Zscaler Frames Zero Trust as AI Security Foundation

According to a Zscaler blog post published alongside the ThreatLabz 2026 AI Security Report, enterprise AI/ML transactions rose 83% year-over-year globally in 2025, spanning more than 3,400 applications - nearly four times more than the prior year. Red-team testing found critical flaws in 100% of tested enterprise AI systems, with a median time to first critical failure of 16 minutes and 90% of systems compromised within 90 minutes. Focusing on the APJ region, Zscaler reports Indian enterprises generated more than 82 billion AI/ML transactions in H2 2025, ranking second globally after the United States, while enterprise data flowing into AI tools rose 93% year-over-year to tens of thousands of terabytes (Zscaler press release, CISO Forum).

The blog identifies embedded and shadow AI as a primary governance gap: AI features built into everyday SaaS tools often activate by default, run continuously, and interact with sensitive data without being labeled as AI by security monitoring. The report logs 410 million DLP policy violations tied to ChatGPT alone, including attempts to exfiltrate Social Security numbers, source code, and medical records. Zscaler says enterprises still blocked 39% of all AI/ML access attempts in 2025 - down year-over-year but still high - suggesting organizations lack confidence in existing visibility and controls. Key failure modes observed in red-team tests include prompt injection, data exfiltration via model responses, and insecure RAG pipeline integration.

The blog frames zero trust as the architectural control plane for governing user-to-app, app-to-data, and agent-to-agent interactions - a positioning that extends Zscaler's existing product narrative to agentic and AI workloads. All findings originate from Zscaler's own platform and telemetry, and the piece promotes Zscaler solutions. The underlying data set (one trillion AI/ML transactions, 3,400+ apps) is large and covers real enterprise traffic, making the directional findings useful for practitioners even if the vendor framing should be factored in. Finance and Insurance generated the largest share (23.3%) of enterprise AI/ML activity, followed by Manufacturing at 19.5%.

Track third-party red-team benchmarks for comparison with Zscaler's proprietary failure-rate figures. Watch for adoption of AI-BOM (AI bill of materials) tooling as an emerging governance primitive, and monitor whether MCP pipeline visibility becomes a distinct product category as agentic deployments scale.