Zero trust shifts to adaptive AI

Zero trust is being recast in 2026 from a mostly static access model into a control system built for changing risk, autonomous software and faster internal attack paths. Microsoft said on March 19 that its “Zero Trust for AI” guidance extends zero-trust principles across data ingestion, model training, deployment and agent behavior. Broadcom, through a VMware Application Networking and Security session led by Global Field CTO Chris McCain, has been making a related case: internal networks remain a critical failure point, and stopping lateral movement requires AI-driven, distributed security and remediation. That shift does not replace the core zero-trust ideas. It changes where they are enforced and how often they are re-evaluated. The newer framing from vendors, open frameworks and research projects is that identity, workload state, policy drift and agent behavior all need to be checked continuously and adjusted as conditions change. ### Why are security teams saying continuous verification is no longer enough? (microsoft.com) Microsoft said AI systems create new trust boundaries “between users and agents, models and data, and humans and automated decision-making.” Its March guidance says the problem is no longer just verifying a login or device once, but continuously evaluating the identity and behavior of agents, workloads and users across the AI lifecycle. (microsoft.com) The Cloud Security Alliance’s Agentic Trust Framework, published on February 2, described the same break more bluntly. Traditional controls assume human users, deterministic systems and binary access decisions, it said, while AI agents have context-dependent access needs and require continuous verification as they act. ### Where does adaptive AI enter the zero-trust model? (microsoft.com) Broadcom’s BrightTALK session says the transition is from “static, manual rules” to advanced rule analysis that detects and corrects policy drift while maintaining continuous compliance in real time. In that model, AI is not presented as a replacement for policy. It is used to analyze changes, spot drift and trigger remediation faster than manual review. Microsoft’s guidance uses similar language. (cloudsecurityalliance.org) Its Zero Trust for AI model keeps the familiar pillars of explicit verification, least privilege and assume breach, but applies them to prompts, plugins, models, data sources and agent behavior. That is a move from a one-time gate to a system that re-scores risk as software components interact. ### Why is lateral movement back at the center of the discussion? (brighttalk.com) Chris McCain’s session description says the U.S. Defense Department’s zero-trust strategy identifies the internal network as a critical failure point. The session focuses on mitigating attacker lateral movement through distributed security, workload-level enforcement and automated remediation rather than relying on perimeter controls or traffic hair-pinning. (microsoft.com) Red Hat’s February writing on autonomous agentic systems extends that logic into AI environments. It says agent-to-agent and agent-to-tool calls create hidden trust assumptions, especially when downstream services rely on shared tokens or broad API access. In zero-trust terms, Red Hat said, each hop needs explicit trust and authorization because otherwise a compromised orchestrator or overprivileged agent can become a lateral-movement path. (brighttalk.com) ### What does this mean for zero trust as an architecture discipline? The common thread is that zero trust is being described less as a product label and more as a design pattern with policy decision points, policy enforcement points and dynamic trust assessment. Microsoft’s updated workshop adds an AI pillar and says its assessment now spans 700 controls across 116 logical groups and 33 functional swim lanes. iTrust6G, a European 6G security project, similarly describes zero-trust architecture with AI-assisted threat handling, asset compliance, explainable security policies and observability. (next.redhat.com) The next milestone is practical implementation. Microsoft has already published its AI-specific workshop and reference architecture, while Broadcom’s session materials point users to VMware Cloud Foundation and vDefend demonstrations centered on lateral-movement prevention and automated policy correction. (microsoft.com)