Zscaler Acquires Symmetry Systems to Gain Data Graph
Zscaler plans to acquire Symmetry Systems, Inc. to add graph technology that applies artificial intelligence (AI) to access logs that are used to determine what data is being accessed by which identities.
Dhawal Sharma, executive vice president for AI security and strategic initiatives at Zscaler, said when added to the Zero Trust Exchange platform this graph capability will make it possible to build and enforce policies across a wide range of workflows, including those incorporating artificial intelligence (AI) agents.
The goal is to enable cybersecurity teams to more easily secure data being accessed by both human and non-human identities by mapping their full lineage, he added.
That latter category of identities now includes ephemeral AI agents that are more challenging to secure because over time their tentacles continue to spread as they discover more data sources, noted Sharma. AI agents, unlike other types of non-human identities, are designed to independently perform tasks in ways that are difficult to predict, he noted.
The graph technology developed by Symmetry Systems maps both granted and actual-use permissions across every identity. In the case of AI agents, cybersecurity teams will be able to trace any piece of data an AI agent touches in real time, even when it passes through a chain of sub-agents, as they conduct audits, investigations, and compliance reviews, said Sharma.
Any unexpected agent behavior will then trigger automated Zero Trust Exchange responses to reduce risks and limit exposure, he added.
Before too long, there will be thousands of AI agents accessing massive amounts of data. The issue, of course, is that they also present a rich target for cybercriminals to compromise. If the credentials used by an AI agent are compromised, it’s possible an entire business process might be compromised.
In addition, it won’t be too long before cybercriminals attempt to insert malicious AI agents of their own into those workflows. The only way to detect those AI agents is to identify anomalous behavior that would be indicative of a breach.
Unfortunately, a recent Zscaler report finds that when enterprise AI systems are tested under real adversarial conditions, they break almost immediately. In controlled scans, critical vulnerabilities surfaced in minutes, not hours. The median time to first critical failure was just 16 minutes, with 90% of systems compromised in under 90 minutes.
At this point, it’s not so much a question of whether AI applications and infrastructure will be compromised but rather to what extent. At the moment, many organizations are deploying AI agents with not much regard to the cybersecurity implications. It will likely require multiple significant breaches to occur before organizations realize they need to revisit their entire approach to data security in the age of AI.
In the meantime, cybersecurity teams should at the very least be creating an inventory of the data assets they will need to protect. After all, while applying guardrails to AI agents might be advisable, the last line of defense has always been the strength of the platforms and tools used to secure data no matter who or what is accessing it.
