AI and Machine Learning at Zscaler
Artificial intelligence powered by the world’s largest security cloud and delivered in a zero trust architecture optimizes your security, productivity, and user experience.
See the AI-powered innovations supercharging the Zscaler Zero Trust Exchangeâ„¢ and bringing intelligence to the security service edge.
Experience the power of the world’s largest security cloud
Machine learning models are trained on a stream of data that grows over time. The more good data you have, the more accurate your models will be. Zscaler has run the world’s largest inline security cloud for over a decade, processing trillions of signals daily to continuously feed and refine our ML models. The result is unmatched, always-growing intelligence that allows us to accurately detect threats, optimize policies, and more.
150+
Data centers on six continents
240B+
Requests processed per day
7M
Security incidents and policy violations prevented/day
200K+
Unique security updates/day

6,000+ enterprises of all sizes
40% of the Fortune 500
30% of the Global 2000
Machine learning applied at machine speed
ML models are only as effective as the data that drives them—and their ability to enforce the outcomes. We embed AI throughout our cloud native zero trust architecture to broker and inspect all connections inline, enabling AI to enhance prevention, detection, policy, and performance in real time.
Zscaler AI is uniquely effective because it’s:
Delivered inline and offline
Unlike passthrough firewalls, the Zscaler cloud proxy architecture can apply AI/ML on a stream of traffic in real time and hold or terminate a connection when deeper analysis is required.
Cloud native
AI requires compute, memory, and storage resources at a scale only found in the cloud. Zscaler uses the cloud to facilitate complex computations at lightning speed as well as store and process data that continually refines our ML algorithms.
Applied to all traffic
Over 80% of attacks use encrypted channels that many legacy security tools don’t inspect. Zscaler inspects TLS/SSL traffic at scale, enabling AI to analyze all traffic, not just some.
How we’re using AI and ML

Cybersecurity
AI helps predict and block never-before-seen attacks and detect suspicious behavior, improving protection and making life easier for your security team

User experience
AI optimizes connection speeds and outage protection, allowing users to connect to resources more quickly and reliably

Policy automation
AI analyzes usage patterns and auto-generates access policies for better visibility, faster access, and zero trust enforcement

Cloud performance
AI maximizes platform performance and resiliency with capacity planning, proactive alerting, root cause analysis, and real-time platform updates
What the Zscaler adaptive security engine can do for you

Take a proactive security approach
by predicting adversaries’ actions and preempting their attacks

Respond to threats with confidence
with fewer false positives and data protection that actually works

Optimize your security posture
with intelligent, adaptive, automated policies that simplify deployment and improve the efficacy of your security controls
Intelligent
prevention
No more playing catch-up with adversaries by trying to create signatures faster than they can create malware. Our intelligent prevention uses AI-powered heuristic models to identify characteristics and contextual behavior of adversarial actions and block those actions, stopping even never-before-seen attacks. When a new threat is detected, prevention models in the Zscaler cloud are updated in real time, automatically improving protections for customers around the world without needing to wait for the next security update.
Intelligent
protection
If adversaries are able to compromise a system, our intelligent protection can detect it. Our AI and ML models compare behaviors to a continually refined baseline to identify anomalies and take automatic response actions such as isolating a host, which keeps the attacker from spreading across the network and reduces the impact of their attack.
Intelligent
policy
Stopping insider threats who have legitimate access is one of the toughest security challenges. Our intelligent policy uses AI to identify risky user behaviors and set dynamic policies in real time. This allows you to reduce risk and enforce least-privileged access while optimizing the end user experience—all without requiring manual administrative actions.
No more playing catch up with adversaries by trying to create signatures faster than they can create malware. Our intelligent prevention uses AI-powered heuristic models to identify characteristics and contextual behavior of adversarial actions and block those actions, stopping even never-before-seen attacks. When a new threat is detected, prevention models in the Zscaler cloud are updated in real time, automatically improving protections for customers around the world without needing to wait for the next security update.
If adversaries are able to compromise a system, our intelligent protection can detect it. Our AI and ML models compare behaviors to a continually refined baseline to identify anomalies and take automatic response actions such as isolating a host, which keeps the attacker from spreading across the network and reduces the impact of their attack.
Stopping insider threats who have legitimate access is one of the toughest security challenges. Our intelligent policy uses AI to identify risky user behaviors and set dynamic policies in real time. This allows you to reduce risk and enforce least-privileged access while optimizing the end user experience—all without requiring manual administrative actions.

Integrated artificial intelligence features
Zscaler has 45+ patents and multiple teams of data scientists dedicated to AI to continuously improve capabilities and outcomes for our customers, including:
Security
- Catching never-before-seen malware with a high-performance, gradient boosting ML model
- Detecting phishing and credential theft with interpretable AI that explains phishing verdicts
- Detecting unknown and evasive command-and-control traffic
- Intelligently quarantining files based on AI/ML analysis of file content
Data protection and classification
- Identifying risky user behavior such as insider threats and data exfiltration using neural networks
- Conducting supervised and unsupervised device classification
Content categorization
- Categorizing destinations based on content and URL/URI patterns
- Identifying and blocking machine-generated domains (DGA), which are created by the millions
- Dynamically updating domain reputations and enforcing access control
User experience and policy automation
- Optimizing policies for business performance and risk reduction based on unsupervised learning, clustering, and a two-tower neural network
- Proactively detecting and automatically remediating cloud issues based on abductive reasoning, time series anomaly detection, and a prophet forecasting AI model
Security
- Catching never-before-seen malware with a high-performance, gradient boosting ML model
- Detecting phishing and credential theft with interpretable AI that explains phishing verdicts
- Detecting unknown and evasive command-and-control traffic
- Intelligently quarantining files based on AI/ML analysis of file content
Content categorization
- Categorizing destinations based on content and URL/URI patterns
- Identifying and blocking machine-generated domains (DGA), which are created by the millions
- Dynamically updating domain reputations and enforcing access control
Data protection and classification
- Identifying risky user behavior such as insider threats and data exfiltration using neural networks
- Supervised and unsupervised device classification
User experience and policy automation
- Optimizing policies for business performance and risk reduction based on unsupervised learning, clustering, and a two-tower neural network
- Proactively detecting and automatically remediating cloud issues based on abductive reasoning, time series anomaly detection, and a prophet forecasting AI model
Suggested Resources
Zscaler AI-powered threat prevention
AI-powered security services informed by the world’s largest security cloud help keep you safe from never-before-seen threats.
Artificial intelligence that stops cyberattacks
Human defense alone isn’t enough. Advanced attackers are already using AI and the cloud to spin up the next wave of never-before-seen attacks at speed and scale. To take back the upper hand, security teams need AI-powered defenses that can accurately predict and proactively protect against the evolving threat landscape.
Zscaler AI acts as a force multiplier for your security team, using proprietary multidimensional host analysis to predict and detect new and evasive malware other tools can’t see, AI-powered phishing detection to block malicious pages and stop credential theft, and an AI-powered policy engine that mitigates risk by continually optimizing policies.
Zscaler AI-powered user experience
AI intelligently optimizes connection speeds and outage protection, allowing users to access resources quickly and reliably.
No more choosing between security and productivity
Legacy security approaches slow business down, leaving IT and security teams to balance protection with business enablement. With the Zscaler Zero Trust Exchange, you no longer need to make that tradeoff. Our platform is custom-built to use scalable cloud resources for lightning-speed connectivity. AI monitors cloud operations and ensures every user has a fast, seamless, reliable experience.
When issues arise, AI significantly reduces the time required to troubleshoot by suggesting a potential root cause. Zscaler algorithms analyze data across apps, services, users, and regions due to ISPs, Wi-Fi, backhauling, VPN, internet, and more to provide root cause analysis and ensure your users have the best possible experience.
Zscaler AI-powered policy automation
AI analyzes and auto-generates access policies for better visibility, faster access, and zero trust enforcement.
Less administration, less risk
Organizations spend countless hours manually creating and maintaining complex access policies that are often static and overly permissive. Zscaler intelligent policy uses AI to predict who may need access to resources in the future and identify risky behaviors or policies that should be restricted. By optimizing policies dynamically in real time, Zscaler enables zero trust-based risk reduction while optimizing end user experience, all without requiring manual administration.
Zscaler AI-powered platform optimization
AI maximizes platform performance and resiliency with intelligent capacity planning, proactive alerting, root cause analysis, and real-time platform updates.
Our platform is continuously improving
AI is woven throughout our backend and frontend, enabling our teams to ensure our platform is consistently fast, secure, and resilient for all customers. Our AIOps capabilities identify and alert on ISP outages, detect and remediate customer issues, and help autoscale cloud resources in anticipation of demand surges. Artificial intelligence also helps drive more than 250,000 unique security updates daily, keeping protections up to date for all Zscaler customers.