'AI is no longer just a productivity tool, but a primary weapon for rapid autonomous attacks by both cybercriminals and nation-states,' says Deepen Desai, EVP Cybersecurity at Zscaler. 'In the era of Agentic AI, a breach can lead to lateral movement and data theft within minutes. Traditional defense mechanisms cannot keep up with this speed and are becoming obsolete. To win this race, organizations must combat AI with AI by implementing an intelligent zero trust architecture that closes all possible attack vectors.'
AI in the Organization: Emerging Trends and Security Issues
AI adoption is outpacing oversight
AI is now used in nearly all business functions, but in many sectors, adoption is scaling faster than oversight can keep up. The financial and insurance sector remains the most AI-driven sector by volume - accounting for 23% of all AI/ML traffic. The technology and education sectors are experiencing tremendous growth in the number of transactions annually, at 202% and 184%, respectively. Nevertheless, Zscaler's research reveals a critical gap: many organizations still lack a basic inventory of active AI models and built-in AI features, leaving them unaware of where sensitive data is vulnerable.
100% of AI systems are found to be vulnerable to breaches
While discussions about AI security often focus on hypothetical threats, Zscaler's Red Team research reveals a stark reality: when AI systems are tested under real hostile conditions, they fail almost immediately. Controlled scans uncovered critical vulnerabilities within minutes. The median time to the first critical failure was just 16 minutes. 90% of systems were compromised within 90 minutes. In the most extreme case, security was bypassed in one second.
ThreatLabz further warns that autonomous and semi-autonomous Agentic AI leads to more automated cyberattacks. In these cases, AI agents are deployed for reconnaissance, exploitation, and lateral movement. Defenders must assume that attacks can scale and adapt at 'machine speed.'
AI usage quadruples, leading to new vulnerabilities in the supply chain
ThreatLabz found that the amount of AI/ML activity increased by 91% compared to a year earlier, reaching an ecosystem of over 3,400 applications. This rapid adoption has resulted in many organizations losing clear visibility into which AI models interact with which data or the supply chain behind it. ThreatLabz warns that this AI supply chain is increasingly becoming a primary target for cybercriminals, as vulnerabilities in commonly used model files allow attackers to gain lateral access to companies' core systems.
Unmanaged embedded AI creates critical data leak risks
A tremendous amount of activity is occurring on 'standalone AI' such as ChatGPT, which recorded 115 billion transactions in 2025, and Codeium, which recorded 42 billion transactions. 'Embedded AI', AI functionalities that are directly integrated into everyday SaaS applications and platforms, have become one of the fastest-growing sources of unmanaged AI risks. Because these features are often enabled by default and are not detected by traditional security filters, they create a backdoor through which sensitive business data can inadvertently enter AI models. Of all analyzed platforms, Atlassian was a major source of embedded AI activity. This finding reflects the widespread application of AI-driven features within its core platforms, including Jira and Confluence.
18,000TB of data in AI models presents a new target for attackers
In 2025, the amount of business data transferred to AI/ML applications rose to 18,033 terabytes (TB) - an increase of 93% compared to the previous year. This is roughly equivalent to 3.6 billion digital photos. This massive influx of data has transformed tools like Grammarly (3,615TB) and ChatGPT (2,021TB) into the world's most concentrated repositories of business intelligence.
This data flow has led to 410 million violations of Data Loss Prevention (DLP) policies solely from ChatGPT. These include attempts to access social security numbers, source code, and medical records. These findings indicate that AI governance has shifted from a policy discussion to an immediate operational necessity. ThreatLabz warns that as these repositories grow, they are increasingly becoming targets for cyber espionage.
Also read: Dynatrace Perform 2026 heralds a new era of autonomous intelligence and innovation
Modernize AI Security with Zero Trust
Traditional firewalls and VPNs fall short in dynamic AI environments, creating gaps in visibility into AI applications and blind spots in security. Zscaler replaces this complexity with AI-native security, providing real-time visibility and guardrails necessary for safe innovation.
The Zscaler Zero Trust Exchange helps organizations stay ahead of AI-driven threats by:
- Eliminating attack surfaces: Continuous verification and access with minimal privileges.
- Blocking AI threats: All traffic, including encrypted data, is inspected to stop threats in real time.
- Protecting data everywhere: Sensitive data is automatically discovered and classified across all environments.
- Neutralizing lateral movements: AI-driven segmentation is used to contain attackers.
- Optimizing responses: Predictive AI is leveraged to accelerate security operations and posture management.
The rapidly increasing adoption of AI requires a new approach to security. Download here the full ThreatLabz 2026 AI Security Report for the comprehensive threat analysis and actionable best practices.
Also read: Zscaler presents various new innovations for secure implementation of AI
Methodology
The report is based on an analysis of 989.3 billion AI/ML transactions generated by approximately 9,000 organizations via the Zscaler Zero Trust Exchange between January 2025 and December 2025. This data provides an evidence-based view of how AI is actually being used (and limited) in global environments.
Also read: KnowBe4 research: personalized phishing emails with company names achieve the highest click rates
