Zscaler unveiled a new set of products built to secure autonomous AI agents, and the company is making a big claim with it: the industry's first complete zero-trust platform for agentic AI.
The announcement came at Zenith Live 2026 in Las Vegas, where Zscaler expanded its Zero Trust Exchange platform to cover the new weirdness enterprises are walking into: AI agents connecting to networks, reaching into enterprise data, operating across cloud environments and running on employee devices.
Because the old model was built around people.
Humans log in. Humans click things. Humans forget passwords. Humans open phishing emails that look like they were written by a drunk pirate, but at least you generally know who the human is.
AI agents are different.
They operate at machine speed. They spin up temporary identities. They call tools. They spawn sub-agents. They touch data. They make decisions. They do it all faster than a human can say, "Wait, why does this bot have access to payroll?"
That is the problem Zscaler is going after.
The Core Problem
Traditional security tools were designed around known users, known devices and known applications. Agentic AI smashes that model with a folding chair. These agents are not just another user group. They are software entities acting on behalf of users, apps and workflows, sometimes with permissions nobody fully understands until something goes sideways.
The New Products
At the center of the launch are two products: Zscaler AI Broker and Zscaler Endpoint AI Security.
Zscaler AI Broker is designed to secure agent-to-agent communication and Model Context Protocol traffic. It includes an agent registry so organizations can define what each agent is allowed to access.
That matters because without a registry, AI agents become the enterprise version of raccoons in the attic. You hear movement. Something is getting into places it should not. Nobody knows how many there are. And now one of them has a service account.
Zscaler Endpoint AI Security focuses on AI threats running on employee devices. That includes browsers, extensions, plugins and local AI tools that legacy endpoint products were not built to inspect.
This is an important shift. AI risk is not only sitting in sanctioned enterprise apps with nice procurement paperwork and a logo on the vendor page. It is also in browser extensions, desktop tools, plugins, local models and shadow AI running quietly on endpoints like a casino in the basement.
Zscaler also introduced AI Access Graph, which maps how identities, applications and data sources connect across an organization. The goal is to help security teams find unnecessary access and cut it before it becomes a blast radius problem.
The technology comes from Zscaler's acquisition of Symmetry Systems, announced in May for $175 million. Symmetry built its business around mapping data access across both human and nonhuman identities.
That is the key part: nonhuman identities.
Because in the AI era, identity is no longer just Bob from finance, Sarah from legal and the admin account everyone swears they do not use anymore. It is agents, service accounts, workloads, APIs and temporary identities moving through the environment like a haunted Roomba with credentials.
What Else Is New
The announcements build on Zscaler AI Protect, which launched in January. Zscaler is now adding capabilities to discover embedded AI in SaaS and internet traffic, identify agents and MCP servers running in public cloud, and scan agentic codebases for risk.
The company is also expanding controls for sanctioned AI tools, including prompt extraction across more than 250 generative AI apps and support for compliance APIs offered by Anthropic and OpenAI.
For teams building AI applications, Zscaler is adding red teaming for MCP servers, a standalone prompt hardening service and compliance heat maps to strengthen governance across development and runtime.
That part matters because securing AI cannot start after it is already in production, hooked into sensitive data, and making decisions like a caffeinated intern with executive authority.
You have to find it early. Test it early. Harden prompts. Validate access. Understand data flows. Watch the runtime. And then assume something will still go sideways, because that is not pessimism. That is enterprise architecture with a pulse.
The Competitive Picture
The broader industry is racing in the same direction. Security vendors are trying to wrap controls around agentic AI before enterprises deploy it everywhere and accidentally create a digital ant colony with access to customer records.
Palo Alto Networks and Google have rolled out their own agent security offerings over the past year. Zscaler has also been buying into the category, including its February acquisition of browser security firm SquareX.
"Traditional security was never designed for millions of autonomous agents that act and reach sensitive data at machine speed. We pioneered Zero Trust Exchange to secure users, branches and cloud workloads and now we are innovating to extend the zero-trust security to AI agents."
— Jay Chaudhry, Founder & CEO, Zscaler
Bottom Line
Users were phase one. Branches and workloads were phase two. AI agents are the next frontier.
And they are not going to wait politely while security teams update a control framework from 2017.
The enterprise attack surface is changing from people clicking apps to software entities acting on behalf of people, apps and other agents. That means access has to be governed differently. Data has to be protected differently. Identity has to include things that do not have a badge, a laptop or a manager.
Agentic AI is going to move fast.
Zero trust has to move faster.