Here’s the paradox every board in APJ is running into: the only way to earn enough confidence to deploy AI at speed is to architect for zero trust. Trust nothing, verify everything – continuously.Right now, that’s backwards. Enterprises are racing to operationalise AI. Copilots in the contact centre, coding agents in engineering, autonomous workflows in the back office. And the pressure from Sydney to Singapore to Tokyo to Mumbai is the same: move faster.Here’s the part that doesn’t make the boardroom slide: most of these systems are being deployed faster than anyone can secure them.How fast does that gap open? When Zscaler’s ThreatLabz red team tested enterprise AI systems under real adversarial conditions, they found critical flaws in 100% of them. The median time to first critical failure was just 16 minutes (ThreatLabz 2026 AI Security Report).That’s the distance between “we deployed AI” and “we deployed AI we can trust.” And in APJ, that distance is widening faster than almost anywhere on earth. Indian enterprises alone generated more than 82 billion AI/ML transactions in the second half of 2025, second only to the US globally, growing over 300% year on year. The hard part isn’t adopting AI. It’s operationalising it safely.Testing a copilot is easy. The actual job is governing thousands of AI touchpoints: embedded SaaS features, shadow tools running on personal accounts, RAG pipelines, MCP servers, and agents that talk to each other with no human in the loop. All of it spread across fragmented infrastructure and a patchwork of regional regulation.The same research found enterprise data flowing into AI tools jumped 93% in a single year, to more than 18,000 terabytes. You can’t govern what you can’t see, and legacy firewalls and VPNs were never built to see any of it. Why zero trust is the foundation, not a featureAs AI moves from chatbots to autonomous agents, security can no longer stop at “the right user reached the right app.” It has to govern every interaction: user to app, app to data, and increasingly agent to agent.That’s why zero trust is the architecture the agentic era runs on. Not a bolt-on. The control plane. Plenty of vendors can talk about AI security. Far fewer already operate a proven zero trust control plane and are extending it into the next phase, from users and apps to data, devices, AI agents, and AI-to-AI interaction. That’s the difference between announcing the category and being aligned to where it’s going.It’s also why our direction at Zenith Live 2026 centered on securing agentic AI, deepening visibility into AI-driven activity, and bringing more partners into Project AI-Guardian. Secure AI won’t be won through isolated controls or point products. It takes an architectural approach that spans platform, policy, and ecosystem. This was never only an AI story. It’s one control plane, everywhere.What makes the AI case credible is that it’s the latest step in an architecture we’ve been extending for years: zero trust for users, then for cloud, then for the branch, and now for the connected things customers can’t put an agent on. With Zscaler Cellular, zero trust reaches IoT and OT devices over a SIM or eSIM, with no agent and no VPN, isolating each device on its own private segment and routing it through the same Zero Trust Exchange that governs everything else. The branch follows the same logic. No SD-WAN, no firewall stack: a site that comes up as simply as a coffee shop, across any network, whether broadband, cellular or satellite.So the agent querying a database, the analyst on a laptop, the forklift on the factory floor and the kiosk in a remote store all sit behind one policy model. That’s the consolidation customers actually feel: fewer boxes, fewer VPNs, one place to enforce intent. And it’s a platform that scales into AI rather than bolting AI onto a perimeter that was already failing. Where this lands for partners, across every route to marketThis reshapes the conversation for the whole ecosystem, not one tier of it. The deepest upside sits with our GSI and advisory partners, because the customer need is no longer “acquire a tool.” It’s “build the architecture, governance, and operating model that lets us adopt AI with confidence.” Those are transformation and lifecycle engagements, not point sales, and they create multiple high-value entry points:Strategy and readiness. Assess the AI footprint and security posture, including the shadow AI customers don’t yet know they have.Implementation and modernisation. Re-architect for agentic AI by design, integrate controls, secure data, design policy that enables a safe yes instead of a blanket no.Managed services and operations. Run and harden that foundation over time as AI sprawl keeps expanding.The repeatable offers almost build themselves: AI security assessments, zero trust workshops, data protection reviews, implementation services, ongoing managed support.None of this sidelines the broader channel. It activates it. Branch modernisation, Zscaler Cellular, and IoT/OT connectivity are fast, repeatable, high-velocity motions: natural ground for our reselling, distribution, telco, and managed-service partners. Replacing SD-WAN and firewalls, switching on zero trust at the SIM, securing connected fleets and retail estates. These convert as transactional wins today and open the door to the bigger architecture conversation tomorrow. Every route to market has a play; they simply enter the customer at different points.And there’s a commercial reality underneath all of it. AI will drive demand for technology, but it will drive even more demand for the guidance, integration, and operational support that let customers use that technology safely. For the channel, that’s the larger prize: not just enabling AI, but building and sustaining the secure foundation that lets AI initiatives scale.This is where the APJ ecosystem is uniquely positioned. Our partners bring something no platform can supply on its own: local context. You know the compliance realities, the buying patterns, and the operational constraints in each market, and you can translate platform innovation into outcomes that actually work on the ground. As we continue to define the architecture for secure and agentic AI, that local execution layer is what turns it into customer value. It makes the partner role more strategic in the AI era, not less. The bottom lineThe market won’t reward speed alone, and it won’t reward caution alone either. It will reward the partners who resolve the paradox for their customers: architecting no implicit trust into the system so that the business can finally extend real trust to AI.In a market crowded with AI claims, leadership will belong to the companies that can define the security architecture for what comes next, and to the partners who can put that architecture into practice.If you’re ready to help customers build that foundation, Zenith Live APJ is where we’ll continue the conversation. I’d like to hear how your team is approaching the secure-AI opportunity. Data points cited from the Zscaler ThreatLabz 2026 AI Security Report (published 27 Jan 2026), based on analysis of ~989 billion AI/ML transactions across ~9,000 organisations in 2025.
[#item_full_content] Here’s the paradox every board in APJ is running into: the only way to earn enough confidence to deploy AI at speed is to architect for zero trust. Trust nothing, verify everything – continuously.Right now, that’s backwards. Enterprises are racing to operationalise AI. Copilots in the contact centre, coding agents in engineering, autonomous workflows in the back office. And the pressure from Sydney to Singapore to Tokyo to Mumbai is the same: move faster.Here’s the part that doesn’t make the boardroom slide: most of these systems are being deployed faster than anyone can secure them.How fast does that gap open? When Zscaler’s ThreatLabz red team tested enterprise AI systems under real adversarial conditions, they found critical flaws in 100% of them. The median time to first critical failure was just 16 minutes (ThreatLabz 2026 AI Security Report).That’s the distance between “we deployed AI” and “we deployed AI we can trust.” And in APJ, that distance is widening faster than almost anywhere on earth. Indian enterprises alone generated more than 82 billion AI/ML transactions in the second half of 2025, second only to the US globally, growing over 300% year on year. The hard part isn’t adopting AI. It’s operationalising it safely.Testing a copilot is easy. The actual job is governing thousands of AI touchpoints: embedded SaaS features, shadow tools running on personal accounts, RAG pipelines, MCP servers, and agents that talk to each other with no human in the loop. All of it spread across fragmented infrastructure and a patchwork of regional regulation.The same research found enterprise data flowing into AI tools jumped 93% in a single year, to more than 18,000 terabytes. You can’t govern what you can’t see, and legacy firewalls and VPNs were never built to see any of it. Why zero trust is the foundation, not a featureAs AI moves from chatbots to autonomous agents, security can no longer stop at “the right user reached the right app.” It has to govern every interaction: user to app, app to data, and increasingly agent to agent.That’s why zero trust is the architecture the agentic era runs on. Not a bolt-on. The control plane. Plenty of vendors can talk about AI security. Far fewer already operate a proven zero trust control plane and are extending it into the next phase, from users and apps to data, devices, AI agents, and AI-to-AI interaction. That’s the difference between announcing the category and being aligned to where it’s going.It’s also why our direction at Zenith Live 2026 centered on securing agentic AI, deepening visibility into AI-driven activity, and bringing more partners into Project AI-Guardian. Secure AI won’t be won through isolated controls or point products. It takes an architectural approach that spans platform, policy, and ecosystem. This was never only an AI story. It’s one control plane, everywhere.What makes the AI case credible is that it’s the latest step in an architecture we’ve been extending for years: zero trust for users, then for cloud, then for the branch, and now for the connected things customers can’t put an agent on. With Zscaler Cellular, zero trust reaches IoT and OT devices over a SIM or eSIM, with no agent and no VPN, isolating each device on its own private segment and routing it through the same Zero Trust Exchange that governs everything else. The branch follows the same logic. No SD-WAN, no firewall stack: a site that comes up as simply as a coffee shop, across any network, whether broadband, cellular or satellite.So the agent querying a database, the analyst on a laptop, the forklift on the factory floor and the kiosk in a remote store all sit behind one policy model. That’s the consolidation customers actually feel: fewer boxes, fewer VPNs, one place to enforce intent. And it’s a platform that scales into AI rather than bolting AI onto a perimeter that was already failing. Where this lands for partners, across every route to marketThis reshapes the conversation for the whole ecosystem, not one tier of it. The deepest upside sits with our GSI and advisory partners, because the customer need is no longer “acquire a tool.” It’s “build the architecture, governance, and operating model that lets us adopt AI with confidence.” Those are transformation and lifecycle engagements, not point sales, and they create multiple high-value entry points:Strategy and readiness. Assess the AI footprint and security posture, including the shadow AI customers don’t yet know they have.Implementation and modernisation. Re-architect for agentic AI by design, integrate controls, secure data, design policy that enables a safe yes instead of a blanket no.Managed services and operations. Run and harden that foundation over time as AI sprawl keeps expanding.The repeatable offers almost build themselves: AI security assessments, zero trust workshops, data protection reviews, implementation services, ongoing managed support.None of this sidelines the broader channel. It activates it. Branch modernisation, Zscaler Cellular, and IoT/OT connectivity are fast, repeatable, high-velocity motions: natural ground for our reselling, distribution, telco, and managed-service partners. Replacing SD-WAN and firewalls, switching on zero trust at the SIM, securing connected fleets and retail estates. These convert as transactional wins today and open the door to the bigger architecture conversation tomorrow. Every route to market has a play; they simply enter the customer at different points.And there’s a commercial reality underneath all of it. AI will drive demand for technology, but it will drive even more demand for the guidance, integration, and operational support that let customers use that technology safely. For the channel, that’s the larger prize: not just enabling AI, but building and sustaining the secure foundation that lets AI initiatives scale.This is where the APJ ecosystem is uniquely positioned. Our partners bring something no platform can supply on its own: local context. You know the compliance realities, the buying patterns, and the operational constraints in each market, and you can translate platform innovation into outcomes that actually work on the ground. As we continue to define the architecture for secure and agentic AI, that local execution layer is what turns it into customer value. It makes the partner role more strategic in the AI era, not less. The bottom lineThe market won’t reward speed alone, and it won’t reward caution alone either. It will reward the partners who resolve the paradox for their customers: architecting no implicit trust into the system so that the business can finally extend real trust to AI.In a market crowded with AI claims, leadership will belong to the companies that can define the security architecture for what comes next, and to the partners who can put that architecture into practice.If you’re ready to help customers build that foundation, Zenith Live APJ is where we’ll continue the conversation. I’d like to hear how your team is approaching the secure-AI opportunity. Data points cited from the Zscaler ThreatLabz 2026 AI Security Report (published 27 Jan 2026), based on analysis of ~989 billion AI/ML transactions across ~9,000 organisations in 2025.
