Zscaler unveils AI Security Suite to close visibility gap

Zscaler has launched an AI Security Suite focused on managing security risks linked to the rapid uptake of generative and agentic AI in organisations.

The company said enterprise AI use is rising faster than governance and oversight, and that older security approaches do not fit AI-driven environments. Zscaler cited risks such as data leakage, model misuse and faster attacks.

Zscaler positioned the new suite as a response to gaps in visibility and control over AI tools in use across businesses. It said many organisations do not have a complete view of AI applications and services, including AI functions embedded in software-as-a-service products.

Visibility gap

The company pointed to its ThreatLabz 2026 AI Security Report as evidence of a widening gap between AI adoption and governance. It said the services industry in Australia recorded 3.5 million AI-related transactions. It also said Australia recorded 15.3 billion transactions and ranked seventh globally overall.

Zscaler said many organisations still lack a basic inventory of active AI models and embedded AI features. It said this left security teams unclear on where sensitive information could be exposed through AI systems.

The company also said organisations struggle with access control and policy enforcement as AI traffic shifts to new protocols and patterns. It described these patterns as non-human, which it said traditional security tools often cannot govern.

Zscaler said its experts found most enterprise AI systems could be compromised in 16 minutes, and said it uncovered critical flaws in 100% of systems analysed. The company did not provide additional detail in its announcement on the scope of the analysis or the sample size for that specific claim.

Suite components

Zscaler said the AI Security Suite covers three use cases: AI asset management, secure access to AI services, and securing AI infrastructure and applications.

For AI asset management, Zscaler said the suite creates an inventory of AI applications, models, infrastructure, agents and usage. It said this area focuses on identifying "shadow AI" and mapping what data AI systems access.

For secure access, Zscaler said the suite applies Zero Trust controls and inline inspection for sanctioned AI services. It also listed prompt classification as part of the approach.

For AI infrastructure and applications, the company said it offers automated AI red teaming, prompt hardening, runtime guardrails and continuous risk posture assessment. It said this spans from build to runtime.

Zscaler also said the suite provides an inventory and dependency map across generative AI services, embedded AI in SaaS, AI development environments, MCP servers, agents, models and infrastructure. It said the system correlates asset discovery, access relationships, data lineage, runtime behaviour and security posture.

Governance and partners

Zscaler said it supports customers seeking to align internal security programmes with external governance frameworks, including the NIST AI Risk Management Framework and the EU AI Act. It also said it provides CXO-level reporting on generative AI usage.

The company cited ecosystem integrations with OpenAI, Anthropic, AWS, Microsoft and Google. It also said it is adding an MCP gateway focused on secure automation and an "AI Deception" capability designed to divert and neutralise model-based attacks.

"AI is changing how businesses operate, but traditional security approaches were not designed to secure AI," said Jay Chaudhry, Chief Executive Officer, Chairman, and Founder, Zscaler. "Business leaders are looking for a comprehensive solution - not more point products. At Zscaler, we're providing the security necessary for leaders to move forward with confidence and embrace the full spectrum of AI. We aren't just securing the AI era; we're accelerating it."

Industry commentary

Analyst Zeus Kerravala also pointed to differences between AI traffic and traditional web traffic. He said many security tools lack visibility into these patterns.

"The industry is currently struggling with a massive visibility gap because AI traffic doesn't behave like traditional web traffic, said Zeus Kerravala, Principal Analyst, ZK Research. "It's faster, non-human, and uses protocols that most security stacks simply can't see. What's important here isn't just another security tool; it's the shift toward a Zero Trust framework that actually understands the context of an AI conversation. Without this level of deep inspection and automated guardrails, enterprises are essentially flying blind into the most significant technology transition of our lifetime."

Zscaler said its research methodology for the ThreatLabz report used an analysis of 989.3 billion AI and machine learning transactions generated by about 9,000 organisations across the Zscaler Zero Trust Exchange over a one-year period. The company said the data provides a view into how AI is being used and restricted across global environments.

Zscaler said it expects demand for AI security controls to grow as organisations expand AI use beyond employee productivity tools and into more automated workflows and systems.