CyberWire Daily — The Role of AI in Zero Trust [CyberWire-X]

Host: Dave Bittner (N2K Networks)
Guest: Deepen Desai (Chief Security Officer, Zscaler)
Date: November 6, 2025

Episode Overview

This CyberWire-X special edition explores the powerful convergence of artificial intelligence (AI) and Zero Trust architectures in cybersecurity. Host Dave Bittner and Deepen Desai, Chief Security Officer at Zscaler, discuss how AI-driven Zero Trust solutions not only reinforce security but also automate data discovery, enhance operational efficiency, streamline user experience, and unlock measurable cost savings. The episode emphasizes practical integration, challenges, and the future trajectory towards potentially autonomous, self-healing security systems.

Key Discussion Points & Insights

1. The “Giga Wave” of AI in Security (01:26)

Paradigm Shift: AI represents an exponential technological wave (“giga wave”) in organizational productivity, efficiency, and security risk management.
- Quote: “Just like we've gone through several different major changes... now we're in an age where it's AI and it's a huge exponential change...” — Deepen Desai (01:39)
Security Imperative: As organizations adopt AI for legitimate purposes, adversaries also weaponize AI for attacks, making secure usage a top concern.

2. Core Zero Trust Principles and AI’s Role (02:48)

Zero Trust Fundamentals:
1. Never trust, always verify identities and devices.
2. Enforce least privilege.
3. Assume breach (limit blast radius of compromises).
AI Enhancements:
- Threat prevention via predictive ML and generative AI.
- Attack surface reduction (both external and internal).
- Automated segmentation: AI suggests optimal user-to-app policies based on traffic patterns and departmental data.
  - Quote: “AI will recommend very specific tailored user to app segmentation policies..." — Deepen Desai (05:21)
- Preventing lateral movement within networks.

3. Integration and the Importance of Platform (06:28)

Platform Philosophy:
- Best-of-breed integration is key; avoid attempting to “be everything.”
- Zscaler acts as a "switchboard" connecting entities and focuses on core communication and filtering, integrating with leaders for identity and endpoint security.
- AI’s Role: Facilitates integration between specialized platforms without diluting their effectiveness.
- Quote: “If a platform starts to claim doing everything out there, then it dilutes the effectiveness.” — Deepen Desai (06:34)

4. AI-Enabled Data Discovery and Protection (08:14)

Traditional Issues: Manual configuration of sensitive data policies is burdensome and error-prone.
AI Solutions:
- Custom ML models per organization automate sensitive data discovery and classification.
- Scalability and high efficacy in tagging and protecting critical data.
- Quote: “AI does a phenomenal job at doing that with high efficacy and at scale.” — Deepen Desai (08:57)

5. Safeguarding Privacy and Compliance in Automation (09:29)

Top CXO Concern: Secure use of AI to prevent inadvertent data leakage or compliance breaches.
Safeguards Outlined:
1. Discovery: Inventory and monitor sanctioned and unsanctioned (“shadow”) AI usage.
2. Guardrails: Policy-based restrictions and inspection of data input/output to AI apps (e.g., controlling the types of data exposed to specific AI use cases).
  - Quote: “…having those guardrails where you are able to inspect what goes into these AI models and what comes out of the AI model is equally important.” — Deepen Desai (10:53)
3. Red Teaming: Proactively attacking internal systems to uncover weaknesses before adversaries do.
4. Governance: Implementation in line with frameworks such as NIST, and leveraging evolving compliance tools.

6. AI Improving User Experience and Operations (13:06)

AI for IT Operations:
- Proactive detection and diagnosis of user experience issues (e.g., network problems), with automated root cause analysis and recommendations.
- Impact: Faster troubleshooting, fewer help desk tickets, quicker remediation.
- Quote: “AI can absolutely detect issues proactively. It can improve user experience... generate a report on why a user experience issue happened and recommend mitigative steps...” — Deepen Desai (13:11)

7. Operational and Financial Impacts (14:55)

Help Desk Efficiency: Major reduction in support tickets (by up to 70-80%) via AI-driven agents handling routine queries.
- Quote: “Agents taking those initial questions... resulting in 70 to 80% less tickets that were hitting that help desk.” — Deepen Desai (14:22)
Cost Savings: Tool unification and operational streamlining deliver measurable financial benefits; efficiencies become evident in months, not years.

8. Autonomous and “Self-Healing” Security (16:24)

Current State: AI is augmenting, not replacing, Security Operations Center (SOC) teams. Agents handle lower-tier tasks and weed out noise (false positives).
Toward Automation: Some agents can already recommend and, if permitted, autonomously enforce policy changes and remediate attacks.
- Quote: “...one of the agents is remediation agent... right now assist the tier 3 tier 4 analyst, but it is fully capable of invoking those API calls if given permission to heal.” — Deepen Desai (17:24)
Near Future: Semi-autonomous and eventually fully autonomous, self-healing systems are likely within a year’s reach.

9. Common Concerns and Misconceptions (18:00)

Initial Hesitation: Early fears centered on generative AI risks led organizations to “block everything” by default.
Current Consensus: Secure adoption of AI is now a board-level mandate; biggest risks involve adversarial AI, model poisoning, data theft, and AI-powered attacks.
Defensive Imperative: “You need to leverage AI to fight AI.” Zero Trust is foundational for defense against evolving AI-enabled threats.

10. The Risk of Being Left Behind (20:53)

Shift in Attitude: Organizations now recognize “Fear Of Missing Out” (FOMO)—if they don’t embrace and enable secure AI adoption, they risk competitive and operational disadvantage.
- Quote: “That fear of missing out is no longer the case. They know that they will be left behind if they don't enable the business in doing this.” — Deepen Desai (21:24)

Notable Quotes

AI’s Security Role:
“You need to leverage AI to fight AI... zero trust fundamentally will set your architecture up in a way that you're able to defend against lot of these unknown unknowns that you're going to see when AI is being leveraged by the bad guys.” — Deepen Desai (19:46)
On Automation:
“It absolutely takes care of some of the lower tier response activity. It is able to weed out noise as well, like false positives...” — Deepen Desai (16:43)
On Unifying Security:
“By unifying data protection, automating discovery and accelerating troubleshooting, organizations can simplify their security stack while strengthening their defences.” — Dave Bittner (21:47)

Timestamps for Key Segments

AI’s impact on Zero Trust: 01:39–06:07
Platform integration and AI: 06:28–07:57
AI-enabled data discovery: 08:14–09:19
Automating privacy/compliance safeguards: 09:29–12:36
AI for user experience & help desk: 13:06–14:55
Financial impact: 14:55–16:02
Autonomous security (self-healing): 16:24–18:00
Misconceptions & risks of lagging adoption: 18:00–21:47

Overall Tone

The tone is insightful and pragmatic, focused on both the promise and perils of rapidly evolving AI in the cybersecurity landscape. Both speakers stress the urgency of responsible, integrated adoption while acknowledging remaining challenges and painting a vivid picture of the near future’s possibilities.

CyberWire Daily — The Role of AI in Zero Trust [CyberWire-X]

Host: Dave Bittner (N2K Networks)
Guest: Deepen Desai (Chief Security Officer, Zscaler)
Date: November 6, 2025

Episode Overview

Key Discussion Points & Insights

1. The “Giga Wave” of AI in Security (01:26)

Paradigm Shift: AI represents an exponential technological wave (“giga wave”) in organizational productivity, efficiency, and security risk management.
- Quote: “Just like we've gone through several different major changes... now we're in an age where it's AI and it's a huge exponential change...” — Deepen Desai (01:39)
Security Imperative: As organizations adopt AI for legitimate purposes, adversaries also weaponize AI for attacks, making secure usage a top concern.

2. Core Zero Trust Principles and AI’s Role (02:48)

Zero Trust Fundamentals:
1. Never trust, always verify identities and devices.
2. Enforce least privilege.
3. Assume breach (limit blast radius of compromises).
AI Enhancements:
- Threat prevention via predictive ML and generative AI.
- Attack surface reduction (both external and internal).
- Automated segmentation: AI suggests optimal user-to-app policies based on traffic patterns and departmental data.
  - Quote: “AI will recommend very specific tailored user to app segmentation policies..." — Deepen Desai (05:21)
- Preventing lateral movement within networks.

3. Integration and the Importance of Platform (06:28)

Platform Philosophy:
- Best-of-breed integration is key; avoid attempting to “be everything.”
- Zscaler acts as a "switchboard" connecting entities and focuses on core communication and filtering, integrating with leaders for identity and endpoint security.
- AI’s Role: Facilitates integration between specialized platforms without diluting their effectiveness.
- Quote: “If a platform starts to claim doing everything out there, then it dilutes the effectiveness.” — Deepen Desai (06:34)

4. AI-Enabled Data Discovery and Protection (08:14)

Traditional Issues: Manual configuration of sensitive data policies is burdensome and error-prone.
AI Solutions:
- Custom ML models per organization automate sensitive data discovery and classification.
- Scalability and high efficacy in tagging and protecting critical data.
- Quote: “AI does a phenomenal job at doing that with high efficacy and at scale.” — Deepen Desai (08:57)

5. Safeguarding Privacy and Compliance in Automation (09:29)

Top CXO Concern: Secure use of AI to prevent inadvertent data leakage or compliance breaches.
Safeguards Outlined:
1. Discovery: Inventory and monitor sanctioned and unsanctioned (“shadow”) AI usage.
2. Guardrails: Policy-based restrictions and inspection of data input/output to AI apps (e.g., controlling the types of data exposed to specific AI use cases).
  - Quote: “…having those guardrails where you are able to inspect what goes into these AI models and what comes out of the AI model is equally important.” — Deepen Desai (10:53)
3. Red Teaming: Proactively attacking internal systems to uncover weaknesses before adversaries do.
4. Governance: Implementation in line with frameworks such as NIST, and leveraging evolving compliance tools.

6. AI Improving User Experience and Operations (13:06)

AI for IT Operations:
- Proactive detection and diagnosis of user experience issues (e.g., network problems), with automated root cause analysis and recommendations.
- Impact: Faster troubleshooting, fewer help desk tickets, quicker remediation.
- Quote: “AI can absolutely detect issues proactively. It can improve user experience... generate a report on why a user experience issue happened and recommend mitigative steps...” — Deepen Desai (13:11)

7. Operational and Financial Impacts (14:55)

Help Desk Efficiency: Major reduction in support tickets (by up to 70-80%) via AI-driven agents handling routine queries.
- Quote: “Agents taking those initial questions... resulting in 70 to 80% less tickets that were hitting that help desk.” — Deepen Desai (14:22)
Cost Savings: Tool unification and operational streamlining deliver measurable financial benefits; efficiencies become evident in months, not years.

8. Autonomous and “Self-Healing” Security (16:24)

Current State: AI is augmenting, not replacing, Security Operations Center (SOC) teams. Agents handle lower-tier tasks and weed out noise (false positives).
Toward Automation: Some agents can already recommend and, if permitted, autonomously enforce policy changes and remediate attacks.
- Quote: “...one of the agents is remediation agent... right now assist the tier 3 tier 4 analyst, but it is fully capable of invoking those API calls if given permission to heal.” — Deepen Desai (17:24)
Near Future: Semi-autonomous and eventually fully autonomous, self-healing systems are likely within a year’s reach.

9. Common Concerns and Misconceptions (18:00)

Initial Hesitation: Early fears centered on generative AI risks led organizations to “block everything” by default.
Current Consensus: Secure adoption of AI is now a board-level mandate; biggest risks involve adversarial AI, model poisoning, data theft, and AI-powered attacks.
Defensive Imperative: “You need to leverage AI to fight AI.” Zero Trust is foundational for defense against evolving AI-enabled threats.

10. The Risk of Being Left Behind (20:53)

Shift in Attitude: Organizations now recognize “Fear Of Missing Out” (FOMO)—if they don’t embrace and enable secure AI adoption, they risk competitive and operational disadvantage.
- Quote: “That fear of missing out is no longer the case. They know that they will be left behind if they don't enable the business in doing this.” — Deepen Desai (21:24)

Notable Quotes

AI’s Security Role:
“You need to leverage AI to fight AI... zero trust fundamentally will set your architecture up in a way that you're able to defend against lot of these unknown unknowns that you're going to see when AI is being leveraged by the bad guys.” — Deepen Desai (19:46)
On Automation:
“It absolutely takes care of some of the lower tier response activity. It is able to weed out noise as well, like false positives...” — Deepen Desai (16:43)
On Unifying Security:
“By unifying data protection, automating discovery and accelerating troubleshooting, organizations can simplify their security stack while strengthening their defences.” — Dave Bittner (21:47)

Timestamps for Key Segments

AI’s impact on Zero Trust: 01:39–06:07
Platform integration and AI: 06:28–07:57
AI-enabled data discovery: 08:14–09:19
Automating privacy/compliance safeguards: 09:29–12:36
AI for user experience & help desk: 13:06–14:55
Financial impact: 14:55–16:02
Autonomous security (self-healing): 16:24–18:00
Misconceptions & risks of lagging adoption: 18:00–21:47

wavePod

The role of AI in Zero Trust. [CyberWire-X]

Powered by Wave AI

Summary

CyberWire Daily — The Role of AI in Zero Trust [CyberWire-X]

Episode Overview

Key Discussion Points & Insights

1. The “Giga Wave” of AI in Security (01:26)

2. Core Zero Trust Principles and AI’s Role (02:48)

3. Integration and the Importance of Platform (06:28)

4. AI-Enabled Data Discovery and Protection (08:14)

5. Safeguarding Privacy and Compliance in Automation (09:29)

6. AI Improving User Experience and Operations (13:06)

7. Operational and Financial Impacts (14:55)

8. Autonomous and “Self-Healing” Security (16:24)

9. Common Concerns and Misconceptions (18:00)

10. The Risk of Being Left Behind (20:53)

Notable Quotes

Timestamps for Key Segments

Overall Tone

Summary

CyberWire Daily — The Role of AI in Zero Trust [CyberWire-X]

Episode Overview

Key Discussion Points & Insights

1. The “Giga Wave” of AI in Security (01:26)

2. Core Zero Trust Principles and AI’s Role (02:48)

3. Integration and the Importance of Platform (06:28)

4. AI-Enabled Data Discovery and Protection (08:14)

5. Safeguarding Privacy and Compliance in Automation (09:29)

6. AI Improving User Experience and Operations (13:06)

7. Operational and Financial Impacts (14:55)

8. Autonomous and “Self-Healing” Security (16:24)

9. Common Concerns and Misconceptions (18:00)

10. The Risk of Being Left Behind (20:53)

Notable Quotes

Timestamps for Key Segments

Overall Tone