Zscaler CEO warns AI agents pose new security risks

Zscaler CEO Jay Chaudhry argues that AI agents represent the next major vulnerability in enterprise security, requiring a fundamental shift in defense strategies. He claims that while human users have historically been the weakest link, autonomous agents will soon take that spot due to their relentless speed and scale.

The Shift from Human Vulnerability to Machine Risk

Traditional security protocols have long focused on the human element as the primary entry point for cyberattacks. Jay Chaudhry notes that this landscape is changing rapidly as businesses integrate autonomous AI agents into their daily operations. These digital entities do not require sleep and can execute tasks at speeds that far outpace any human worker. This efficiency is a double-edged sword, as it provides attackers with a tireless mechanism to probe for weaknesses.

The sheer volume of these agents creates a massive expansion of the attack surface for most corporations. When an agent is compromised, it can perform malicious actions with the same authorized access granted for its legitimate tasks. Chaudhry believes that the industry must prepare for a future where millions of these agents operate simultaneously across various global locations. This scale makes manual monitoring impossible and legacy defense systems obsolete.

Security professionals must recognize that agents do not follow the same behavioral patterns as people. They do not get tired, they do not make typos, and they can attempt thousands of connections in seconds. If an organization relies on old-fashioned perimeter defenses, it will lack the visibility needed to stop a runaway agent. The CEO insists that the speed of modern threats requires an equally fast and automated security response.

Redefining the Weakest Link

The transition from human error to machine vulnerability marks a new era in digital protection. Chaudhry argues that while a person might fall for a phishing link, an agent could be manipulated through prompt injection or poisoned data. This shift changes the nature of the threat from psychological manipulation to technical exploitation.

Operating at Machine Speed

Security systems must now process data in real time to keep up with agentic workflows. Chaudhry points out that the traditional concept of a workday does not apply to AI. Constant activity means that monitoring must be persistent and capable of identifying anomalies in a fraction of a second.

Zero Trust as the Foundation for AI Security

The Zscaler leader maintains that the only way to secure a world full of AI agents is through a zero trust architecture. This model moves away from the old concept of firewalls and virtual private networks which prioritize keeping outsiders out. Instead, zero trust assumes that no entity is safe regardless of whether it is inside or outside the network.

Every request for data or application access must be verified regardless of its origin. This is particularly important for agents that might move between different cloud environments or branch offices. By routing all traffic through a centralized exchange, Zscaler ensures that identity is validated for every single transaction. This prevents lateral movement, which is when an attacker gets inside a network and jumps from one system to another.

The technology acts as a digital switchboard that connects a specific user or agent only to the specific application they are authorized to use. This isolation is a critical defense against compromised agents. If an AI agent becomes a threat, its access is restricted to a very narrow silo, preventing it from infecting the rest of the corporate infrastructure.

Eliminating Lateral Movement

By stripping away broad network access, companies can mitigate the damage of a breach. If an agent is limited to a single database, it cannot scan the rest of the network for sensitive files. This containment is a core tenet of the strategy Chaudhry advocates for modern enterprises.

Verification for Every Request

The identity of an agent must be confirmed with the same rigor as a human executive. This includes checking the health of the system the agent is running on and the context of the request. Only after these checks are passed is a secure, temporary connection established.

Financial Performance and Market Realities

Despite a challenging year for its stock price, Zscaler reported strong growth in its third-quarter fiscal 2026 results. The company saw its revenue climb 25% to reach $850.5 million. This growth suggests that even as software valuations face pressure, the demand for specialized security services remains high among large enterprises.

Chaudhry highlighted that the company achieved a record operating margin of 23% on a non-GAAP basis. This indicates that the business is becoming more efficient even as it scales its global infrastructure. Annual recurring revenue also saw a significant jump, reaching $3.525 billion, showing that customers are committing to the platform for the long term.

The CEO also addressed concerns regarding the rising costs of computer chips and hardware. While legacy companies that ship physical firewalls are heavily impacted by inflation in the hardware sector, Zscaler operates as a cloud-based service. By centralizing its infrastructure in over 160 global locations, the company can manage costs more effectively than vendors who must deploy hardware to thousands of individual customer sites.

Revenue and Growth Metrics

The 25% increase in revenue serves as a signal that the market values zero trust solutions. Deferred revenue also grew at a similar rate, reaching $2.477 billion. These figures suggest a steady pipeline of future business from corporations looking to modernize their security stacks.

Resilience Against Hardware Costs

Because the platform is delivered via the cloud, Zscaler avoids the logistical headaches associated with supply chain disruptions. Chaudhry noted that while there is some impact from rising component prices, it does not meaningfully change the company’s financial trajectory. This structural advantage allows the firm to focus on software innovation rather than hardware manufacturing.

The Future of AI Models as a Business Catalyst

Chaudhry views the rise of major AI labs like OpenAI and Anthropic as a positive development for his company. He describes the move toward these companies going public as a tailwind that will drive further adoption of AI technology. As more businesses use these models, the need for specialized security to protect those interactions will only grow.

The maturation of these models allows enterprises to deploy more complex applications. Each new application represents a new set of connections that must be secured. Chaudhry believes this creates a virtuous cycle for Zscaler, as the complexity of the AI landscape makes traditional security methods even less effective.

He remains critical of old-school approaches, asserting that firewall-based systems simply cannot handle the dynamic nature of agentic workflows. By positioning zero trust as the only viable solution for the AI era, Chaudhry aims to capture the market as it shifts away from legacy hardware. The company is currently seeing a surge in interest from customers who are waiting for these specific technologies to secure their upcoming AI deployments.

Strategic Market Positioning

As frontier models become standard in the corporate world, Zscaler intends to be the primary gateway for that traffic. The goal is to provide a secure environment where businesses can experiment with AI without fear of exposing their proprietary data. This role as a secure intermediary is central to the company’s long-term strategy.

Capturing Emerging Demand

Many organizations are currently in a holding pattern, waiting for the right security tools before they fully roll out AI solutions. Chaudhry notes that a large group of customers is eager to implement these technologies. This pent-up demand suggests that the integration of AI and cybersecurity will be a major driver of growth in the coming years.