AI is causing a crisis of confidence and new security risks, but it also offers opportunities if companies continue to develop the zero trust concept.

Artificial intelligence is not only driving operational transformation processes in companies, but also defence strategies against cyber threats. As technology changes at an unprecedented pace, security managers are faced with challenges and opportunities that will test their adaptability in the coming year. The following cybersecurity trends from Zscaler for 2026 should be the focus of attention:

1) Overcoming the trust crisis

In the digital age, it is important to distinguish trustworthy information from misinformation. With the rise of fake news, AI-generated content & personas, and threats, organisations can no longer rely on implicit trust within flat networks. As attackers exploit their first-mover advantage and use AI for research, compromise and code generation, or launch attacks via large language model (LLM) prompts, generative AI poses the risk of data leaks and an information advantage for innovative attacks by attackers that companies must counter.

The zero trust approach helps build trust for authorised data exchange. However, as this trust erodes due to the use of AI by attackers, companies must move away from predictable security. In 2026, the zero trust security approach will evolve and be used for asymmetric trust. Deception technologies will strengthen defences and be less transparent to attackers. Honeypots and decoys create ‘negative trust,’ and these fake assets protect real data.

2) AI will transform the composition of the workforce

The advancement of AI is changing not only the threat landscape, but also workforce structures. The rise of agent-based AI – autonomous systems that interact and link APIs to perform complex tasks – will bring new vulnerabilities, but also opportunities for businesses. The complexity of these AI-driven connections means that errors can have far-reaching and potentially serious consequences.

As AI tools become increasingly accessible in various formats, companies must train their workforce to use AI responsibly so that innovation does not undermine security. Cybersecurity experts would do well to extend zero trust approaches to artificial agents, viewing them as an extension of the human workforce.

3) Zero trust is shifting from minimal permissions to minimal information

Zero trust security models have traditionally focused on enforcing the principle of ‘least privilege.’ This means that users and devices are only given the access rights they need to perform their tasks. The evolution of this principle will focus on ‘least possible’ information, placing the criticality of data at the centre. Accordingly, organisations must pay more attention to where their information is located and revise access rights for APIs, third parties and even internal stakeholders.

For technology companies, this change requires a fundamental rethink of how information is managed. Applying zero trust principles to data flows – not just to user and device access – will help reduce the risk of data leaks and unauthorised disclosure. As AI insights are extended to increasingly distributed devices and supported by mobile connectivity, data minimisation strategies should become a focus for security and compliance experts.

4) Risks from supply chains are increasing

The digital supply chain is becoming an increasingly attractive target for cybercriminals. Dependencies on third-party software, open source packages and external services create vulnerabilities that attackers exploit. Compromising open source libraries and OAuth tokens serves as a gateway to larger systems.

As digital ecosystems become increasingly complex and interconnected, companies must be aware of their dependence on this interconnectedness. Therefore, supply chain security must be given strategic priority. This includes rigorous third-party vetting, continuous monitoring of dependencies, and implementation of robust incident response plans to mitigate the impact of breaches and strengthen resilience.

“AI will drive new forms of attack and, at the same time, offer opportunities for more efficient defence strategies – provided that companies modify their security models and consistently involve their workforce. Adapting cybersecurity requires a clear departure from traditional patterns and a greater prioritisation of transparency, data minimisation, and active risk management,‘ summarises James Tucker, Head of CISOs in Residence EMEA at Zscaler. ’The key will be whether companies succeed in using zero trust as a dynamic rather than a static principle.”