Zscaler exec says AI security must shift to intent

Zscaler’s Swamy Kocherlakota said on the CAIO Connect Podcast at Zenith Live in Las Vegas that companies need a new security model for AI agents. He argued that enterprises must pair AI innovation with tighter governance, Zero Trust controls, and systems that understand intent as autonomous tools spread across the business. Why it matters: - AI agents are changing enterprise risk by acting with more independence than traditional software. - Kocherlakota said security teams now need to protect both data and AI systems, not just networks. - The shift affects CIOs, CISOs and Chief AI Officers trying to deploy AI without increasing exposure. What happened: - Dr. Swamy Kocherlakota, executive vice president of Agentic AI Engineering at Zscaler, spoke with CAIO Connect Podcast host Sanjay Puri at Zenith Live in Las Vegas. - Kocherlakota said organizations must rethink cybersecurity for the age of AI agents. - He said traditional security practices are no longer enough as autonomous systems take on a bigger role in enterprise operations. The details: - Kocherlakota said years in artificial intelligence convinced him that security was often treated as an afterthought. - At Zscaler, he leads teams focused on using AI to defend against AI-powered threats. - He said customer conversations in recent months show CIOs, CISOs and Chief AI Officers are struggling to roll out AI safely while maintaining innovation and business growth. - Kocherlakota said accountability still sits with Chief Risk Officers and Chief Information Security Officers. - He said those leaders must create policies and enforce governance as AI agents begin to act independently. - He said AI systems need to understand intent and follow organizational policies. - Kocherlakota pointed to advanced AI tools such as Anthropic’s Project Mythos as examples of how AI can identify large numbers of software vulnerabilities. - He said many organizations already struggle to fix known weaknesses, and AI is making that problem more urgent. - He said AI can help identify and repair vulnerabilities, but it also helps attackers find and connect weaknesses faster. - Kocherlakota urged organizations to adopt Zero Trust architectures that make applications and infrastructure invisible to unauthorized users. - He said, “Make yourself disappear, especially to the people you don’t want to appear to.” - He said employees are already using AI tools whether companies approve them or not. - He said AI services are easy to access through everyday web traffic, so organizations need visibility into how employees and systems are using them. - He advised Chief AI Officers and CIOs to set clear controls while still allowing responsible innovation. - He also warned about Model Context Protocol, or MCP, technology that lets AI agents access tools and services. - He said weak governance around MCP could expose organizations to unauthorized tools, prompts and skills. Between the lines: - Kocherlakota’s comments frame AI security as a governance problem as much as a technical one. - The emphasis on intent suggests future controls may need to evaluate what an AI agent is trying to do, not just whether a request is permitted. - The focus on shadow AI shows that enterprise risk is spreading from sanctioned systems to employee-driven use of public AI tools. What’s next: - Kocherlakota said the partnership between Chief AI Officers and CISOs will become one of the most important relationships inside modern enterprises. - He said future security leaders will need to understand applications, infrastructure, AI models and business goals. - He said companies that align AI and security strategies will be better positioned to gain a competitive advantage while managing new risks.