Zscaler’s Dhawal Sharma says AI security needs intent-based governance

At Zenith Live in Las Vegas, Zscaler EVP Dhawal Sharma told the CAIO Connect Podcast that autonomous AI agents are forcing enterprises to replace signature-based security with intent-based governance. He said shadow AI, model access, and shrinking vulnerability windows are making Zero Trust, tighter guardrails, and faster patching more urgent. Why it matters: - Autonomous AI agents can operate without direct human control, expanding enterprise risk beyond traditional identity and permission models. - Security teams now need to govern not just users, but the intent, access, and behavior of AI systems across corporate data and infrastructure. - AI is also changing the economics of security, from faster vulnerability discovery to higher model and token costs. What happened: - Zscaler Executive Vice President of Product Strategy Dhawal Sharma discussed AI security on the CAIO Connect Podcast with host Sanjay Puri at Zenith Live in Las Vegas. - Sharma said enterprises need to move from pattern-based security to intent-based governance for autonomous systems. - Sharma said the shift is being driven by the rapid rise of agentic AI and new AI-driven attack surfaces. The details: - Sharma said traditional policies built on defined patterns and signatures are no longer enough for AI agents. - Sharma said organizations need to understand why an agent was created and whether the agent is doing the task it was designed to do. - Sharma said chief AI officers and CISOs need new identity, access, and monitoring controls for AI agents that can act independently of human users. - Sharma said enterprises should set clear guardrails around agent permissions, responsibilities, and access to corporate data. - Sharma said cost governance is becoming more important as AI deployments scale. - Sharma warned that token usage can exhaust budgets far faster than many teams expect. - Sharma said companies should match model size and complexity to specific business problems instead of defaulting to large frontier models. - Sharma said unauthorized AI tools and applications are creating a shadow AI problem across enterprises. - Sharma said security leaders need visibility into AI assets and into everything those AI systems connect to. - Sharma said AI systems can spread across SaaS platforms, cloud services, endpoints, and developer workflows, making inventory management critical. - Sharma pointed to AI-specific gateways, cloud traffic controls, and stronger governance over Model Context Protocol connections as safeguards. - Sharma said Zscaler is working with frontier AI developers including Anthropic and OpenAI through cybersecurity evaluation programs. - Sharma said advanced AI models can identify thousands of software vulnerabilities and shorten security assessment times. - Sharma said AI can also help attackers by compressing the time between vulnerability discovery and exploitation. - Sharma said modern AI systems can chain multiple weaknesses into attack paths in seconds. - Sharma said enterprises should shorten patching cycles and use Zero Trust architectures to hide vulnerable infrastructure from attackers. - Sharma said the relationship between chief AI officers and CISOs is becoming more connected as companies balance innovation, security, and compliance. - Sharma said the European Union’s AI Act and NIST AI guidance are pushing enterprises toward more formal governance structures. - Sharma said modern CISOs are becoming enablers of secure AI adoption rather than blockers. - Sharma said the goal is not to block AI, but to enable AI securely. Between the lines: - The message reflects a broader shift in enterprise security from perimeter defense to governance of machine actions and machine-to-machine access. - The comments also suggest AI adoption is outpacing many companies’ visibility into where AI tools are deployed and what they can reach. - Zscaler is positioning Zero Trust and governance as core controls for both defense and AI adoption. What’s next: - Enterprises are likely to expand AI governance frameworks that cover agents, models, data access, and third-party connections. - Security teams will need faster patching, tighter monitoring, and more disciplined model selection as AI tools become embedded in operations. - Zscaler and other cybersecurity firms are likely to keep testing AI systems and shaping standards for secure deployment. The bottom line: - AI security is moving from controlling people to controlling intent, and enterprises that cannot see or govern agentic AI will face growing risk.