Zscaler aims to secure the full AI lifecycle, from code to model to runtime, while setting the stage for the next era of Zero Trust.
Zscaler, a cloud security provider, has announced the acquisition of SPLX, an emerging AI security pioneer known for its work in AI asset discovery, automated red teaming, and AI governance. The deal, whose financial terms were not disclosed, extends Zscaler’s Zero Trust Exchange platform to secure enterprise AI from development through deployment, a move that could redefine how organizations approach AI protection in the years ahead.
Securing AI’s Expanding Frontier
With global AI infrastructure investments projected to cross $250 billion by the end of 2025, enterprises are rushing to integrate generative and predictive AI models into every facet of operations — from customer experience and analytics to product design. But as these models multiply across cloud, edge, and on-prem environments, so do the risks.
Shadow AI projects, insecure model APIs, and misconfigured Model Context Protocol (MCP) servers are rapidly becoming the new cyber blind spots. In this complex landscape, traditional security controls are proving insufficient.
Zscaler’s acquisition of SPLX is a strategic “shift-left” move, pushing AI protection closer to where models are built and trained rather than just where they are used. SPLX’s capabilities, including AI asset discovery, real-time red teaming, and prompt hardening, will now become natively embedded within Zscaler’s Zero Trust Exchange.
The integration will give enterprises deep visibility into:
- AI Asset Discovery: Mapping hidden AI models, data repositories, RAG workflows, and MCP servers across both public and private environments.
- Automated Red Teaming: Running 5,000+ simulated attacks specific to AI model architectures, prompting vulnerabilities and context injections.
- AI Runtime Guardrails: Enforcing guardrails that protect against data leaks or malicious queries exchanged between LLMs and applications.
- Governance and Compliance: Supporting proactive controls to meet emerging AI governance frameworks across industries.
How This Impacts Customers
For Zscaler’s global customer base — spanning 40% of the Fortune 500 — this acquisition is more than a product extension; it’s an evolution of the security paradigm.
CIOs and CISOs increasingly face a dual mandate: enabling AI innovation while ensuring compliance, safety, and data sovereignty. By embedding AI security within the Zero Trust Exchange, Zscaler allows enterprises to secure AI workloads just as they secure users and applications today — with unified visibility, policy enforcement, and data protection.
For developers and AI teams, it means fewer silos between security and model-building functions. AI assets can now be scanned, classified, and risk-rated as part of DevSecOps pipelines, automating what were once manual governance checks.
And for business leaders, this translates into faster AI adoption cycles with lower compliance risks, particularly as regulators worldwide start defining clear AI accountability frameworks.
In effect, the acquisition helps enterprises move from reactive AI defense to proactive AI assurance, securing intellectual property, datasets, and generative outputs, all without slowing down innovation.
Competition: The AI Security Race Heats Up
The deal also signals intensifying competition among cybersecurity heavyweights for control of the emerging AI security stack.
Rivals such as Palo Alto Networks, CrowdStrike, and Check Point have made early moves, each introducing “AI-native” threat protection or model inspection modules in 2025. However, most of these solutions focus on runtime monitoring or endpoint detection.
Zscaler’s advantage lies in its platform-native architecture: with traffic for over 400 billion transactions daily already flowing through its cloud, it can analyze, govern, and protect AI data at scale, without deploying additional agents. Integrating SPLX gives it a unique first-mover edge in full-lifecycle AI security, unifying network security, data protection, and AI governance in one cloud platform.
Analysts suggest the acquisition could push competitors to rethink their strategies. “Zscaler is essentially embedding AI security as a core part of Zero Trust — not a bolt-on,” one industry observer noted. “That’s a strategic differentiator as enterprises consolidate security tools.”
The Road Ahead: AI-First Zero Trust
As AI becomes deeply woven into enterprise infrastructure, AI security is evolving from a niche to a necessity. Over the next two years, the focus is likely to shift from securing generative AI prompts to safeguarding entire AI ecosystems — encompassing training data, model weights, inference APIs, and agentic workflows.
Zscaler’s integration of SPLX marks a broader transformation: the rise of AI-first Zero Trust architectures. By treating AI models and agents as first-class entities within the trust model, organizations can better monitor, isolate, and govern them like any other critical asset.
The next wave of enterprise AI transformation will not just be about using AI but securing it. Zscaler’s acquisition of SPLX positions it at the center of that shift, setting a high bar for how the industry approaches AI safety at scale.