In the age of AI-based threats, zero-trust is no longer enough is attracting attention across the tech world. Analysts, enthusiasts, and industry observers are watching closely to see how this story develops.
This update adds another signal to a fast-moving sector where product decisions, platform changes, and competition can quickly shape the market.
When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works.
As AI-based threats continue to dominate the conversation around security, it’s no surprise that half (50%) of organizations are on track to adopt zero-trust data governance by 2028. In the past few years, zero-trust has become the cornerstone of modern cybersecurity strategy – but the emergence of AI means it’s no longer strong enough to tackle rapidly developing AI-based threats alone.
As AI threats continue to rise, CISOs are challenging the misconception that zero-trust architecture (ZTA) is a one-size-fits-all solution which can give organizations peace of mind, and means they don’t need to worry about security. Instead, they are focused on maximizing ZTA’s capabilities while also recognizing its shortcomings and where additional forms of security are necessary.
Some professionals argue that zero trust is nothing more than OAuth, but in reality ZTA is far more comprehensive and is a strategic framework, not just a protocol. With deepfake fraud attempts rising 94% year-on-year and attack surfaces expanding, ZTA is more significant than ever, but AI-backed attacks growing by almost 100% in 2025 means that other forms of security are also necessary.
ZTA can strengthen cybersecurity by continuously assessing access, but it cannot fully prevent insider attacks, software vulnerabilities or physical security breaches. As AI learning models advance in their capabilities to enter platforms unnoticed, a variety in security protocols are needed to challenge it.
Traditional cybersecurity models, including ZTA, were designed around predictable human behavior and manually executed attacks, but the rise of AI-powered platforms means that speed and scale of attacks has changed significantly.
ZTA-based security platforms were built and implemented at a time when the biggest threat to security was human threat actors entering platforms to download malware onto them. This is timely and very manual, with threat actors trying lists of passwords to enter platforms or sending phishing emails. AI-driven autonomous platforms can operate independently, so while the core principles of security remain unchanged, the methods used to implement them must evolve to address the threats these platforms face.
Internet security platforms still depend on protecting attack surfaces, which are consistently expanding due to the introduction of new pathways for autonomous decision-making and machine-to-machine interaction. AI platforms require more connectivity compared with manual ones, creating more opportunities for agents to exploit vulnerabilities both intentionally and accidentally.
Natural language itself is also an attack surface, with AI platforms accepting ambiguous instructions without questioning their context or intention. This means attackers can manipulate platforms through emails, messages and hidden text, creating new attack surfaces and making AI agents far more vulnerable to attacks than traditional platforms, which require detailed code inputted by a skilled developer to operate.
Human-in-the-loop controls are crucial for natural-language based attacks, with platforms unable to distinguish between suspicious or correct prompts. Maintaining human controls over security measures, even those that are largely automated, ensures that attacks which use natural language or hidden context can be identified.
ZTA minimizes an attacker’s ‘blast radius’ by assuming that no user or device should be inherently trusted, even once initial access has been granted. It prevents threat actors from moving across platforms, meaning that should a compromise happen, the attacker will struggle to reach sensitive platforms or escalate privileges without permission.
AI accelerates attack attempts, scanning environments continuously and testing permissions automatically. It can adapt strategies in real time, changing methods of attack and discovering platform weaknesses much faster than humans can through manual searches. AI attacks increasingly exploit layers including workflows and agent-to-agent interactions, changing the fundamentals of what is required of ZTA platforms.
As a result, ZTA platforms must evolve beyond static identity and access controls to continuously monitor interactions between autonomous agents, responding dynamically to abnormal activity in real time and shifting zero-trust from a user-focused model to one capable of governing machine-to-machine ecoplatforms.
By using quantifiable data and continuous evaluation, cybersecurity teams can determine whether newly implemented controls are effective, turning security platforms into an evidence-based process.
Many experts believe that ZTA means AI can be deployed safely without additional security controls. ZTA reduces certain categories of risk but does not guarantee total safety once AI has entered a platform, or has been built into internal workflows.
Zero-trust was built around human identity, and focuses on verifying who a user is, whether they are acting unusually and if their device is compliant. But AI-based threats can enter platforms successfully using false biometrics or by guessing passwords, or may have been given access to a platform previously to automate tasks.
An authorized AI agent can leak sensitive data or misuse the tools it already has access to without ever alerting ZTA that something is wrong. In order to use ZTA accurately, cybersecurity professionals must avoid overconfidence in its ability to ensure that AI platforms behave safely or truthfully once access is granted.
Alongside ZTA, organizations must also implement additional tools to protect against attacks – platforms that ensure that AI is not left unsupervised to make its own decisions without interference. AI platforms continuously evolve, with models updating regularly, meaning organizations need strict governance processes and safety benchmarking to become a permanent part of security, not just occasional checks every few weeks or months.
As threats continue to diversify and evolve, security needs to do the same, and one-size-fits-all platforms are quickly becoming a thing of the past. For CISOs, a multi-pronged approach can keep their organizations safe and prevent various different types of attacks. Combining approaches including ZTA, threat intelligence and human-in-the-loop can create overlapping layers of protection that reduce single points of failure.
Mature ZTA implications make access decisions dynamically using contextual factors, allowing platforms to continuously evaluate risk and limit lateral movement even if credentials are compromised. Agentic AI does not render ZTA useless, but its autonomous behavior means ZTA platforms need to become more context-aware and adaptive in order to govern machine-drive interactions in real time.
This article was produced as part of TechRadar Pro Perspectives, our channel to feature the best and brightest minds in the tech innovation industry today.
The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/pro/perspectives-how-to-submit
Please logout and then login again, you will then be prompted to enter your display name.
Why This Matters
This development may influence user expectations, future product strategy, and the competitive balance inside the broader technology industry.
Companies in adjacent segments often react quickly to similar moves, which is why stories like this tend to matter beyond a single announcement.
Looking Ahead
The full impact will become clearer over time, but the story already highlights how quickly the modern tech landscape can evolve.
Observers will continue tracking the next steps and how they affect products, users, and the wider market.
