Crucially, when it comes to securing AI and agentic, ‘we are putting a concerted effort to bring partners along in this journey—because they will be needed,’ Zscaler CEO Jay Chaudhry tells CRN.
Even as countless vendors claim to have the ultimate solution to securing AI agents, Zscaler has a “significant lead” with its zero trust security platform—which is, in fact, best equipped for protecting the communications needed to make agentic work, according to Zscaler founder and CEO Jay Chaudhry.
In an interview with CRN, Chaudhry said the largest need right now for enabling secure deployment of AI agents is to protect the communications between agents. And in that regard, “we think zero trust is the foundation on which agentic communication can be built,” he said.
[Related: Zscaler Doubles Down On Partner-Led Growth And Services Amid AI Boom: Channel Chief]
Chaudhry spoke with CRN during Zscaler’s Zenith Live 2026 conference in Las Vegas this week, where the security vendor unveiled its newest AI security capabilities while touting the proficiency of its Zero Trust Exchange platform for addressing AI-accelerated cyber risk.
To move into the agentic space, Zscaler only had to deliver a modest addition of new capability on top of its existing policy engine for users and workloads, according to Chaudhry.
“We already solved” most problems needed to secure agentic communication, he said. “We really had to do probably about 30 percent new work, and 70 percent we could leverage from what we have in place.”
And few if any other vendors would be able to provide such capabilities, backed by a global network of data centers, without far more investment of resources, Chaudhry said.
Enabling every employee with multiple agents to boost their productivity “means the policies for those agents need to be able to run anywhere around the globe, wherever the employees are,” he said. “We’re already doing that en masse, in scale. We have infrastructure in place. We have the network connectivity in place. That [functionality] is not trivial to replicate.”
Meanwhile, Zscaler is taking a partner-driven approach to its push around AI security and enablement, including an increasing reliance on the channel for driving new growth and delivering services, Zscaler executives said this week.
When it comes to securing AI and agentic, “partners have a big role to play here,” Chaudhry said. “We are putting a concerted effort to bring partners along in this journey—because they will be needed.”
Chaudhry also shared his latest thoughts on the potential impact of AI-powered vulnerability discovery, driven by frontier AI models such as Anthropic’s Claude Mythos, as well as the company’s expansion within the security operations (SecOps) segment.
What follows is more of CRN’s interview with Chaudhry.
What are the major themes for you at Zenith Live this year?
The adoption of AI is being slowed down by a lack of comfort and confidence by CIOs and CISOs. They’re all trying it, testing it. They’re under a lot of pressure from CEOs saying, “Come on, let’s go.” So they are working with us. There are many aspects of AI, but the biggest part is agentic communication—agents being deployed. That’s our biggest message. We think zero trust is the foundation on which agentic communication can be built. So, for us, it’s natural to expand our Zero Trust Exchange to AI agents. It started with users, then we added workloads, we added branches, we added IoT devices. Nobody has anything like a common exchange that can say entity A can talk to entity B, based on some number of policy criteria. I think this will be massive.
As far as your Exchange, do you feel like that puts Zscaler in a unique position?
Exactly. And think of the scale. We already do scale. Our name stands for “Zenith of Scalability.” Today we do about 750 billion transactions a day. To put that in perspective, there are 300 billion stars in our galaxy. There are 14 billion requests that happen on Google Search every day—a massive volume. But AI agents will take that volume 50X, 100X. I think we are in a very good position to be able to go from here to there. So scale is a big part of it. The policy engine is already built for users and workloads. [For instance] this group of users have this group of applications [and] this group of agents can talk to this group of agents, or this group of applications. If you think about an agent, an agent is like a person, a digital worker. But an agent is code. It’s like a workload. We already solved both of the problems. We really had to do probably about 30 percent new work, and 70 percent we could leverage from what we have in place.
What was the new work [that we did]? Getting your MCP (Model Context Protocol) and A2A (Agent-to-Agent) gateways. That’s where the translation happens. Being able to figure out the next-level authorizations of these things, figuring out tools and skill sets. That linkage had to be built. Analyzing prompts for cyber DLP [data loss prevention] had to be done. So we’ve done all those pieces, and we are ready to go to market now. For this product, generally, we look for design partners and customers. And we like to keep that number somewhere in mid-to-high single digits. We had scores of customers who wanted to be part of the design. There’s so much interest.
As far as what you’re seeing from other vendors, everybody is now saying they have “the thing” for agentic. Do you think that’s getting exaggerated sometimes from other vendors?
Yes, because everyone throws together a few things—“here’s my AI gateway”—for example. As a basic starting point, you own an AI gateway simply by doing the MCP brokering function. That’s very basic. Then the rest of the stuff, they need to figure it out. It needs infrastructure too, global infrastructure. These enterprises aren’t going to run agents sitting in one office. Once a set of agents gets standardized, these agents work around the clock. Most of them get assigned to users. Fundamentally, they become truly digital workers and assistants. Where the world is headed, every employee has X number of agents that are helping you to make you more productive. That means the policies for those agents need to be able to run anywhere around the globe, wherever the employees are. We’re already doing that en masse, in scale. We have infrastructure in place. We have the network connectivity in place. That [functionality] is not trivial to replicate.
How do you see partners coming into play here?
Partners have a big role to play here. What I’m describing—the agentic communication—is actually the more advanced stuff. The first part that every customer is actually deploying is what we call AI Protect. The No. 1 thing that starts with is, what do I have in my enterprise? Give me visibility. There are 200 companies that will give you visibility of this piece [or] this piece. If you want true visibility, there are four areas you must get. One is, what public AI applications are my people using? That’s your Gemini and ChatGPT of the world. No. 2, all SaaS applications are becoming agentic. The agentic flows need to be tracked. Since internet traffic goes through us, we don’t have to do anything. It’s a matter of reporting against it. We had to understand the protocols and all, but nothing new [here]. Three, they want to understand what internal application services are using. They may be using Bedrock. They have model A or model B. We essentially scan through APIs, linked to GitHub and all. This piece came through the acquisition of SPLX. And four, what is on your endpoint? We have an agent sitting on the endpoint, where we can see what’s on the endpoint. We have been giving basic visibility first—do you have Claude Code, do you have Claude Cowork? But now, we enhanced it. We can not only see that—we can see permissions and what it can do, what it can’t do, and [we are] even able to enforce policy on the endpoint itself. Where we are headed is, you should be able to enforce policy. If it makes sense on the endpoint, do it on the endpoint. If it needs to be done in the cloud, do it in the cloud.
How are you providing visibility in a way that meets the current needs?
Our customers wanted visibility for all four things in a single dashboard. When you talk to an EDR company, they’ll talk about AI visibility, but it’s only on the endpoint. They have no way to get visibility into the traffic that’s going to the internet, because they’re not sitting on the traffic path. Our customers like that single pane of glass that can give them full visibility. Then, even the user is able to access applications. This is just based on policy—marketing can only go to these five public AI applications. Engineering can go here. For that, we essentially enhanced our current exchange with prompt inspection. We have been offering that for quite some time. We have a number of happy customers. Then the red teaming came around. We built guardrails products. Guardrails [as a product] is very powerful. Guardrails essentially is sitting in front of your applications. It’s intercepting traffic, analyzing prompts—and telling you what’s good, what’s bad. We have done this solution at a very rapid pace. Eighty percent of the code in some of these new areas has been generated by agents.
In terms of partner service opportunities, how have those been increasing?
We launched a program called AI-Guardian. There are the older opportunities of zero trust. Then there’s the newer opportunity of AI-Guardian. The services I just described to you—from asset management to red teaming for vulnerability management and that type of stuff—are made available to our partners today. They’re actually participating in that—because they need tools, and we have the technology. Customers don’t fully understand what [the technology] is about, and partners can help quite a bit. And now Mythos is creating some other interesting challenges. Mythos actually will create more services. Think of it this way: companies already have lots of unremediated vulnerabilities. They don’t have time and resources, but there was not enough concern. Now, Mythos brings some serious vulnerabilities. In fact, chaining even low-CVE vulnerabilities can become dangerous. So they need to be patched. And there is not enough time and resources. A number of customers I talked to, they’re looking for partners or GSIs to be able to help them in that area. We are putting a concerted effort to bring partners along in this journey—because they will be needed. You’ll see us training more and more of these partners to provide those services [such as in AI-Guardian]. They’re a very important piece.
Has anything changed, even just in the past few weeks, from your conversations about Mythos and the risk there?
Literally every board is asking for a weekly or [an] every-two-weeks presentation of what progress they made. We have a few hundred very active engagements with large customers, helping them. Everyone thinks that Mythos is about patching and fixing stuff. That’s only one part of it. For us, the highest-impact security [action] about Mythos is hiding your application behind our exchange. Then once you roll out zero trust, then the lateral movement goes away. So even if an employee gets compromised, that malware can’t just go around. One of the things companies are trying to figure out is, when does Mythos actually get out? They’re worried that as soon as it gets out, lots of people will get their hands on it. Anthropic has not been very clear. [But] we need to get ready. I do believe there’ll be more breaches with this [technology] coming. And it’s not just Mythos. Other models are also maturing pretty rapidly.
Do you believe attackers are going to find a way to use it, one way or another?
There are so many models. They’re all catching up with the best. So we can’t just depend upon patching. We need to do other things. By hiding applications, you’re preventing breach. By doing zero trust, you are minimizing the blast radius and impact. All those things should be done in parallel. And partners can play an important role.
You offer an expanded set of products now compared to even just a few years back—does that lead to a greater service opportunity for partners?
Absolutely. And we have SecOps, which requires lots of services, as well. Even data security requires lots of services. There’s always data classification, all the tagging. All of this becomes important. So there is plenty of room for services. I think partners who get focused and build a practice are successful. Partners who are more opportunistic—they never get there. Things are moving so fast. There are not enough resources. If partners can be nimble and get their people trained on the newer things, customers need help.
The No. 1 reason to acquire Red Canary was they had built some very good, very sophisticated agentic technology. And No. 2, they had SecOps expertise because they have been running security operations for companies. Those two things are helping us. [Now we are] combining Red Canary technology with Zscaler technology. It has helped us accelerate [in SecOps]. Our customers are finding it very attractive. Customers are saying, “I no longer need to send Zscaler logs, which are massive, to another source”—because it costs time and money to do that. We can show them value right there, from our source itself. That’s the first step for us. Red Canary [and Zscaler] essentially will have one solution. Older solutions will get phased out. We want to move the customers over to a single, richer solution.
Are there certain other trends you are keeping an eye on?
AI has moved pretty rapidly. The two aspects, when we think of AI—one is, how do we secure the AI application infrastructure? This is where our guardrails and our AI Protect largely comes in. Then the second part is, how do we use AI for everything else? So now, most of our data security is being done with AI—the classification is done with AI. The old way of doing classification is going away. More and more threat detection, even inline, is being done through AI. So we are embedding AI in all of our products and services, because this makes them more effective. Having an early start with “zero trust everywhere,” I think, is going to be our biggest advantage. I just came from meeting with a customer. He said, “When you already are our Zero Trust Exchange for us, it’s natural for you to be the exchange for agents, as well.” So I think a lot of functionality will evolve and will be added in the agentic communication space. Identity is fragmented. Our goal is to be the Switzerland. I don’t need to create identity. I can take identity from Microsoft, from Google, from AWS, whoever—and do identity authorization and some of the checks, and connect the right party to the right party. Everyone is going to talk about control planes, but you’re not going to have control planes from three hyperscalers. They may have that, at their application level, within the application. But when it comes to [protecting communications] across applications and across companies, we are extremely well-positioned.
Do you think we’re entering an era where it will be hard for startups to really compete with big players like Zscaler?
I think they’ll get acquired if they do a good job. Let’s look at Symmetry Systems. They solved a very hard problem over the past six years. We acquired some technology because it saves me 10 months or 12 months. But with Symmetry, there is not a lot of expertise out there to solve the Symmetry problem. A bunch of Ph.Ds. solved this hard problem. So we got it for talent and technology. That is very important. This is a need we anticipated. Even though today, people don’t think they need it for agent communication. But we know that when so many agents [are deployed], they’ll spawn further agents. Who is talking to who? The access graph is the best way to figure that out. I look at the barrier to entry—who is the competition coming from? Especially for the inline communication or agentic [capabilities]. I think we have a significant lead. And with the global infrastructure we’ve got in place, we’re pretty well-positioned.
