At Zscaler’s Zenith Live conference in Vienna this week, founder and CEO Jay Chaudhry argued that AI agents have now overtaken humans as the top security risks facing businesses today. “Yesterday, a user was the weakest link,” he told the audience. “Today, these agents are becoming the weakest link.” Whatever your thoughts on AI replacing human talent, there’s one area where agents are performing just as well as humans – creating cybersecurity risks.
AI agents can now reason, make decisions, and act fully independently of human oversight. “They move at machine speed,” Chaudhry said. “They need no coffee break, no weekends, no time to sleep.” Traditional security was never designed for millions of autonomous agents that act and reach sensitive data at machine speed,” Chaudhry said.
Agents are already being exploited
Deepen Desai, Zscaler’s chief security officer, told Expert Insights that AI agents are already been targeted with phishing attacks, where they are even more at risk than humans.
“When a user falls for a [phishing] attack, they will eventually realize it and tell their IT team,” he said. “Agents, when they fall for phishing, they become malicious insiders.” The agent keeps working, at speed, on the attacker’s behalf.
There have already been real cases. Just this week, researchers disclosed a Microsoft 365 Copilot flaw that let a single click exfiltrate emails, MFA codes, and files, with the AI acting on a hidden instruction the user never saw.
Zscaler’s research arm, ThreatLabz, expects 2026 to bring attacks in which AI agents phish other AI agents through prompt injection and spoofed interactions, naming it the first entry on its predictions watchlist.
In a Zscaler survey of 1,750 IT leaders conducted in December 2025, half of the organizations deploying or testing agentic AI said they had done so without governance guardrails in place. Seven in 10 of those leaders also reported limited visibility into employees’ use of “shadow AI,” and 56% believed it was already exposing sensitive data.
Zero trust for agents
Zscaler argues that applying zero trust principles is the best way to reduce the risks posed by AI agents. The principle behind zero trust, verify every identity and every action before granting access, was designed for users. But an agent, like a user, has an identity. It requests access to data and systems, and it can take actions. And so the same zero trust principles can apply.
Swamy Kocherlakota, Zscaler’s EVP of agentic AI security engineering told Expert Insights that for any agent, the questions are the same. “Who are you, what are you trying to do, what is your intent, does the policy allow you to do it or not.”
Where older controls fall short, Kocherlakota said, is intent. A malicious instruction “should never land [on] the agent,” which means inspecting traffic before it reaches the model rather than trusting the model to refuse. That is the gap Zscaler and rivals including Palo Alto Networks, Netskope, and Cloudflare are all racing to close.
Chaudhry said most of the engineering was already in place for Zscaler’s systems to cover AI agents. “70% of the pieces that are needed for this are already there,” he said. “We’ve built 30% of it.” The new portion includes brokers for agent protocols such as MCP and Agent-to-Agent (A2A) communication, plus engines that inspect prompts and responses to read intent and catch data loss.
At Zenith Live, Zscaler announced several new tools built around these principles. AI Broker provides visibility and access controls over autonomous agents. Endpoint AI Security monitors for AI-related threats at the device level, including in browsers, extensions, and plugins. And AI Access Graph, powered by Zscaler’s acquisition of Symmetry Systems, maps how identities, applications, and data sources connect across the enterprise, so security teams can see which agents can reach what data.
What comes next?
The next step will be securing the process where agents are communicating without any human oversight. “We will see a lot more agent-to-agent communication using the A2A protocol. Governing that traffic, where no human is in the loop at all, is the next frontier,” Kocherlakota says.
Security leaders must now start the process of applying zero trust principles to their agents now, defining identities, enforcing least privilege, inspecting intent, an entirely new challenge in an already challenging security environment.
