AI Agents Are Reshaping Cybersecurity--Hide Apps to Survive

The rise of AI agents isn’t just changing how work gets done--it’s rewriting the rules of cybersecurity. Zscaler CFO Kevin Rubin reveals that the next wave of digital threats won’t come from humans, but from billions of autonomous agents, each a potential attack vector. The hidden consequence? The same AI tools accelerating productivity are also supercharging vulnerability discovery at machine speed, overwhelming traditional defenses. This isn’t a future risk--it’s already unfolding, with frontier models exposing decades-old flaws in real time. For investors and enterprise leaders, the takeaway is clear: companies clinging to legacy network security are sitting on a time bomb. Zscaler’s zero trust architecture isn't just a better firewall--it's a fundamentally different operating system for digital safety, one that hides applications from view entirely. Those who understand this shift early gain a critical edge: not just in avoiding breaches, but in unlocking long-term cost efficiency and resilience in an age where the network perimeter has vanished.

"There's no going back if you will... agentic is going to be as disruptive as you know any of the tech waves have been in the past whether it was mobile internet etc."

-- Kevin Rubin

Why Hiding Your Apps Is Smarter Than Hardening Them

Most cybersecurity strategies follow the same logic: build stronger walls, add more guards, patch every hole. But Zscaler’s approach flips that thinking on its head. Instead of trying to protect everything, it makes the entire network invisible. That’s the core of real zero trust--no standing access, no lateral movement, no persistent connections. You want to check email? You get a one-time, authenticated session. Once it’s over, you’re gone. No backdoors. No footholds.

This isn’t just a technical tweak--it’s a systemic reengineering of risk. Traditional networks assume that once someone (or something) is inside, they belong. That assumption is fatal in an AI-driven world. With agentic AI, the threat isn’t a hacker typing commands--it’s an AI agent, authorized once, that then roams freely, scraping data or escalating privileges while mimicking legitimate behavior. In a legacy setup, that agent becomes a time bomb. In a zero trust model, it’s contained before it can spread.

The difference becomes stark when you consider scale. Today, Zscaler protects 50 million users. Tomorrow? Billions of AI agents. Each one needs access, each one is a potential breach point. Most companies are still thinking in terms of human-scale access. Zscaler is building for machine-scale reality.

And here’s the kicker: hiding your apps doesn’t just reduce risk--it slashes cost. By retiring firewalls, VPNs, SD-WANs, and MPLS hardware, enterprises cut operational complexity and overhead. The ROI isn’t theoretical. For large organizations, replacing legacy infrastructure with Zscaler’s cloud service means a lower total cost of ownership--while getting better security. That’s a rare win-win: stronger protection, cheaper to run.

But most companies don’t see it yet. They’re stuck in “zero trust washing”--slapping the label on old network models with tighter policies. Real zero trust isn’t policy layering. It’s architectural. It’s not about controlling the network. It’s about eliminating the network as a target.

The AI Feedback Loop: Productivity and Peril in the Same Package

AI is being sold as a productivity miracle. And it is. Zscaler’s own teams are using AI to accelerate engineering, product development, and customer support. But the same technology that boosts output is also exposing vulnerabilities at machine speed. Frontier models like those from Anthropic and OpenAI are finding bugs that humans missed for decades. Palo Alto Networks just had a flaw exposed that had been lurking for years.

Now imagine that pace applied across every major software vendor. The backlog of known vulnerabilities is already unmanageable. AI is flooding it with thousands more--faster than patch teams can respond. The system is overwhelmed.

"We're talking about volumes of vulnerabilities that you know we can't even solve the vulnerabilities that we're already identified previously and now we're just piling on significantly more vulnerabilities that were unknown for decades."

-- Kevin Rubin

This is where conventional wisdom fails. The old playbook says: find, patch, repeat. But when discovery outpaces remediation by orders of magnitude, that model collapses. No team can patch fast enough. No budget can keep up.

Zscaler’s answer? Stop relying on patching as the primary defense. Instead, hide the target. If your applications aren’t visible on the network, they can’t be scanned. They can’t be brute-forced. They can’t be exploited--even if a vulnerability exists. The blast radius shrinks to a single device. That’s not just risk reduction. It’s risk transformation.

This is the second-order advantage: while others are drowning in patch management, Zscaler’s customers are insulated by design. The upfront work--migrating to a zero trust cloud--is harder, less visible, and requires rethinking decades of IT assumptions. Most organizations won’t do it. That’s precisely why it works. The friction becomes the moat.

The Agent Economy Needs Its Own Security Layer--And It’s Coming Fast

We’re entering the age of the agent economy. AI agents will schedule meetings, process invoices, monitor systems, and negotiate contracts--autonomously. Each one will need access to data, APIs, and internal tools. And each one will be a potential attack surface.

Zscaler isn’t waiting. They’re extending zero trust beyond users, beyond devices, beyond workloads--to agents. The idea is simple: every AI agent, like every human user, gets least-privilege access, one-to-one connections, and no standing permissions. An agent that books travel doesn’t get access to payroll. An agent that analyzes sales data can’t trigger a wire transfer.

This isn’t science fiction. It’s already in motion. Through partnerships with Anthropic (Project Glasswing) and OpenAI (Daybreak), Zscaler is not just reacting to AI threats--they’re inside the models, learning how they work, and hardening their platform accordingly. Being an early partner gives them context no outsider has. They see how AI identifies vulnerabilities. They see how it navigates systems. And they’re building defenses that assume the attacker is just as smart--and fast--as the defender.

The acquisition of Red Canary fits here, too. It’s not just about adding detection and response. It’s about fusing high-fidelity threat intelligence with a data lake that processes half a trillion transactions a day. That scale of data--orders of magnitude beyond Google’s daily search volume--gives Zscaler a unique vantage point. They don’t just see attacks. They see patterns. They see anomalies. They see the future of threats before they fully emerge.

This creates a self-reinforcing system: more customers generate more data, which improves detection, which attracts more customers. That’s a network effect most security vendors can’t replicate.

The 18-Month Payoff Nobody Wants to Wait For

The smartest security decisions are the ones that feel painful in the short term. Migrating from a legacy network to a zero trust cloud takes time. It requires rearchitecting workflows. It means retiring familiar tools. There’s no immediate ROI dashboard to show the CFO.

But over 12--18 months, the advantages compound. Cost savings from decommissioned hardware. Fewer breaches. Faster incident response. Greater agility in adopting AI safely. While competitors are firefighting, Zscaler’s customers are scaling.

And when the next zero-day exploit hits--found by an AI, spread by an agent--the difference will be obvious. One company gets breached. The other doesn’t even notice the attempt.

That’s the real moat: not technology, but timing. The window to build this resilience is open--but closing. Once the next wave of AI-driven attacks hits, everyone will want zero trust. But by then, the leaders will already be invisible.

Key Action Items

• Audit your current security model for “zero trust washing.” If your setup still relies on network segmentation and persistent access, you’re not running zero trust--you’re running old security with new labels. Start mapping a migration path to a cloud-native, one-to-one connection model.

• Treat AI agents as first-class security identities. Over the next 6--12 months, define access policies for autonomous agents the same way you do for employees. Apply least privilege, session limits, and continuous authentication--before you deploy them at scale.

• Shift from patching-as-defense to exposure-reduction. Over the next quarter, prioritize hiding critical applications behind a zero trust exchange. This pays off immediately in reduced attack surface, even if vulnerabilities remain unpatched.

• Leverage AI not just for productivity--but for threat anticipation. Within the next 6 months, partner with vendors who are embedded in frontier model development (like Anthropic, OpenAI) to gain early insight into emerging attack vectors.

• Consolidate security spend around platforms with data scale. Over the next 12--18 months, migrate from point solutions to integrated platforms that process high-volume, cross-tenant data. The ability to detect anomalies at scale is becoming a decisive advantage.

• Decommission legacy network hardware as part of your TCO strategy. Start planning now to retire firewalls, MPLS, and SD-WANs. This is where discomfort now creates advantage later--most organizations won’t make the leap, leaving you with lower costs and higher resilience.

• Measure security not just by breaches avoided, but by operational efficiency gained. Track reductions in incident response time, patch backlog, and infrastructure overhead. These are the true ROI metrics of modern security.