• In the age of AI-based threats, zero-trust is no longer enough

    From TechnologyDaily@1337:1/100 to All on Tue Jun 16 15:30:25 2026
    In the age of AI-based threats, zero-trust is no longer enough

    Date:
    Tue, 16 Jun 2026 14:21:15 +0000

    Description:
    The emergence of AI-based threats means zero-trust is no longer strong enough to tackle these alone.

    FULL STORY ======================================================================Copy link Facebook X Whatsapp Reddit Pinterest Flipboard Threads Email Share this article 0 Join the conversation Follow us Add us as a preferred source on Google Newsletter Subscribe to our newsletter As AI-based threats continue to dominate the conversation around security, its no surprise that half (50%) of organizations are on track to adopt zero-trust data governance by 2028. In
    the past few years, zero-trust has become the cornerstone of modern cybersecurity strategy but the emergence of AI means its no longer strong enough to tackle rapidly developing AI-based threats alone.

    As AI threats continue to rise, CISOs are challenging the misconception that zero-trust architecture (ZTA) is a one-size-fits-all solution which can give organizations peace of mind, and means they dont need to worry about
    security. Instead, they are focused on maximizing ZTAs capabilities while
    also recognizing its shortcomings and where additional forms of security are necessary. Dr. Lyron Andrews Social Links Navigation

    Author Fellow at Pluralsight. Some professionals argue that zero trust is nothing more than OAuth, but in reality ZTA is far more comprehensive and is
    a strategic framework, not just a protocol. With deepfake fraud attempts rising 94% year-on-year and attack surfaces expanding, ZTA is more important than ever, but AI-backed attacks growing by almost 100% in 2025 means that other forms of security are also necessary. Latest Videos From Watch full video here:

    ZTA can strengthen cybersecurity by continuously assessing access, but it cannot fully prevent insider attacks, software vulnerabilities or physical security breaches. As AI learning models advance in their capabilities to enter systems unnoticed, a variety in security protocols are needed to challenge it. Why the protection doesnt change, regardless of the threat Traditional cybersecurity models, including ZTA, were designed around predictable human behavior and manually executed attacks, but the rise of AI-powered systems means that speed and scale of attacks has changed significantly. You may like How AI agents are wrecking havoc in legacy security setups and enterprises are catching up AI innovation meets a
    familiar identity security reality From cloud to Agentic AI: Why security
    must evolve faster than innovation

    ZTA-based security systems were built and implemented at a time when the biggest threat to security was human threat actors entering systems to download malware onto them. This is timely and very manual, with threat
    actors trying lists of passwords to enter systems or sending phishing emails. AI-driven autonomous systems can operate independently, so while the core principles of security remain unchanged, the methods used to implement them must evolve to address the threats these systems face.

    Internet security systems still depend on protecting attack surfaces, which are consistently expanding due to the introduction of new pathways for autonomous decision-making and machine-to-machine interaction. AI systems require more connectivity compared with manual ones, creating more opportunities for agents to exploit vulnerabilities both intentionally and accidentally. Are you a pro? Subscribe to our newsletter Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed! Contact me with news and offers from other Future brands Receive email from us on behalf of our trusted partners
    or sponsors By submitting your information you agree to the Terms &
    Conditions and Privacy Policy and are aged 16 or over.

    Natural language itself is also an attack surface, with AI systems accepting ambiguous instructions without questioning their context or intention. This means attackers can manipulate systems through emails, messages and hidden text, creating new attack surfaces and making AI agents far more vulnerable
    to attacks than traditional systems, which require detailed code inputted by
    a skilled developer to operate.

    Human-in-the-loop controls are crucial for natural-language based attacks, with systems unable to distinguish between suspicious or correct prompts. Maintaining human controls over security measures, even those that are
    largely automated, ensures that attacks which use natural language or hidden context can be identified. A measurable approach to security minimizes blast radius ZTA minimizes an attackers blast radius by assuming that no user or device should be inherently trusted, even once initial access has been granted. It prevents threat actors from moving across systems, meaning that should a compromise happen, the attacker will struggle to reach sensitive systems or escalate privileges without permission. What to read next Maintaining cyber control when AI can act autonomously If everyone is rushing to board the AI ship why are so few workflows secure? The AI trust advantage: How smarter security wins customer confidence

    AI accelerates attack attempts, scanning environments continuously and
    testing permissions automatically. It can adapt strategies in real time, changing methods of attack and discovering system weaknesses much faster than humans can through manual searches. AI attacks increasingly exploit layers including workflows and agent-to-agent interactions, changing the
    fundamentals of what is required of ZTA systems.

    As a result, ZTA systems must evolve beyond static identity and access controls to continuously monitor interactions between autonomous agents, responding dynamically to abnormal activity in real time and shifting zero-trust from a user-focused model to one capable of governing machine-to-machine ecosystems.

    By using quantifiable data and continuous evaluation, cybersecurity teams can determine whether newly implemented controls are effective, turning security systems into an evidence-based process. Misconceptions around ZTA can lead to heightened security threats Many experts believe that ZTA means AI can be deployed safely without additional security controls. ZTA reduces certain categories of risk but does not guarantee total safety once AI has entered a system, or has been built into internal workflows.

    Zero-trust was built around human identity, and focuses on verifying who a user is, whether they are acting unusually and if their device is compliant. But AI-based threats can enter systems successfully using false biometrics or by guessing passwords, or may have been given access to a system previously
    to automate tasks.

    An authorized AI agent can leak sensitive data or misuse the tools it already has access to without ever alerting ZTA that something is wrong. In order to use ZTA accurately, cybersecurity professionals must avoid overconfidence in its ability to ensure that AI systems behave safely or truthfully once access is granted. Diversifying security defenses against AI-driven threats
    Alongside ZTA, organizations must also implement additional tools to protect against attacks - systems that ensure that AI is not left unsupervised to
    make its own decisions without interference. AI systems continuously evolve, with models updating regularly, meaning organizations need strict governance processes and safety benchmarking to become a permanent part of security, not just occasional checks every few weeks or months.

    As threats continue to diversify and evolve, security needs to do the same, and one-size-fits-all systems are quickly becoming a thing of the past. For CISOs, a multi-pronged approach can keep their organizations safe and prevent various different types of attacks. Combining approaches including ZTA,
    threat intelligence and human-in-the-loop can create overlapping layers of protection that reduce single points of failure.

    Mature ZTA implications make access decisions dynamically using contextual factors, allowing systems to continuously evaluate risk and limit lateral movement even if credentials are compromised. Agentic AI does not render ZTA useless, but its autonomous behavior means ZTA systems need to become more context-aware and adaptive in order to govern machine-drive interactions in real time. We feature the best patch management software . This article was produced as part of TechRadar Pro Perspectives , our channel to feature the best and brightest minds in the technology industry today.

    The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/pro/perspectives-how-to-submit



    ======================================================================
    Link to news story: https://www.techradar.com/pro/in-the-age-of-ai-based-threats-zero-trust-is-no- longer-enough


    --- Mystic BBS v1.12 A49 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)