Zuora Harnesses Zscaler’s AI-Powered Cybersecurity to Advance AI Innovation

At Zuora, we provide SaaS companies with SaaS monetization solutions that enable them to drive growth and profitability while providing a superior customer experience that expands reach and accelerates retention. We are big believers in using GenAI and agentic AI to continually innovate and improve our platform to meet the needs of today’s dynamic and evolving digital business environment. We use AI throughout our product portfolio—from our built-in self-service help feature to automated billing and payment collection to customizable paywalls for media and publishing companies. 

While we are making huge gains by leveraging AI to power automation and intelligence in our products, we’re also well aware of the risks. That’s where our adoption of the Zscaler Zero Trust Exchange platform comes into play. In just four months, we successfully transitioned from our legacy castle-and-moat infrastructure to an AI-powered zero trust architecture that provides agility and comprehensive security at scale. Beyond that, the Zscaler platform helps us directly address the AI security concerns we struggled with previously. It is exactly what we need to drive our business forward.

Navigating GenAI risks with Zscaler at the helm

We encourage our users to use GenAI applications to increase their productivity and support their creativity. At the same time, we are mindful of the potential for data loss through inadvertent over-sharing; attacks that bypass security controls; delivery of hidden malware in AI traffic, and various forms of abuse, such as tampering with AI models and shadow GenAI. 

A big challenge in securing GenAI apps is their use of the WebSockets protocol for real-time data streaming and communication between clients and servers. While this technology encrypts traffic to protect data, it also can be leveraged by attackers to deliver hidden malware. 

The question that was keeping us up at night was: How to tackle these issues and break through the blind spots? The answer came to us early on in our zero trust journey when we deployed Zscaler Internet Access (ZIA). Its AI-specific technology provides us with the deep level of visibility and control we needed. ZIA covers all the bases by:

• Inspecting encrypted WebSockets and TLS/SSL traffic for exploits and data exfiltration in real time while applying robust protections.
• Preventing data loss by disabling cut, paste, upload, and download activities and blocking data loss across all AI interactions.
• Logging and scrutinizing every user prompt used online and within AI applications
• Enforcing policies that provide access only to authorized GenAI tools.
• Educating users on AI best practices.

On the radar: agentic AI security

The next phase of our transformation journey will focus on securing applications that use AI agents. Unlike GenAI, these autonomous agents operate with minimal human input or intervention. They collect data from different sources, perform complex tasks, and make independent decisions, often collaborating with other AI agents. 

Just as we are dedicated to creating an exceptional online subscriber journey for our customers, we are equally passionate about providing our employees with an optimized experience to enhance productivity and job satisfaction. We currently have about 150 SaaS applications, and about half use AI agents. Instead of enabling and managing a collection of siloed AI agents, I envision a “super-agent” that works with specified AI agents in a coordinated ecosystem. This would enable employees to go to a single location to access their own personal AI assistant to help them get their work done more rapidly and efficiently.

However, before we make this a reality, we need to ensure that this ecosystem is fully secured. Like GenAI, AI agents come with their own set of risks and vulnerabilities. Along with abuse, malware injection, and data loss, AI agents can also be weaponized for malicious purposes by adversaries, such as deliberately issuing disinformation and making unauthorized decisions with potentially harmful consequences.

Staying ahead of the innovation game with Zscaler

Fortunately, we have already established a resilient and secure environment by implementing Zscaler, with its ability to provide direct, secure connectivity between users, applications, and devices and its real-time traffic inspection and policy enforcement. 

To further build out our zero trust footprint with agentic AI security in mind, we look forward to exploring Zscaler Breach Predictor. It proactively aggregates and analyzes different sources of security data to gain real-time actionable insights into attacks so that we can make more informed decisions. By preemptively blocking adversarial attack paths and generating breach probability metrics, it can help us prioritize and mitigate agentic AI risk.

Zscaler has already delivered on its “art of the possible” approach with its recent rollout of AI-specific technologies. We look forward to continuing to securely and confidently innovating by taking full advantage of cutting-edge AI tools while adhering to transparent and ethical use of this technology.

To learn more about how our zero trust journey ties into our usage of GenAI and agentic AI, read the Zuora case study.