The Problem Nobody Solved
On June 9, 2026, Zscaler announced three new products at its Zenith Live conference in Las Vegas — and in doing so, formally acknowledged a problem the industry has been whispering about: nobody knows how to secure AI agents. The products — AI Broker, Endpoint AI Security, and AI Access Graph — represent the first commercial attempt to apply zero trust architecture to autonomous AI agents operating across enterprise infrastructure.
The challenge is fundamental. Traditional security tools authenticate users, monitor their network traffic, and enforce access policies based on identity. AI agents are not users. They spawn sub-agents and background tasks. They create ephemeral identities that exist for seconds. They exercise permissions at machine speed across APIs that traditional security tools do not inspect. When an AI agent books a flight, updates a CRM, and files an expense report in three seconds, the security stack designed for a human who does this in thirty minutes cannot keep up.
What AI Broker Does
AI Broker sits between AI agents and the services they access, applying zero trust policies to agent-to-agent (A2A) and agent-to-service communications via the Model Context Protocol (MCP). Every request from an AI agent passes through AI Broker, which verifies the agent's identity, checks its permissions, inspects the request payload, and enforces data loss prevention policies — the same controls that Zscaler applies to human users, now extended to autonomous software.
Endpoint AI Security detects and blocks AI-related threats on user devices — risks associated with browsers, plugins, extensions, and local AI tools. AI Access Graph, built on technology from Zscaler's acquisition of Symmetry Systems, maps data and identity connections across an organization, making visible the web of permissions that AI agents accumulate as they operate.
The Agentic Security Gap
Chrome Auto Browse ships to 200 million devices in late June 2026. Anthropic's Claude operates computer interfaces. Microsoft Copilot executes multi-step workflows. Each of these agents acts on behalf of users, but with permissions that are often broader than the user intended. An AI agent that books travel might also have access to the user's email, calendar, and corporate directory — not because it needs that access, but because the OAuth scopes that granted travel booking also granted everything else.
The security model for the human web assumed that users are slow, deliberate, and visible. AI agents are fast, autonomous, and invisible to traditional monitoring. Zscaler's products are the first commercial acknowledgment that the entire enterprise security stack — firewalls, identity providers, SIEM systems, DLP tools — was built for a species of user that is being replaced.
What This Means for Web Infrastructure
If AI agents need zero trust security, then websites need to be designed for zero trust agent interactions. APIs must support structured authentication. Content must be machine-readable. Permissions must be granular and revocable. The frameworks that produce structured, API-accessible output — Next.js with its API routes, Astro with its content collections, FastAPI with its typed endpoints — are inherently more compatible with zero trust agent security than frameworks that produce unstructured HTML and rely on session cookies for authentication.


