Zscaler Addresses AI Integration and Data Security at Zenith Live 2026
During the Zenith Live 2026 conference held on June 16-17 in Vienna, Zscaler brought attention to pressing concerns that are particularly resonant among Chief Information Officers (CIOs) and Chief Information Security Officers (CISOs) in Southeast Asia. A significant theme of the event was the rapid integration of artificial intelligence (AI) agents as digital workers within organizations. Concurrently, regulators are tightening data residency requirements and supply-chain vulnerabilities are increasingly encroaching upon core business operations.
In response to these challenges, Zscaler revealed its comprehensive strategy to extend its Zero Trust Exchange and Secure Access Service Edge (SASE) platform. This approach aims to encompass not only users and workloads but also a diverse range of entities such as AI agents, unmanaged devices, multi-cloud workloads, and B2B partners. This strategic pivot effectively establishes zero trust as the fundamental control mechanism for secure AI adoption in markets that are both highly interconnected and heavily regulated, such as those in Southeast Asia.
Several notably proactive initiatives were proposed by Zscaler that are particularly relevant for organizations in Southeast Asia at the AI layer. Firstly, the introduction of an AI Broker with an Agent Registry is emphasized. This registry would govern interactions among AI agents, data, and applications, providing real-time inspection of prompts and responses while enforcing a principle of least-privilege access. Such a system is deemed essential in sectors where adhering to stringent data-handling regulations across multiple jurisdictions is critical.
Secondly, Zscaler’s proposal includes Endpoint AI Security, designed to identify and mitigate risks associated with local AI tools, browser extensions, and plugins proliferating across endpoints—particularly in a landscape characterized by distributed workforces and contractor ecosystems common in Southeast Asia. Addressing these localized risks is crucial for safeguarding confidential information and ensuring regulatory compliance.
Finally, the concept of an AI Access Graph and AI Protection was outlined, which aims to map AI assets, model usage, and data flows across various environments, including Software as a Service (SaaS), public cloud, and on-premises. This feature is backed by rigorous security measures such as red-teaming, prompt hardening, and the establishment of guardrails for over 250 Generative AI applications.
Equally vital is Zscaler’s strategy for managing cross-border connectivity and data sovereignty. The company’s Zero Trust B2B Exchange offers an alternative to traditional site-to-site Virtual Private Networks (VPNs) and MPLS links, replacing them with policy-controlled application access. This ensures that partners, contractors, and regional subsidiaries operate without sharing the same network, even as data and workflows navigate various markets. Additionally, Zscaler’s cloud infrastructure is designed with stringent locality requirements for logs and operations, supported by regional data centers and the absence of external “kill switches.” The design reflects a clear alignment with European General Data Protection Regulation (GDPR) requirements, which are increasingly mirrored in Southeast Asian data governance frameworks.
The application of these strategies can be observed through case studies from notable companies like AkzoNobel and Siemens Healthineers, showcasing how decisive action results in innovative solutions. These organizations have implemented “dark” branches that are virtually undetectable on the internet, adopted zero-trust B2B connectivity, and constructed explicit strategies to guide their AI adoption rather than prohibiting it outright.
For CISOs operating in Southeast Asia, Zscaler’s insights present a practical roadmap:
-
Establish a Comprehensive Inventory: Organizations are encouraged to create a live inventory of their AI usage and data flows across various jurisdictions before regulatory bodies mandate compliance measures.
-
Implement Zero Trust Principles: It is crucial to secure infrastructure and supply chains using zero trust methodologies, ensuring that neither partners nor AI agents can exploit single misconfigurations to create regional security incidents.
- Adapt Zero Trust as an AI Operating Model: Rather than treating zero trust as a supplementary project, organizations should integrate it as an essential part of their operational framework. Given that each new AI agent introduced becomes part of the workforce, compliance, and overall security landscape, its incorporation into the zero trust model is imperative.
As organizations move into an era heavily influenced by AI, Zscaler’s recommendations include a reevaluation of threat models, prioritization of zero trust techniques to curb lateral movements, and the establishment of robust AI governance protocols that align with regulatory demands. With the rapid evolution of technology and its implications for data security and compliance, proactive engagement with these strategies will be vital for maintaining competitive advantage and ensuring operational integrity across Southeast Asia.