Zscalerのブログ

Zscalerの最新ブログ情報を受信

登録する
Products & Solutions

While You Embrace AI, Fix This Fast

image
AI/MLSecurity InsightsZero Trust ArchitectureStop CyberattacksData SecurityRisk ManagementZscaler Internet Access (ZIA)Zscaler Private Access (ZPA)Zscaler Zero Trust Exchange (ZTE)

コンテンツ

  1. Introduction
  2. 1. If You’re Reachable, You’re Breachable
  3. 2. Lateral Movement Makes Small Problems Big
  4. Zero Trust Changes the Equation
  5. This Is the Foundation for AI
  6. Before You Embrace AI, Fix This First
  7. FAQ
  8. おすすめのブログ

Introduction

AI is here and enabling tangible, real-world use cases.

Boards are talking about it. Teams are experimenting with and deploying it. Roadmaps are being rewritten around it.

But there’s a hard truth most organizations are not always paying attention to:

If your foundation isn’t secure, AI will amplify your risk, not just your capability.

Much of the discussion around AI security focuses on models, data, and governance. That’s critical, but something foundational is often missed or brought to light too late

Before you fully embrace AI and become fully operational with it, you need to answer two questions:

  • What resources can be reached from the internet?
  • What can move laterally in your enterprise?

If you don’t control those two things, you will always be exposed to breaches.

1. If You’re Reachable, You’re Breachable

AI doesn’t just introduce new capabilities, it also introduces new and faster ways to discover and exploit your infrastructure which can happen accidentally or maliciously.

Agents, automation, and modern tooling can continuously scan and profile IT environments at machine speed. What used to take time, skill, and persistence now happens by default and is accessible to not only broad and skilled adversarial audiences but also unskilled but motivated ones.

If your applications or infrastructure are exposed, public IPs, open ports, reachable services, they are not just available. They are visible, profilable, and targetable.

This means:

  • You are continuously being mapped
  • Your posture is being analyzed
  • Your weaknesses are being identified and exploited faster than ever

The reality is simple:

If something can be reached, it can be profiled. If it can be profiled, it can be exploited and breached, and that includes your AI models.

Reducing the attack surface—namely, making AI models and applications invisible unless explicitly accessed—is no longer a best practice.

It’s table stakes.

2. Lateral Movement Makes Small Problems Big

Even in well-defended environments, initial access is rarely the end goal.

It’s the starting point.

In traditional attacks, lateral movement is what turns a foothold into a breach. Once inside your environment, attackers move across systems, escalate privileges, and expand impact.

With AI, that risk doesn’t just remain, it accelerates.

AI agents are dynamic. They connect to systems, interact across environments, and increasingly act with autonomy. Whether they’re running on endpoints, inside your infrastructure, or interacting with third parties, they create new and often unintended paths.

If an AI agent is compromised or simply behaves in an unexpected way the ability to move laterally can turn a contained issue into a systemic one.

Think of a clinical AI agent with access to patient Electronic Health Records, connected to labs, imaging systems, and billing platforms.

Now imagine it gains access to more than it should, or simply takes a path no one anticipated, and starts touching records across patients, departments, or even external systems.

Patient data doesn’t have to be “stolen” to be compromised. It just has to be exposed.

This is the risk most organizations underestimate.

Eliminating lateral movement is not about improving detection. It’s about removing the opportunity entirely.

Zero Trust Changes the Equation

This is where architecture matters.

Zero Trust is not a control layered on top. It’s a different way of designing connectivity.

Zscaler’s Zero Trust Exchange is built on this simple principle:
Nothing is trusted. Everything is verified. Access is explicit.

There is no implicit network access like with firewalls or with flat networks. No broad connectivity to exploit.

Instead:

  • Applications are not exposed to, and therefore not discoverable from, the internet
  • Users, workloads, and agents connect only to what they are explicitly allowed to, for example the apps only
  • Every connection is verified, scoped, and continuously monitored and evaluated
  • Crosstalk is visible, and even failed attempts to communicate are immediately brought to attention

The result is a fundamentally different security posture.

Even if something goes wrong and an AI agent “finds a way”, the blast radius is drastically reduced:

  • To a specific user
  • To a specific workload
  • To explicitly allowed connections

There is no network to traverse. No hidden paths to discover. If alarms are blaring, remediation is immediate!

This Is the Foundation for AI

Organizations that are moving quickly and safely on AI are not starting with models.

They’re starting with architecture.

They are:

  • Reducing the attack surface by making your AI models invisible to the internet, so there is less to discover and exploit
  • Eliminating lateral movement in case your AI is compromised and behaves in an unexpected way, so issues cannot spread
  • Designing for containment by default just in case, things go south

This doesn’t slow innovation. It enables it.

Because once the foundation is in place, teams can experiment, deploy, and scale AI with confidence without exposing the broader enterprise.

Alibaba Incident

We are not just recommending you to protect your AI deployments, we are recommending it strongly as such a case happened recently with Alibaba. Read our blog here to know more about this incident.

The Bottom Line

AI will explore,  connect, and find paths you didn’t expect or don't know exist.

The question is not whether that happens. The question is whether your architecture assumes it will. Before you embrace AI at scale, address the foundation. Reduce what can be reached. Eliminate how things can move. Everything else builds on that.

Before You Embrace AI, Fix This First

AI is accelerating fast and so are the risks.

Most security conversations focus on models and data. The bigger issue is much more fundamental: what can be reached can be breached and what can move laterally inside your environment can turn minor issues into major ones —intentional or accidental.

If your applications are exposed, they can be discovered, scanned, and breached. If lateral movement is possible, a small issue can quickly become a systemic one, especially with AI agents that operate across systems.

This is why leading organizations are focusing first on two things:

  • Reducing the attack surface so nothing is reachable unless explicitly allowed
  • Eliminating lateral movement through Zero Trust architecture

Get this foundation right, and AI becomes an accelerator.

Get it wrong, and it amplifies risk.

Read more.

FAQ

AI speeds up discovery and exploitation by enabling automated scanning, profiling, and attack chaining. If apps, services, or models are internet-reachable, attackers can identify weaknesses faster and turn small exposures into larger incidents.

It means minimizing what’s exposed to the internet—closing public ports, removing direct inbound access, and limiting reachable services. AI apps and models should be invisible by default and accessible only through explicit, verified access.

Lateral movement is how attackers pivot from an initial foothold to other systems. AI agents connect across apps and data, so unexpected permissions or compromised credentials can quickly expand impact and exposure.

Zero Trust replaces implicit network trust with explicit, verified access per session. Users, workloads, and agents connect only to allowed apps—not networks—shrinking discoverability and limiting blast radius if compromise occurs.

Start with architecture: inventory what’s internet-facing, eliminate unnecessary exposure, segment access to specific apps, enforce least privilege, and continuously verify connections. This foundation enables AI experimentation without widening enterprise risk.

form submtited
お読みいただきありがとうございました

このブログは役に立ちましたか?

vote yes
はい
vote no
いいえ

免責事項:このブログは、Zscalerが情報提供のみを目的として作成したものであり、「現状のまま」提供されています。記載された内容の正確性、完全性、信頼性については一切保証されません。Zscalerは、ブログ内の情報の誤りや欠如、またはその情報に基づいて行われるいかなる行為に関して一切の責任を負いません。また、ブログ内でリンクされているサードパーティーのWebサイトおよびリソースは、利便性のみを目的として提供されており、その内容や運用についても一切の責任を負いません。すべての内容は予告なく変更される場合があります。このブログにアクセスすることで、これらの条件に同意し、情報の確認および使用は自己責任で行うことを理解したものとみなされます。

おすすめのブログ

Artificial Intelligence

When Seconds Count: Moving from Reactive Patching to Machine-Speed Defense

投稿を読む
The Director's Cut May 2026

The Director's Cut: When AI Agents Go Off-Script

投稿を読む
Zscaler Implements GPT-5.5-Cyber

The Next Advancement with OpenAI: Zscaler Steps Up To GPT-5.5-Cyber

投稿を読む
A Practical Enterprise Guide to AI Governance: Mapping NIST AI RMF (and Related Guidance) to Enforceable Controls

A Practical Enterprise Guide to AI Governance: Mapping NIST AI RMF (and Related Guidance) to Enforceable Controls

投稿を読む

01 / 02

Zscalerの最新ブログ情報を受信

このフォームを送信することで、Zscalerのプライバシー ポリシーに同意したものとみなされます。