Zscaler Acquires Symmetry Systems to Strengthen Cloud Security and Zero Trust

Zscaler today announced a significant expansion of AI capabilities across its Zero Trust Exchange platform. The company is embedding advanced AI models to strengthen threat detection, automate security policy enforcement, and deliver more intelligent visibility into user, device, and application behavior in increasingly complex cloud environments.

This move comes as organizations face rising pressure to secure hybrid workforces, multi-cloud architectures, and the growing use of AI tools inside the enterprise. Traditional security approaches struggle with the volume, speed, and sophistication of modern threats, particularly as employees and agents interact with both sanctioned and unsanctioned AI applications.

“As enterprises rapidly adopt AI, the old playbook for governing access built around users and directories cannot scale to millions of AI agents,"

"With Symmetry Systems, we are adding the access graph that maps how every identity, application, and data source connects across the enterprise. This foundational visibility is what Zscaler’s Zero Trust Exchange will use to govern agent-to-application and agent-to-agent communication at scale, giving customers the actionable control they need to safely embrace AI.”

Jay Chaudhry, Chairman and CEO of Zscaler

Zscaler’s new AI features aim to address these challenges by moving beyond static rules and signatures toward dynamic, context-aware security decisions. The enhancements focus on three core areas: faster and more accurate threat identification, automated policy recommendations and enforcement, and deeper behavioral analytics that help security teams understand normal versus anomalous activity at scale.

For CISOs and governance teams, this announcement reflects a broader industry trend where major security vendors are investing heavily in AI to keep pace with both attacker innovation and the rapid adoption of generative and agentic AI tools inside the enterprise.

Key Terms

• Zero Trust Exchange: Zscaler’s core cloud-native platform that connects users, devices, and applications securely without relying on traditional network perimeters.

• AI-Powered Threat Detection: Use of machine learning models to identify threats in real time by analyzing behavior patterns rather than just known signatures.

• Policy Automation: AI systems that recommend or automatically apply security policies based on user behavior, risk signals, and business context.

• Behavioral Analytics: Continuous monitoring of how users, devices, and applications interact to establish baselines and detect anomalies.

• Agentic AI Security: Security controls designed specifically for autonomous AI agents that can take actions, use tools, and interact with systems independently.

These terms represent the shift Zscaler is making — from traditional rule-based security to more intelligent, adaptive controls capable of handling modern cloud and AI workloads.

Conditions Driving This Change

• Organizations are rapidly migrating critical workloads to multi-cloud environments while simultaneously rolling out generative and agentic AI tools across departments, creating a level of complexity that traditional perimeter-based security can no longer handle effectively.

• Employees and autonomous AI agents now routinely interact with hundreds of SaaS applications and external services, often bypassing corporate networks entirely and making visibility and control significantly more difficult for security teams.

• The speed of AI adoption inside enterprises is accelerating faster than security teams can update policies and controls, leading to a widening gap between innovation and protection.

• Attackers are increasingly leveraging AI themselves to automate reconnaissance, craft sophisticated phishing campaigns, and discover vulnerabilities at scale, raising the sophistication and volume of threats security teams must address daily.

• Security operations centers continue to suffer from alert fatigue as the number of daily alerts grows, making it harder for analysts to identify genuine threats amid the noise.

• Business leaders are demanding faster deployment of AI capabilities to maintain competitive advantage, often pressuring security teams to approve use cases before proper controls and oversight can be established.

• Regulatory expectations around data protection, privacy, and AI governance are increasing, requiring organizations to demonstrate effective oversight of how AI systems access and process sensitive information.

• The rise of agentic AI systems that can independently take actions and use tools has introduced new risks around autonomous behavior, identity management, and unintended actions that traditional security tools were not designed to address.

What Threat Detection Looked Like Before

Before this latest wave of AI integration, Zscaler and most cloud security platforms relied primarily on rule-based systems, signature detection, and static policies. Security teams configured policies manually based on known threats, user roles, and basic contextual signals such as location or device type. Threat detection depended heavily on matching activity against databases of known malicious indicators.

Visibility was often fragmented. Security teams could see traffic flowing through the platform, but understanding the full context of user and application behavior required significant manual effort. When new threats emerged, teams had to create or update rules manually, which created delays between threat discovery and effective protection.

For organizations adopting AI tools, security was largely an afterthought. Teams used basic allow/block lists for applications like ChatGPT or Claude, with limited ability to inspect what users were actually doing inside those tools. Agentic systems, where AI could take independent actions, were either blocked entirely or allowed with minimal oversight. Governance and security teams struggled with the pace of change, often approving use cases without deep visibility into potential risks. The entire approach was reactive — waiting for something bad to happen and then responding after the fact.

What It Looks Like Now

With Zscaler’s new AI enhancements, security is becoming significantly more dynamic and intelligent. The platform now uses advanced AI models to analyze behavior in real time, establish normal patterns, and detect anomalies that would have been difficult to catch with traditional rules.

Instead of relying solely on static policies, the system can now recommend and automatically apply context-aware controls based on user behavior, risk signals, and business needs. Threat detection has moved from signature-based matching to behavioral analysis that can identify sophisticated attacks even when they don’t match known patterns.

“Symmetry Systems’ mission is deep security research that earns real customer love. Zscaler is an inspiration on both counts,”

"We believe the dominant security platforms of the AI era will govern how information flows between identities across zero-trust networks. As AI disintermediates applications, endpoints, and traditional network boundaries, identities and data become the new control plane for enterprise security.”

Mohit Tiwari, CEO, Symmetry Systems

For agentic AI and generative tools, organizations now have better visibility into how these systems are being used and what actions they are taking. The platform can flag unusual agent behavior, suspicious tool usage, or potential data exfiltration attempts more effectively than before.

Security teams are shifting from spending most of their time manually tuning rules to focusing on higher-level strategy and investigation. Alerts are more accurate and actionable. Overall, the approach is moving from reactive, manual security operations toward proactive, intelligent protection that can better keep pace with both legitimate AI adoption and evolving threats.