At RSAC 2026, I sat down with Adam Geller, Chief Product Officer at Zscaler, to talk about one of the biggest challenges facing security teams right now: how to secure AI without slowing it down.
What struck me was how differently Zscaler is approaching the problem compared to many others in the space.
- Rethinking AI Security Beyond Point Solutions
- AI Adoption Mirrors the Early Cloud Security Gap
- The Visibility Gap in Enterprise AI
- Inside Zscaler’s AI Security Ecosystem
- Applying Zero Trust to AI Access
- Securing AI Across the Full Lifecycle
- Reducing Tool Sprawl With an Integrated Approach
- The Urgency of Securing AI at Scale
- AI Security Must Be Built In, Not Bolted On
Rethinking AI Security Beyond Point Solutions
Geller explained that while a lot of vendors are focused on solving a single AI security issue — like prompt injection or data leakage — Zscaler took a step back and asked a bigger question: how do you secure the entire AI ecosystem?
Instead of adding more point solutions, they built what he described as a comprehensive AI security ecosystem designed to align with how organizations actually adopt AI.
AI Adoption Mirrors the Early Cloud Security Gap
This approach feels especially relevant given how fast AI is spreading across enterprises. From generative AI tools to embedded AI in SaaS applications and now agentic AI, the attack surface is expanding rapidly.
It reminded me of what we saw during the early days of cloud adoption. Organizations moved fast to embrace cloud for agility and scale, but security models lagged behind, leading to misconfigurations, visibility gaps, and new attack paths.
AI is following a similar trajectory — rapid adoption first, with security racing to catch up.
The Visibility Gap in Enterprise AI
Zscaler notes that most organizations lack a clear view of all the AI applications, models, and infrastructure in use, which makes it difficult to understand risk or enforce policy.
That visibility gap is becoming one of the biggest barriers to secure AI adoption.
Geller emphasized that every organization has a different risk appetite when it comes to AI.
Some are moving aggressively to deploy AI-driven applications, while others are taking a more cautious approach.
The problem is that many security solutions don’t account for that variability. Instead, they apply one-size-fits-all controls that either slow down innovation or leave gaps in protection.
Inside Zscaler’s AI Security Ecosystem
Zscaler’s AI Security Suite is designed to address this by giving organizations flexibility while still maintaining control.
The platform focuses on three core areas: visibility, access, and protection across the AI lifecycle.
First, it provides a comprehensive inventory of AI assets, helping teams identify everything from GenAI tools to embedded AI features and underlying infrastructure.
This is critical for uncovering shadow AI and understanding how data flows through different systems.
Applying Zero Trust to AI Access
Second, it extends zero trust principles to AI access. This means applying granular controls, inspecting interactions, and even classifying prompts in real time to reduce the risk of data leakage or misuse.
As AI traffic becomes more dynamic and non-human, traditional security models struggle to keep up. Zscaler’s approach is to bring context-aware inspection into these interactions, ensuring that access decisions are based on behavior, not just identity.
Securing AI Across the Full Lifecycle
The third pillar focuses on securing AI applications and infrastructure throughout their lifecycle. This includes automated red teaming, prompt hardening, and runtime guardrails to detect and mitigate threats as they emerge.
According to Zscaler, traditional security tools were not designed to handle these new types of risks, such as prompt injection or context poisoning, which require continuous monitoring and adaptation.
Reducing Tool Sprawl With an Integrated Approach
One of the more interesting points Geller made was around tool sprawl.
Many organizations are layering multiple security tools to address different aspects of AI risk, which can create complexity and blind spots.
By building an integrated ecosystem, Zscaler aims to reduce that sprawl and provide a more unified view of risk. This not only simplifies operations but also helps security teams make more informed decisions about how to govern AI usage.
Another key takeaway for me was how early Zscaler chose to engage on this topic.
Geller mentioned that the company intentionally announced its AI Security Suite ahead of RSAC to avoid getting lost in the noise of the conference.
That decision reflects a broader trend in the industry — AI security is moving so quickly that waiting for traditional launch cycles or conference announcements can mean falling behind.
The Urgency of Securing AI at Scale
The urgency is real. Zscaler’s ThreatLabz research found that many enterprise AI systems could be compromised in minutes due to critical vulnerabilities, underscoring how unprepared many organizations are for this shift.
As AI continues to evolve, the gap between innovation and security is only going to widen unless organizations rethink their approach.
AI Security Must Be Built In, Not Bolted On
From my perspective, the most important insight from our conversation is that AI security cannot be treated as a bolt-on capability.
It has to be built into the foundation of how organizations design, deploy, and manage AI systems.
That means understanding the full AI footprint, applying consistent policies, and continuously monitoring for new risks.
Ultimately, Geller’s message was clear: securing AI is not about slowing innovation — it’s about enabling it. By taking a holistic, ecosystem-driven approach, organizations can move faster with confidence, rather than constantly reacting to new threats.
As enterprises continue to adopt AI at scale, the question is no longer whether to secure it, but how.
And based on what I heard at RSAC, the answer lies in stepping back, looking at the bigger picture, and building security strategies that are as dynamic as the technology they are meant to protect.