This week SC UK was among the attendees at Zscaler’s Zenith Live EMEA conference, where two subjects were front and centre: zero trust and AI.

In fact the combination of the two subjects were displayed externally, and according to the CEO Jay Chaudhury, this combination is bringing about the end of network security as we know it.

Come Together and Work?

Sitting with Phil Tee, EVP and head of AI innovation at Zscaler, I asked him how a strategy (zero trust) and a product (AI) can come together and work? Tee says the best way to understand this is to split it into two categories: AI for zero trust, and AI in zero trust.

As AI is a critical tool for being able to categorise data, so you can use AI to identify whether a document has got sensitive data or source code in it.

On the concept of AI for zero trust, Tee says a common issue that a lot of its customers have is ‘how do I safely let people make use of Copilot and coding assistants, and ChatGPT and similar tools in my environment?’

“What we do there is the same thing with prompts: Zscaler is known for deep packet inspection, being an in-line security broker,” he says. “The invention that built this company was we can decrypt TLS traffic and we do the same thing with prompts. So when we get a prompt and again - actually, we use LLM to do this - we can look at and know if it contains sensitive data or source code. Is it appropriate content?

“That's me, asking questions of it. Of course you're going to get responses back. Those responses might include content that you don't want going to your employee base. Maybe it's competitive information. I mean, would you want it serving job openings that your competitor back to your employee base? We're able to do all of that.”

Protecting and Projecting

Tee says there's a lot of Zscaler "in the world of GenAI" helping make GenAI safe, protecting against data exfiltration and projecting about inappropriate use, and also the use of AI to make its own tool sets better.

He also says that AI is a long-term strategy for business, and where do we go with GenAI in the general security world, as there are lots of very clear and obvious use cases in the use of AI for being predictive and being able to get ahead of novel threat factors. This also includes getting towards a form of defence, and he says this is part of the concept of the end of life for certain security tools “that are expensive, and frankly ineffective.”

Tee agrees that this is one way that AI and zero trust come together, with permissions and prevention, and I’m sure there will be other cases to come. A challenge may be overcoming two of the most hyped trends in the industry, especially when they are paired together.

Dan Raywood

Dan Raywood is a B2B journalist with 25 years of experience, including covering cybersecurity for the past 17 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.

He has spoken at events including 44CON, Infosecurity Europe, RANT Forum, BSides Scotland, Steelcon and the National Cyber Security Show, and served as editor of SC Media UK, Infosecurity Magazine and IT Security Guru. He was also an analyst with 451 Research and a product marketing lead at Tenable.