In the age of AI-based threats, zero-trust is no longer enough

As AI-based threats continue to dominate the conversation around security, it’s no surprise that half (50%) of organizations are on track to adopt zero-trust data governance by 2028. In the past few years, zero-trust has become the cornerstone of modern cybersecurity strategy – but the emergence of AI means it’s no longer strong enough to tackle rapidly developing AI-based threats alone.

As AI threats continue to rise, CISOs are challenging the misconception that zero-trust architecture (ZTA) is a one-size-fits-all solution which can give organizations peace of mind, and means they don’t need to worry about security. Instead, they are focused on maximizing ZTA’s capabilities while also recognizing its shortcomings and where additional forms of security are necessary.

Author Fellow at Pluralsight.

Some professionals argue that zero trust is nothing more than OAuth, but in reality ZTA is far more comprehensive and is a strategic framework, not just a protocol. With deepfake fraud attempts rising 94% year-on-year and attack surfaces expanding, ZTA is more important than ever, but AI-backed attacks growing by almost 100% in 2025 means that other forms of security are also necessary.

ZTA can strengthen cybersecurity by continuously assessing access, but it cannot fully prevent insider attacks, software vulnerabilities or physical security breaches. As AI learning models advance in their capabilities to enter systems unnoticed, a variety in security protocols are needed to challenge it.

Why the protection doesn’t change, regardless of the threat

Traditional cybersecurity models, including ZTA, were designed around predictable human behavior and manually executed attacks, but the rise of AI-powered systems means that speed and scale of attacks has changed significantly.

ZTA-based security systems were built and implemented at a time when the biggest threat to security was human threat actors entering systems to download malware onto them. This is timely and very manual, with threat actors trying lists of passwords to enter systems or sending phishing emails. AI-driven autonomous systems can operate independently, so while the core principles of security remain unchanged, the methods used to implement them must evolve to address the threats these systems face.

Internet security systems still depend on protecting attack surfaces, which are consistently expanding due to the introduction of new pathways for autonomous decision-making and machine-to-machine interaction. AI systems require more connectivity compared with manual ones, creating more opportunities for agents to exploit vulnerabilities both intentionally and accidentally.

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Natural language itself is also an attack surface, with AI systems accepting ambiguous instructions without questioning their context or intention. This means attackers can manipulate systems through emails, messages and hidden text, creating new attack surfaces and making AI agents far more vulnerable to attacks than traditional systems, which require detailed code inputted by a skilled developer to operate.

Human-in-the-loop controls are crucial for natural-language based attacks, with systems unable to distinguish between suspicious or correct prompts. Maintaining human controls over security measures, even those that are largely automated, ensures that attacks which use natural language or hidden context can be identified.

A measurable approach to security minimizes blast radius

ZTA minimizes an attacker’s ‘blast radius’ by assuming that no user or device should be inherently trusted, even once initial access has been granted. It prevents threat actors from moving across systems, meaning that should a compromise happen, the attacker will struggle to reach sensitive systems or escalate privileges without permission.

AI accelerates attack attempts, scanning environments continuously and testing permissions automatically. It can adapt strategies in real time, changing methods of attack and discovering system weaknesses much faster than humans can through manual searches. AI attacks increasingly exploit layers including workflows and agent-to-agent interactions, changing the fundamentals of what is required of ZTA systems.

As a result, ZTA systems must evolve beyond static identity and access controls to continuously monitor interactions between autonomous agents, responding dynamically to abnormal activity in real time and shifting zero-trust from a user-focused model to one capable of governing machine-to-machine ecosystems.

By using quantifiable data and continuous evaluation, cybersecurity teams can determine whether newly implemented controls are effective, turning security systems into an evidence-based process.

Misconceptions around ZTA can lead to heightened security threats

Many experts believe that ZTA means AI can be deployed safely without additional security controls. ZTA reduces certain categories of risk but does not guarantee total safety once AI has entered a system, or has been built into internal workflows.

Zero-trust was built around human identity, and focuses on verifying who a user is, whether they are acting unusually and if their device is compliant. But AI-based threats can enter systems successfully using false biometrics or by guessing passwords, or may have been given access to a system previously to automate tasks.

An authorized AI agent can leak sensitive data or misuse the tools it already has access to without ever alerting ZTA that something is wrong. In order to use ZTA accurately, cybersecurity professionals must avoid overconfidence in its ability to ensure that AI systems behave safely or truthfully once access is granted.

Diversifying security defenses against AI-driven threats

Alongside ZTA, organizations must also implement additional tools to protect against attacks - systems that ensure that AI is not left unsupervised to make its own decisions without interference. AI systems continuously evolve, with models updating regularly, meaning organizations need strict governance processes and safety benchmarking to become a permanent part of security, not just occasional checks every few weeks or months.

As threats continue to diversify and evolve, security needs to do the same, and one-size-fits-all systems are quickly becoming a thing of the past. For CISOs, a multi-pronged approach can keep their organizations safe and prevent various different types of attacks. Combining approaches including ZTA, threat intelligence and human-in-the-loop can create overlapping layers of protection that reduce single points of failure.

Mature ZTA implications make access decisions dynamically using contextual factors, allowing systems to continuously evaluate risk and limit lateral movement even if credentials are compromised. Agentic AI does not render ZTA useless, but its autonomous behavior means ZTA systems need to become more context-aware and adaptive in order to govern machine-drive interactions in real time.

We feature the best patch management software.

This article was produced as part of TechRadar Pro Perspectives, our channel to feature the best and brightest minds in the technology industry today.

The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/pro/perspectives-how-to-submit