AI agents are rapidly becoming the weakest link in enterprise security, according to Zscaler CEO Jay Chaudhry. He warned that these autonomous software systems now pose a greater threat than human users ever did.

Chaudhry made the comments during a recent industry event, where he argued that traditional security models cannot keep pace with the speed and scale of AI-driven operations. The shift from human to machine identity is forcing a fundamental rethink of how organizations protect their data.

The Shift From Human Error to Agent Risk

For years, security experts pointed to human error as the primary vulnerability. Phishing emails, weak passwords and accidental data exposure dominated threat landscapes, but AI agents operate differently. They can take actions automatically, often with broad permissions and limited oversight. A compromised agent can move laterally across networks faster than any human attacker.

Chaudhry compared the current moment to the early days of cloud adoption, when perimeter-based security failed. Zero trust architecture emerged then as a solution. He believes the same principles apply today. AI agents must be granted the minimum access required and each action must be verified in real time.

Why Zero Trust Fits AI Agents

Zero trust requires continuous authentication for every request. It never assumes a device or user is safe just because it is inside the network. For AI agents, this means each API call and data access request is checked against policy. Chaudhry said Zscaler’s platform can already apply these rules to AI agents, blocking suspicious behavior before damage occurs.

The approach is a direct response to the rising number of incidents involving AI agents. Security teams report that compromised agents can exfiltrate sensitive data, manipulate workflows or launch attacks on other systems. Traditional antivirus and firewalls are ineffective because agents often use legitimate credentials and protocols.

The Business Case for Agent Security

Enterprises are deploying AI agents for customer service, code generation, data analysis and process automation. Each deployment creates new attack surfaces. Chaudhry argued that security must be built into the agent lifecycle from the start. Waiting for a breach is no longer viable.

He also cautioned against assuming that AI vendors will handle security on their own. Organizations need to take ownership of agent behavior and enforce strict access controls. This includes monitoring agent activity, logging all actions and revoking permissions when they are no longer needed.

Why This Matters

The move to AI agents is accelerating across every industry. Companies that ignore the security implications risk costly data breaches and operational disruptions. Chaudhry’s message is clear: the same zero trust principles that protected cloud environments can now protect AI agents. But only if organizations adopt them consistently and quickly.

The weakest link in security has changed. The old problem of human error is giving way to a new one: automated, machine-speed attacks. Zero trust offers a path forward, but it requires a shift in mindset from perimeter defense to identity-based verification. The stakes have never been higher.