Analyst(s): Fernando Montenegro
Publication Date: June 12, 2026
At Zenith Live 2026, Zscaler announced a broad set of platform innovations spanning agentic AI security and Zero Trust SASE, including AI Broker, AI Access Graph, and the ZAgent Framework. The announcements position Zscaler to govern how AI agents communicate, access data, and run on devices, in a market where every major security vendor is building toward the same control plane.
What Is Covered in This Article:
- Two-track platform push: Zscaler’s Zenith Live announcements span agentic AI security and Zero Trust SASE expansion, covering how agents communicate, access data, and run on devices.
- AI Broker and Agent Registry: Zscaler’s new enforcement layer for A2A and MCP traffic, tracking agent permissions, and applying fine-grained access controls.
- AI Access Graph: Built on the recent Symmetry Systems acquisition, it maps identity and data lineage across the enterprise, providing the visibility layer that the other controls depend on.
- A crowded control plane: SASE vendors, identity vendors, hyperscalers, and purpose-built startups are all converging on agent governance, putting Zscaler’s “first complete platform” claim in a competitive context.
The News: At Zenith Live 2026 in Las Vegas (June 9-10), Zscaler announced platform innovations across two tracks: agentic AI security and Zero Trust SASE expansion.
On the agentic AI front, Zscaler introduced AI Broker, which secures agent-to-agent and model-context-protocol (MCP) communications through an integrated Agent Registry that tracks which agents are permitted to access what. Endpoint AI Security extends threat detection into browser extensions, plugins, and locally running AI tools on employee devices. AI Access Graph, built on Zscaler’s acquisition of Symmetry Systems earlier this year, maps how identities, applications, and data sources connect across the enterprise in real time. Zscaler also announced enhancements to AI Protect, spanning asset discovery, access controls across 250+ GenAI applications, and a new AI red teaming capability for MCP servers.
On the SASE side, Zscaler introduced the ZAgent Framework for natural language administration of the Zero Trust Exchange platform. Additional innovations include a Zero Trust Browser Extension and Enterprise Browser for unmanaged and BYOD devices, Zero Trust B2B Connectivity to replace site-to-site VPNs for partner access, Zero Trust Gateway support for Google Cloud Platform, and automated Kubernetes microsegmentation. Zscaler described the combined announcements as “the industry’s first complete Zero Trust platform for Agentic AI.”
Zscaler Bets on Agentic AI Security at Zenith Live 2026
Analyst Take: The established Zero Trust and SASE platforms have spent years instrumenting user-to-application traffic, and they are good at it. Agentic AI introduces a different problem. A2A calls and MCP protocol traffic can look more like workload-to-workload API exchanges than user-initiated sessions, and may never pass through the same enforcement points at all.
That gap is real. The SASE vendors that figure out how to close it will be doing the right work, and Zscaler’s June 9 announcements are aimed squarely at it.
The MCP and A2A Layer Is the New Inspection Surface
The agent-to-agent communication layer is largely uninstrumented in most enterprise environments today. Agents call other agents, invoke tools through MCP, and retrieve data from sources that may sit outside any existing access control policy. The Agent Registry concept tracks what each agent is authorized to access and applies fine-grained controls to those interactions.
The backdrop matters here. The Agent Control Standard (ACS), launched just two weeks before Zenith Live, reflects a broader industry push to define runtime governance for AI agents. Zscaler’s approach is proprietary, whereas ACS is vendor-agnostic, and enterprises evaluating AI security controls will be weighing that tradeoff. Either way, adoption friction is the practical question: you need to register and classify agents before any governance framework can work, and that cataloging task is harder than it sounds when agent proliferation is already outpacing IT visibility.
Without Identity-and-Data Lineage, Enforcement Is Blind
The Symmetry Systems acquisition is now doing real structural work. AI Access Graph is not a standalone capability; it is the visibility layer that makes the other controls meaningful.
Knowing that an agent is making a request is useful. Knowing what that agent’s identity connects to, which data stores it can reach, and what the lineage of that data looks like is what turns a policy decision into an informed one. Non-human identity governance is a space several major security vendors are actively building toward, so whether the access graph approach gives Zscaler a durable advantage or simply closes a gap others will close independently is a fair question to hold.
Using AI to Run the Platform Itself
The ZAgent Framework inverts the typical framing at Zenith Live. Most announcements are about using Zscaler to govern AI. ZAgent is about using AI to govern Zscaler.
Natural language administration of security platforms is increasingly table stakes; most major vendors have shipped or announced some version of it. What makes ZAgent worth noting is the layer of irony it introduces: Zscaler is now an enterprise deploying agentic workflows to manage its own platform, which means it faces the same AI governance challenges it is selling offerings to address. That tension is not unique to Zscaler; it applies across the industry as vendors embed AI into their own operations. It is, however, a reason to ask pointed questions about how ZAgent’s own actions are instrumented, audited, and controlled before deploying it in production.
The Competitive Field Is Converging on the Same Control Plane
Zscaler’s “industry’s first complete Zero Trust platform for agentic AI” claim is worth holding loosely. On the SASE side, Palo Alto Networks, Cisco, Netskope, Fortinet, and others have active agentic AI programs. Palo Alto Networks is the most direct comparison: Idira, built on the CyberArk acquisition, gives it a SASE-plus-identity posture that mirrors Zscaler’s direction. On the identity side, Okta, SailPoint, Delinea, and others are shipping agent-specific governance offerings now.
The more consequential pressure may come from the hyperscalers. Microsoft’s Agent 365 positions cloud vendors as the natural home for agent discovery and inventory. If that framing holds, SASE platforms become enforcement layers that depend on inventory they don’t own.
Zenity, Pillar Security, and a growing field of purpose-built startups add a third dimension. Zenity in particular is shaping the standards conversation through ACS. None of this makes Zscaler’s announcements wrong. It makes the “first complete platform” claim one to verify over the next few quarters.
What to Watch:
- How quickly does the Symmetry integration deepen? AI Access Graph is the connective tissue of Zscaler’s agentic AI story. Integration depth will determine whether the platform claim holds over the next few quarters.
- How does Zscaler handle east-west agent traffic inside a cloud environment? Zscaler’s traditional strength is north-south traffic. A2A communication often runs east-west within a cloud provider and may never pass through Zscaler’s inspection points at all.
- Can governance work without a complete agent inventory? Agent catalogs are never finished and shadow deployments are common. Frameworks designed for incomplete visibility will outperform those that require it.
- Which category owns agent governance? SASE vendors, identity vendors, hyperscalers, and purpose-built startups are all converging. The winner depends on whether enterprises anchor on network enforcement, identity lineage, or cloud-native inventory.
For more information, read the full announcement from Zscaler here.
Disclosure: Futurum is a research and advisory firm that engages or has engaged in research, analysis, and advisory services with many technology companies, including those mentioned in this article. The author does not hold any equity positions with any company mentioned in this article.
Analysis and opinions expressed herein are specific to the analyst individually and data and other information that might have been provided for validation, not those of Futurum as a whole.
Other Insights From Futurum:
Can Zscaler Own the AI Agent Control Plane?
Can Zscaler and Its GSI Partners Govern the Agentic Enterprise?
RSAC 2026: The AI ‘Tragedy of the Commons’ and the Future of Agentic Security
Author Information
Fernando Montenegro serves as the Vice President & Practice Lead for Cybersecurity & Resilience at The Futurum Group. In this role, he leads the development and execution of the Cybersecurity research agenda, working closely with the team to drive the practice's growth. His research focuses on addressing critical topics in modern cybersecurity. These include the multifaceted role of AI in cybersecurity, strategies for managing an ever-expanding attack surface, and the evolution of cybersecurity architectures toward more platform-oriented solutions.
Before joining The Futurum Group, Fernando held senior industry analyst roles at Omdia, S&P Global, and 451 Research. His career also includes diverse roles in customer support, security, IT operations, professional services, and sales engineering. He has worked with pioneering Internet Service Providers, established security vendors, and startups across North and South America.
Fernando holds a Bachelor’s degree in Computer Science from Universidade Federal do Rio Grande do Sul in Brazil and various industry certifications. Although he is originally from Brazil, he has been based in Toronto, Canada, for many years.
