Zero Trust In The Age Of AI: Why Containment Matters More Than Prevention

1 hour ago 5

Scott Alldridge is CEO of IP Services, a visionary leader, and author of the bestselling VisibleOps book and series.

Artificial intelligence is rewriting cybersecurity at a pace most companies can’t match. Work that used to require top-tier nation-state capability is now within reach for moderately capable attackers because AI tools can write malware, scan and prod systems, automate recon and chain exploits at machine speed.

When advanced models are shown testing hardened operating systems, executive teams should take it personally. The takeaway isn’t only that AI brings new risks. It’s that the old security blueprint, the one many organizations still depend on, is being left behind.

For years, companies built security like a medieval fortress: thick outer walls, a guarded gate, and an assumption that once something was “inside,” it could be treated as safe. That approach is failing.

Today’s intruders rarely smash through the front entrance. They slip in through a neglected API, a stolen login, an overpowered service account or an AI workload nobody fully owns. After that, they move sideways fast, and they move far.

Can you prevent every breach? No, probably not. When something breaks in, can you keep it from spreading? That's the core idea behind zero trust.

Zero Trust Is Not A Product

A common misunderstanding is that zero trust equals rolling out zero trust network access (ZTNA). ZTNA matters, and it helps, but it’s only one piece of a larger operating approach.

Real zero trust isn’t something you buy. It’s a stance rooted in one rule: Trust nothing by default, whether it’s a person or a machine. Users, laptops, apps, workloads, APIs, service accounts, AI agents, nonhuman identities (NHIs)—all of it should start from “prove it.” Every connection and request needs ongoing validation, tight limits and steady monitoring.

Where many organizations fall behind is in focusing mostly on employee access while ignoring how applications, workloads and machine identities talk to each other out of sight. Those hidden routes are exactly where modern attackers live, and AI-driven attackers are heading there even faster.

The Hospital Parable

Picture a hospital dealing with contagious patients.

No one praises a well-run hospital for letting people roam freely between isolation rooms, operating theaters and intensive care. Doctors get into the areas they’re cleared for. Equipment talks only to approved systems. Sensitive wards are separated so contamination can’t race through the building.

Now flip it.

Everyone has a master key. Every device chats with every other device. Every hallway leads to every room. One infection spreads everywhere.

That second hospital is a lot closer to how many business networks still behave.

Microsegmentation is the change in mindset. It creates containment zones around workloads, applications and systems, so that even after a breach, an attacker can’t simply wander across the environment.

That’s modern zero trust in practice, not only controlling who gets in, but controlling what can move where once anything is inside.

AI Has Made Cyberattacks Nonstop

AI makes attackers faster. Work that once took days or weeks can now happen in minutes: mapping infrastructure, hunting APIs, spotting weak systems, building phishing campaigns, listing identities, finding privilege escalation routes, and even automating exploit development.

That compressed timeline changes the whole defensive game. Classic detect-and-respond loops don’t get breathing room. By the time a traditional team sees the alert and starts reacting, an AI-assisted intruder may already have hopped across systems.

That’s why containment is becoming the requirement. If one workstation gets compromised, can ransomware reach the workloads that actually matter? If an API is abused, can the attacker pivot into cloud infrastructure? Can an AI agent touch data stores it should never see?

These are no longer “what if” scenarios. They’re design questions, and leadership teams should be demanding answers.

The Ignored Risk: Nonhuman Identities

One of the most overlooked problems in security right now is nonhuman identities.

Most enterprises now run far more machine identities than human ones, including service accounts, API keys, OAuth tokens, bots, app credentials, cloud workload identities and AI agents. Too many organizations still handle these carelessly, with credentials baked into code, privileges that are far too broad, secrets shared across systems, or tokens that live forever.

AI systems are especially good at finding and exploiting this mess, because machines behave consistently and the trust relationships between them are often loosely managed.

Zero trust can’t stop at people. It has to cover workload-to-workload traffic, API access and machine privileges, not just employee logins. Microsegmentation policies are one of the practical ways to make that real.

Security Starts With Visibility

VisibleOps got one thing right that still holds: You can’t protect what you can’t see.

Many organizations don’t actually know which workloads are talking to each other, which APIs are exposed to the internet, where unnecessary trust relationships exist, which service accounts have dangerous reach, and what AI systems are touching sensitive data.

Before zero trust can work, the environment has to be understood as it really operates, not as it’s assumed to operate.

Modern microsegmentation platforms can surface that detail, exposing communication paths that older tools often miss. Once you can see the pathways, you can design containment around them.

Questions Every Executive Should Be Asking

Executives don’t need to turn into security engineers, but they do need to push for sharper, operational questions:

• How far can an attacker go if a single system is compromised?
• Are workloads truly separated from each other?
• Are our APIs governed with least privilege?
• What’s our plan for nonhuman identities?
• Can AI systems reach sensitive production environments?
• Have we tested containment of a breach, not only detection of one?

If leadership can’t get clear answers, then “zero trust” is probably being treated as a slogan instead of an operating reality.