Zenith Live Conference 2026: AI-Powered Threats Demand AI-Powered Defense  | eSecurity Planet
Artificial Intelligence
SHARE
Facebook X Pinterest WhatsApp

Zenith Live Conference 2026: AI-Powered Threats Demand AI-Powered Defense 

At Zscaler Zenith Live 2026, Deepen Desai shared why AI-powered threats require zero trust and machine-speed defenses.

Written By
Ken Underhill
Ken Underhill
Jun 15, 2026
4 minute read
eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More

At Zscaler’s Zenith Live 2026, I sat down with Deepen Desai, Chief Security Officer and EVP of Research and Development at Zscaler, to discuss how artificial intelligence (AI) is reshaping cybersecurity. 

Our conversation focused on the growing speed and scale of AI-enabled attacks, the emergence of Zscaler’s Mythos initiative, and what security leaders should prioritize to prepare for a future where both attackers and defenders increasingly rely on AI.

Key Takeaways

  • AI is accelerating attacker speed and scale, making vulnerability discovery, exploit development, and attack chaining faster and more accessible to less-skilled threat actors.
  • Attack chains matter more than individual vulnerabilities, creating a need for security solutions that can perform multistep reasoning and identify how multiple weaknesses can be combined.
  • Zero trust remains one of the most effective defenses, with organizations using Zscaler’s Zero Trust Exchange reportedly reducing their lateral attack surface by up to 80%.
  • Machine-speed threats require machine-speed defenses, including AI-powered triage, attack path prediction, deception technologies, and automated response capabilities.
  • For budget-conscious CISOs, the priorities are clear: invest in zero trust, observability, and regular tabletop exercises to improve prevention, visibility, and incident readiness.

AI Is Accelerating Old Problems

One of the biggest takeaways from my discussion with Deepen was that AI is often not creating entirely new security problems. 

Instead, it is amplifying challenges security teams have been dealing with for years.

According to Deepen, industry research suggests that approximately 29% of CISA Known Exploited Vulnerabilities (KEVs) are exploited within 24 hours of disclosure. 

A key concern is that AI dramatically increases the speed at which threat actors can identify vulnerabilities, develop exploit paths, and launch attacks.

What previously required skilled attackers and significant manual effort can now be accomplished faster and at greater scale. 

AI also lowers the barrier to entry, allowing less experienced threat actors to execute attacks that once required advanced expertise.

Advertisement

Why Attack Chains Matter More Than Ever

Deepen emphasized that organizations need to move beyond viewing vulnerabilities in isolation. 

A single low-priority CVE may not appear dangerous on its own, but attackers rarely rely on a single weakness.

Instead, they build attack chains.

By combining multiple low- and medium-severity vulnerabilities, attackers can achieve a significant compromise. 

AI enables threat actors to identify these chains faster than ever before, creating new challenges for defenders.

This is why Deepen believes modern security platforms must be capable of multistep reasoning. 

Security teams need solutions that can understand how seemingly unrelated weaknesses connect and how attackers may move through an environment.

As AI increases attacker speed, defenders need technology capable of operating at machine speed as well.

Reducing Reachability Reduces Risk

One quote from Deepen stood out during our conversation:

“If it’s not reachable, it’s not breachable.”

That philosophy aligns closely with zero trust principles

Rather than exposing applications and services directly to the internet, organizations should focus on hiding access and providing users with secure, identity-based connectivity.

According to Deepen, organizations using the Zscaler Zero Trust Exchange have seen an 80% reduction in lateral attack surface. 

Limiting reachability makes it harder for attackers to discover targets, move laterally, and escalate privileges after gaining initial access.

He also stressed the importance of autonomous segmentation and microsegmentation to minimize the blast radius of a successful compromise.

Advertisement

Preparing for Mythos and AI-Driven Threats

Deepen also outlined what he called six key steps to Mythos preparedness:

  1. Minimize the attack surface by moving applications behind a Zero Trust Exchange.
  2. Minimize blast radius through segmentation, guest network isolation, and deception technologies.
  3. Implement zero trust access controls, including TLS inspection, browser isolation, and traffic inspection.
  4. Discover and manage AI applications, models, and agents.
  5. Continuously identify, prioritize, and remediate vulnerabilities.
  6. Conduct automated red teaming and adversarial testing.

These recommendations reinforce a recurring theme in modern cybersecurity: visibility, access control, and continuous validation remain foundational, even as AI changes the threat landscape.

AI’s Role in Security Operations

While AI is helping attackers move faster, it is also creating opportunities for defenders.

Deepen highlighted the value of AI agents for triage, contextual analysis, and attack path prediction. 

Combined with deception technologies and decoys, these capabilities can help organizations identify threats earlier and focus analyst attention where it matters most.

He also pointed to Zscaler’s managed detection and response (MDR) capabilities, which have helped customers achieve a reported 99.9% noise reduction. 

For security teams overwhelmed by alert fatigue, reducing noise may be one of the most valuable applications of AI today.

Advertisement

Where CISOs Should Invest

When I asked Deepen what he would prioritize if a CISO had a limited budget, his answer was straightforward:

  1. Zero Trust
  2. Observability
  3. Tabletop exercises focused on worst-case scenarios

I found this advice practical because it balances prevention, visibility, and preparedness. 

Organizations cannot defend what they cannot see, and they cannot effectively respond to incidents they have never practiced.

How AI Is Reshaping Security Teams 

Deepen and I also discussed how AI will reshape security careers

We agreed that cybersecurity professionals will need to upskill faster than ever before. 

Some entry-level SOC functions may become increasingly automated, but humans will remain essential for judgment, decision-making, and oversight.

The future of cybersecurity will not be humans versus AI. 

It will be humans working alongside AI to defend against increasingly sophisticated machine-speed threats. 

Organizations that embrace zero trust, improve visibility, and leverage AI responsibly will be far better positioned to succeed in that future.
Ken Underhill

Ken Underhill is an award-winning cybersecurity professional, bestselling author, and seasoned IT professional. He holds a graduate degree in cybersecurity and information assurance from Western Governors University and brings years of hands-on experience to the field.

eSecurity Planet Logo

eSecurity Planet is a leading resource for IT professionals at large enterprises who are actively researching cybersecurity vendors and latest trends. eSecurity Planet focuses on providing instruction for how to approach common security challenges, as well as informational deep-dives about advanced cybersecurity topics.

facebook
linkedin
x

Company

About us Contact us Advertise with us

Categories

Best Products Resources Networks Cloud Threats Trends Endpoint Applications Compliance

Property of TechnologyAdvice. © 2026 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

Terms of Service Privacy Policy California - Do Not Sell My Information