AI expands enterprise attack surface

Companies are rushing to put artificial intelligence into daily work, and security teams are racing to inspect those prompts and responses before they leak data or trigger unintended actions. (nist.gov) A prompt injection attack works by hiding instructions inside user input, documents, or web pages so a model follows the attacker’s rules instead of the company’s rules. The Open Worldwide Application Security Project lists prompt injection as the top large language model risk in its 2025 guidance. (genai.owasp.org) That has pushed vendors toward “inline” security, which means checking prompts and model outputs in real time, like an email filter scanning messages before they leave the building. Zscaler says its AI Guard product blocks prompt injection, jailbreaks, malicious links, invisible text, and sensitive data loss during those live exchanges. (zscaler.com) Zscaler has been building that pitch into a broader enterprise platform as customers move from chatbot pilots to agents that can read data, call tools, and take actions. On January 27, 2026, the company announced new AI security products for asset discovery, governance, and a Model Context Protocol gateway for securing automation and agentic artificial intelligence. (zscaler.com) The company’s own financial results show why investors are paying attention. Zscaler reported first-quarter fiscal 2026 revenue of $788.1 million, up 26% year over year, and annual recurring revenue of $3.204 billion, also up 26%, when it reported results on November 25, 2025. (zscaler.com) Chief Executive Officer Jay Chaudhry said in that release that customers were showing “strong demand” for Zscaler’s Zero Trust and AI Security platform. He also said Zero Trust is “the linchpin” for AI security because the same controls used to verify users and devices can be extended to model traffic and automated agents. (zscaler.com) Zscaler has also spent heavily to fill gaps around artificial intelligence defense. It completed its Red Canary acquisition on August 1, 2025, and said on November 3, 2025 that it had acquired SPLX to add AI asset discovery, automated red teaming, and governance to its platform. (zscaler.com, markets.financialcontent.com) The urgency is coming from usage patterns as much as from vendor marketing. Zscaler’s ThreatLabz report, released January 27, 2026, said it analyzed 989.3 billion artificial intelligence and machine learning transactions in 2025, found a 91% year-over-year surge in AI activity, and said most enterprise AI systems it tested could be compromised in 16 minutes. (zscaler.com, finance.yahoo.com) Vendors are not the only ones shaping this market. The National Institute of Standards and Technology published its Generative Artificial Intelligence Profile on July 26, 2024, giving companies a framework for testing, evaluation, verification, and validation as they deploy these systems. (nist.gov, airc.nist.gov) The near-term fight is over where those controls sit. Companies want guardrails close enough to the model to catch bad prompts in milliseconds, but broad enough to cover employees using public tools, developers building internal apps, and software agents moving across cloud services. Zscaler is betting that a network-level, inline position gives it that reach. (zscaler.com, zscaler.com)