data discovery, and improves user experience while addressing the practical financial implications of adopting AI in security. Hear how organizations must embrace AI to stay competitive and secure against evolving threats. For additional resources on Zero Trust + AI, visit Zscaler's Replace Legacy Systems for Better Security. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyberwire Network, powered by N2K.
Welcome to this special edition of CyberwireX, where we explore the evolving intersection of cybersecurity strategy and cutting-edge technology. I'm Dave Bittner.
Today, we're diving into how zero-trust and artificial intelligence are reshaping the way organizations protect their data and streamline their operations.
My guest is Deep in Desai, Chief Security Officer at Z-Scaler, who joins us to unpack how AI-driven zero-trust can go beyond access control to deliver smarter, faster, and more unified data protection.
We'll discuss how this approach helps security teams automatically discover sensitive data without manually building dictionaries,
or policies, all while rapidly diagnosing user experience issues, saving time, money, and more
than a few headaches along the way. Stay with us.
Deepen, it is always great to catch up with you. I would love to start off with the big picture here.
I mean, Zero Trust has been top of mind for a lot of
security folks for years now.
But I'm curious, how is AI changing what that actually looks like in practice?
Hey, thank you, Dave.
AI is changing the way folks think about zero trust and overall productivity in a huge way.
Our CEO likes to call it a gigawave, just like we've gone through several different major changes,
whether it started with industry revolution.
and then there was cloud
and then now we're an age
where it's AI
and it's a huge
exponential change
that we're going through
in every aspect when it comes to
productivity, efficiency
and even the
risk side of the element where
as we use AI
using it securely becomes
number one priority
and as with anything good
even the bad guys will start
abusing it and using it to target the organizations.
Well, sticking with the basics here before we dig into some of the specifics,
what problems are organizations really trying to solve when they move towards zero trust?
And how does AI make that transition more achievable?
So number one objective for organizations that are transitioning to zero trust
is to ensure that they have a very secure,
and proactive posture when it comes to defending against modern threats.
There are three principles that are core to zero trust.
Number one is you should never trust and always verify what identity, what machine the user is
coming in from.
You should ensure least privilege access.
And then third is if there were to be a compromise scenario, you should assume breach.
And if you have it architected using true zero-trust principles, the blast radius from that compromise endpoint will not be substantial.
So that's the assume breach factor, which is a third one.
How does AI help over here in many different ways?
So I'll give you a couple examples.
When you implement a true zero-trust architecture, you are essentially going to reduce your attack surface, both external and internal.
You're going to have a consistent security, no matter where your users are, this is the prevent compromise stage.
You're going to prevent lateral propagation.
This is where with a truce user-to-app segmentation, you're able to prevent the attackers, even after they breach an identity or a machine, to move within your environment.
And then finally, you're able to reduce the opportunity for the attackers to exfiltrate data from your environment.
Now, if you think of each of these stages, AI plays a very important role.
Number one is you're able to better threat prevention using AI.
This is where predictive ML, predictive machine learning algorithms will play an important role
in combination with generative AI as well.
We're now in the age where agents are being deployed.
We at Z-Skiller have also deployed around five to six agents.
which are specifically tailored towards preventing bad things from entering the organization.
So this is the prevent compromise phase.
Now, equally important, as I mentioned, is the segmentation phase,
which is where you're truly limiting that blast radius.
AI has an important role to play over here as well.
The fact that Z-scaler is in the middle of all the communication that happens between
point A to point B, we're able to leverage AI to recommend to these organizations that, hey,
over the last three months, we saw these group of users communicating with these group of
applications. Looking at the posture, we feel that these applications are engineering applications
or these applications are financial applications, which means these group of users probably
our engineering department or finance department.
And then the AI will recommend very specific tailored user-to-app segmentation policies
that the organizations can then implement and, again, fast-track that zero-trust transformation journey.
Let me ask you about integration here because a lot of teams are managing multiple security tools.
And they're quite often disjointed, each one.
protecting a different layer.
When we're talking about AI-enabled zero trust,
are we unifying these into one comprehensive framework?
So the point you're making is the importance of platform.
You know, best-of-breed platform is still extremely important,
but if a platform starts to claim doing everything out there,
then it dilutes the effectiveness.
And I'll explain what I mean by that.
So at Z-scaler, we've always been very clear that, hey, we are the switchboard.
We'll connect entity A to entity B.
And the high-level goal is to make sure nothing bad comes in, nothing gold leaks out.
We will never do EDR light function.
We'll never get into identity.
That's where we will integrate with best-of-breed identity platform, whether it's Octa, you know, PIN,
Microsoft will integrate with Best of Breed
endpoint security platform like CrowdStrike,
Sentinel 1, but our core focus is that switchboard
functionality, which is where we want to make sure we do a
very good job. Now, your question around does AI
helps further integrate some of these things?
It will help with these integrations between best of
breed platforms. But the focus should
still be on your strength, where you're able to do things more effectively by integrating
AI into, just like I explained at different stages of the attack.
What about data discovery and being smarter about that?
I mean, discovering sensitive data a lot of times requires manual configurations with
dictionaries and policy tuning and things like that.
Is that an area where AI can help automate?
That's an excellent point.
And that was the fourth stage that I described as part of the zero trust transformation journey
where you're able to stop data exploration.
We are leveraging AI very, very effectively over there in order to prevent exfiltration
of data in line.
So this is where there are custom ML models per organization.
The organization themselves are enabled to create these custom dictionaries and models.
that will detect things that are sensitive to them.
We're also leveraging ML for data classification.
Just like you mentioned, there's a lot of data that exist in those SaaS destination.
So using API, we are able to scan and tag, classify the data into several different categories.
And AI does a phenomenal job at doing that with high efficacy and at scale.
So you're able to protect the data.
data that matters the most to your organization.
What sort of safeguards exist to make sure that this kind of automation doesn't
inadvertently create new privacy or compliance risks?
That's a very good point.
Look, securing the AI usage is one of the number one priorities or one of the top
priorities.
As I speak to global CXOs, there are three things that are top of mind.
AI or secure use of AI is number one.
And the way I like to describe how to go about securing AI usage is, number one is discovery.
This is where you need to know your AI usage and your shadow AI usage as well,
because there will be a lot of those applications that are running in the environment
that you're not aware of where AI is being leveraged, which can result in what you were
mentioning inadvertent data leakage.
So discovery, number one, you need to have a good handle on that.
Z-scaler helps customer with that, with our switchboard technology,
because we will be able to see all the AI usage from the environment and give a full
picture.
The second piece is placing guardrails around that AI usage, right?
I mean, an example I can give you as, hey, I am okay with this AI app that is
considered a sanctioned app as long as it's used for code generation. But I'm not okay if this
AI app is being used for financial data analysis. So maybe that is a completely different app.
You don't want to expose your financial data to this specific application, which is just sanctioned
for code or test code development. So having those guardrails where you were able to inspect what
goes into these AI models and what comes out of the AI model is equally important.
This is where you are also able to prevent attacks like prompt injection.
We're hearing about agent hijacking attacks.
With proper guardrails, you're able to secure your AI usage.
The number three thing, and this is where it's more proactive, you could also call it
reactive, but having a red-teaming approach around securing your AI or in terms,
internal AI development environments so that you're able to discover issues before the bad guys do and fix them.
Despite of having guardrails, you will always run into a thing or two that were missed.
So having that proactive approach is important for discovering issues and continuously tightening that AI environment.
And then the final piece is governance.
This is, again, aligning with a proper data governance framework, AI governance.
framework. There are frameworks that are being
defined by NIST,
other global entities.
There's active work happening in that
space and that is
tooling and that is now
becoming available that can help you
map where you stand
when it comes to compliance and
governance in your AI usage.
We'll be right back.
you know deep and there's always that balance between security and usability for your employees for the folks who are using your systems
does AI help at all in making sure that a zero trust environment can can detect and resolve user experience issues maybe more quickly than you could in the past
That's another very, very interesting use case where we are seeing a lot of success using our Z-Skiller digital experience product.
AI can absolutely detect issues proactively.
It can improve user experience.
It can also do automated root cause analysis and kind of generate a report on why a user experience issue happened.
and recommend mitigative steps as part of that.
So as a CXO, my focus was more on the cyber side of the house,
but AI absolutely has many other use cases,
user experience being one.
There are a lot of other IT operation use cases
where AI is playing a very important role.
Same thing applies with many other departments,
like finance, marketing.
We are seeing active usage of that.
I would imagine that this translates into time savings for your Help Desk teams as well.
It does. In my role, I have the pleasure of talking to a lot of these global organization CXOs and the success stories that I get to hear.
It's just phenomenal. I mean, on the topic of Help Desk, I heard a large global organization switching to agents.
So literally agents taking those initial questions,
which were otherwise being answered by your help desk
and resulting in 70 to 80% less tickets that were hitting that help desk.
So yes, AI does help saving time across the board.
Does it have a financial impact as well?
I mean, we're talking about consolidating tools
and automating detection.
Should organizations expect that that could affect the bottom line,
maybe help save some money?
Look, it's an evolving area where we are seeing cost-saving happening
using many different motions, slightly controversial.
But look, as an industry, we're going to see a lot of efficiencies over the next.
I mean, I'm not even going to talk in years.
I'm going to talk in months because of the pace at which things.
are moving. You are obviously seeing optimization in workforce that is happening across the
board. The tooling sprawl absolutely can be addressed as well by unifying certain areas and
doing it more effectively with the help of AI. So you will see efficiencies over there as well.
And then the fact that you're able to do more with less and in less time itself will also
result in, you know, efficiencies.
Where do you suppose we're headed with this, through this intersection between AI and zero
trust? I've seen people have this notion of, they refer to it as self-healing security systems.
I mean, is that on the horizon? Is that too far off to still be a fantasy, or is perhaps
something like that in reach?
Last year, my answer was, yeah, we're far. This year, I feel like we're getting.
getting closer. It is still an augmentation play where these agents are getting augmented
into your SOC teams. It absolutely takes care of, you know, some of the lower tier response
activity. It is able to weed out noise as well, like false positives. It is able to make your
tier two, tier three analysts more efficient and, you know, response.
to issues much more quickly.
With the right tooling and technology,
you will be able to take actions in an autonomous fashion as well
with some guardrails so that you don't end up in causing disruption.
So we're getting there probably in next 12 months
when we talk again on this topic.
We will have a different answer.
We may have some working models as well.
But this is an active area of investment for us at Z-Skiller as well.
The agents that we have deployed that I mentioned,
one of the agent is remediation agent,
which will come up with these policy recommendation.
And it will right now assist the Tier 3, Tier 4 analysts,
but it is fully capable of invoking those API calls if given permission to heal
or to make those security posture enhancements.
to mitigate the attack.
When you're out talking to security leaders about zero trust and AI,
are there common concerns that they have
or maybe even misconceptions about transitioning to this?
Look, this was absolutely the case when the chat GPT
and the whole first six months of the generative AI coming to the scene
over the last year, year and a half, we've been talking agents.
It was more when the generative AI thing came out.
Now, everyone, most of the CXOs realize that you have to enable your business to adopt this more securely.
But there is definitely concern around how do I secure it in a way that doesn't result in cyber or data XFEL risk.
There is also a bigger concern on adversarial AI usage.
So if you think about it, there are three risks when it comes to AI adoption.
One is insecure AI usage.
We talked a lot about it, how we should go about securing it.
I describe four buckets.
There is attacks happening on the AI itself where an adversary will come in
and poison the model that you're training for.
production or they will steal data from the AI environment.
Again, the four categories that I described will help you secure that AI application as well.
But the third one is where adversaries are using AI to go after your employees, to go after
your environment, to go after your business.
That is an equally concerning problem because just like we've talked about,
of efficiency, scale on the good guy's side.
The bad guys are also able to do that using AI.
And that's where the number one thing is you need to leverage AI to fight AI.
And then the second thing is the importance of zero trust because zero trust fundamentally
will set you up, will set your architecture up in a way that you're able to defend against
a lot of these unknown unknowns that you're going to see
when AI is being leveraged by the bad guys
to attack your organization.
Yeah, you know, it strikes me that I can understand
people initially having kind of a wait and see attitude
when it comes to some of these AI developments.
You know, like, I don't want to be the first one
to run out and adopt all of this stuff.
But I can't help wondering, do we reach a point
where there's a risk of being left behind if you don't get on board?
Dave, we are already in that phase where that's why I said,
like initially a lot of the CXOs were in that boat where, hey,
I want to see how things go before I, you know,
they will just adopt the block everything mode.
And now over the last year and a half,
we're already in that boat where it's a mandate from board level,
from CEOs that, hey, you need to get more efficient,
you need to adopt AI, you need to try it out in different departments
and make sure we're able to deliver better outcomes.
So that fear of missing out is no longer the case.
They know that they will be left behind
if they don't enable the business in doing this.
And that's our program. Thanks to Deep and Desai from Z-Scaler for joining us and shedding a light on how AI-powered Zero Trust isn't just about better security. It's about better efficiency and visibility across the enterprise. By unifying data protection, automating discovery, and accelerating troubleshooting, organizations can simplify their security stack while strengthening their defenses.
Thanks again for tuning in to CyberwireX, where we connect ideas, people, and technology shaping the cybersecurity landscape.
I'm Dave Bittner. We'll see you here next time.