Zero Trust was born from a simple premise: trust nothing by default.
Over the past decade, security teams have applied that principle to users, devices, applications, and networks. Identity became the new perimeter. Continuous verification became the new access model. While implementation remains a work in progress for many organizations, the core concepts are now widely accepted across the industry.
The rise of agentic AI presents the next logical challenge.
Enterprises are beginning to deploy AI agents that can do more than answer questions. They can retrieve data, execute workflows, interact with business systems, and make decisions with varying degrees of autonomy. In effect, organizations are introducing a new class of actor into their environments—one that doesn't fit neatly into traditional categories of user, application, or machine.
As a result, Zero Trust is entering its next phase.
AI presents fresh challenges
The issue isn't that AI agents are inherently malicious, but that they behave differently from the systems security teams have traditionally been tasked with protecting. Unlike deterministic software that follows predefined rules, AI agents interpret instructions, make judgments, and operate in ways that can be difficult to predict. That flexibility is what makes them powerful. It is also what creates risk.
An agent instructed to clean a database might understand that task differently than the person who issued the request. An agent given access to multiple enterprise systems might connect information in ways developers never anticipated. An agent exposed to manipulated prompts or malicious instructions could take actions that technically align with its permissions but violate organizational intent.
Recent examples have shown agents deleting resources, executing unintended actions, and in some cases providing inaccurate explanations about what occurred afterward. While the specifics vary, the underlying lesson remains consistent: organizations cannot rely solely on the AI model to make the right decision every time.
That reality is reshaping how security leaders think about AI risk.
Much of the early conversation around securing AI has focused on prompts, guardrails, and model behavior. Those controls matter, but they address only part of the problem. The more fundamental question is whether an agent should be allowed to perform a particular action in the first place.
That's where Zero Trust principles become increasingly relevant.
The same concepts that organizations use to govern human access, identity verification, least-privilege permissions, continuous monitoring, and policy enforcement, are now being applied to autonomous software. Security teams need to know which agents exist, what systems they can access, what commands they are authorized to execute, and how their activities are being monitored.
In many ways, AI agents are becoming a new category of privileged user.
Xage/NVIDIA partnership reflects larger trend
Roman Arutyunov, co-founder and chief product officer at Xage Security, believes that shift requires security controls that extend beyond the prompt layer.
During a recent discussion with CYBR.SEC.Media, he explained that organizations need visibility into agent actions, granular permission controls, command-level restrictions, and stronger identity mechanisms to govern how agents interact with enterprise systems and data.
"Prompt guardrails are important, but they're not enough," he said. "Organizations need foundational controls that determine what an agent can access, what it can do, and how its actions are governed."
That philosophy is reflected in Xage's recent work with NVIDIA.
The companies recently announced support for Xage's Zero Trust for Agentic AI capabilities on NVIDIA's Vera BlueField-4 STX architecture. While the announcement focuses on product integration, it also illustrates a larger trend emerging across the industry. Security controls are moving deeper into the infrastructure stack, closer to where AI workloads execute and where critical decisions about access and authorization can be enforced.
The objective is straightforward: don't depend entirely on the agent to make the correct decision. Establish boundaries that prevent harmful actions even when an agent misinterprets instructions, encounters unexpected conditions, or is manipulated by an attacker.
That approach mirrors lessons security teams have learned repeatedly over the past two decades. Organizations don't secure human users by assuming they will never make mistakes. They implement controls that limit the impact when mistakes occur. The same principle increasingly applies to AI.
This shift will likely accelerate as organizations move from experimental AI projects to production deployments involving multiple interconnected agents operating across cloud, data center, edge, and operational technology environments. As those systems gain access to sensitive data and business processes, governance becomes just as important as intelligence.
Security leaders spent the last decade learning how to apply Zero Trust principles to people, devices, and applications. The next decade may be defined by applying those same principles to autonomous software.
AI agents are rapidly becoming participants in enterprise operations. The organizations that succeed will be the ones that understand exactly what those agents can see, what they can do, and how those actions are controlled.
Infographic:
