Shay Boloor Maps Multi-Vendor Zero-Trust Stack for Enterprise Agentic AI

The agentic AI security stack is a vendor-neutral framework that applies zero-trust access controls, edge protections, immutable backups and observability tools to mitigate risks from autonomous agents interacting with enterprise systems at machine speed.

What security risks emerge from the rise of autonomous AI agents?

The proliferation of agentic AI within enterprises introduces a range of security vulnerabilities that demand immediate attention from decision makers. Autonomous agents can perform actions such as querying databases, modifying records and communicating with external services without direct intervention. At machine speed these operations can lead to rapid escalation of issues if an agent is compromised or behaves unexpectedly. Non-human identities further complicate identity management as standard protocols designed for human users do not scale to handle the volume and velocity of agent activities. Business leaders must consider the potential financial and reputational damages from data leaks or system disruptions caused by unsecured agents. The need for new approaches is underscored by the widespread adoption of such technologies across industries where legacy perimeter defenses prove insufficient against dynamic agent behaviors.

Furthermore the integration of AI agents into existing infrastructure exposes gaps in observability and control. Without proper monitoring it becomes difficult to detect anomalous behavior in real time. This lack of visibility can allow threats to persist undetected for extended periods. Enterprises also face challenges related to compliance with data protection regulations when agents access personal or proprietary information. The multi-vendor strategy addresses these by combining specialized tools that provide comprehensive coverage from access control to recovery mechanisms. Decision makers are advised to evaluate their current setups against these emerging threats to avoid costly retrofits later.

How does Shay Boloor's multi-vendor security architecture function in practice?

Shay Boloor presented a detailed blueprint for an agentic AI security stack on June 13, 2026 via an X post that enumerated specific roles for various cybersecurity vendors. The approach emphasizes zero-trust principles applied across different layers of the AI operational environment. This includes controlling how agents access applications securing their internet-facing communications protecting data with immutable backups inspecting inter-agent traffic managing identities and ensuring overall visibility. By leveraging established players in the security space the architecture avoids reliance on a single provider and allows enterprises to select components based on their existing ecosystems. This vendor-neutral stance is particularly valuable for organizations with diverse technology stacks that already maintain relationships with multiple suppliers.

The stack begins with access controls that treat every agent request as potentially untrusted. It extends to edge protections for external interactions and includes mechanisms for rapid recovery in case of incidents. Identity governance extends to both human and non-human entities ensuring that permissions are appropriately scoped. Telemetry from endpoints and cloud environments feeds into centralized observability platforms. Prevention-focused tools work alongside detection systems to stop threats before they materialize. This layered model aims to provide defense in depth against the unique characteristics of AI-driven operations.

1. Zscaler for zero-trust access layer for agent-to-app activity
2. Cloudflare for edge security and AI Gateway for internet-facing agent calls
3. Rubrik for immutable backup and cyber recovery for the AI data layer
4. Fortinet for firewall inspection for machine-to-machine AI traffic at scale
5. Okta for identity governance for humans agents and non-human identities
6. CrowdStrike for endpoint identity and cloud telemetry for autonomous workflows
7. Check Point for prevention-first security against autonomous and AI-generated threats
8. Palo Alto Networks for full-stack AI enterprise security across cloud SOC and privileged access
9. Datadog for observability and security visibility for agent behavior across distributed systems

Vendor Roles in the Agentic AI Security Stack

Vendor	Role in Stack	Specific Capability
Zscaler	Zero Trust Access	Zscaler AI Broker for MCP and A2A communications and Endpoint AI Security
Cloudflare	Edge Security	AI Gateway for internet-facing agent calls
Rubrik	Data Protection	Immutable backup and cyber recovery
Fortinet	Network Security	Firewall inspection for machine-to-machine traffic
Okta	Identity Management	Governance for non-human identities
CrowdStrike	Endpoint Protection	Telemetry for AI-driven attacks
Palo Alto Networks	Full Stack Security	Protections across cloud and SOC

On June 9 2026 Zscaler announced extensions to its Zero Trust Exchange platform specifically for AI agents. These include the Zscaler AI Broker designed to handle communications between agents and systems. The company positions these updates as delivering the industry first complete zero trust platform for agentic AI. This announcement aligns closely with the components highlighted in the security stack proposal and provides concrete product innovations that enterprises can evaluate for immediate deployment.

What technical specifics define the zero-trust controls for AI agents?

Zero-trust in this context requires continuous verification of every access attempt by an agent regardless of its previous interactions or location within the network. For agent-to-app activity this means enforcing strict policies on data access and action permissions. The AI Gateway from Cloudflare for example can filter and secure calls made to external services preventing unauthorized data exfiltration. Firewall solutions inspect the high-volume machine-to-machine traffic to identify and block suspicious patterns. Immutable backups ensure that even if an agent is involved in a ransomware incident or data corruption recovery can occur without reliance on potentially compromised copies. These technical measures collectively reduce the attack surface available to adversaries targeting AI systems and support scalable deployment across hybrid environments.

Identity governance solutions play a critical role by assigning unique identities to each agent and enforcing least-privilege access. This prevents agents from gaining broader permissions than necessary for their tasks. Observability tools collect detailed logs of agent behavior enabling security teams to audit actions and detect deviations from expected patterns. The combination of these elements creates a robust framework that can scale with the growing number of agents deployed in enterprise environments. Technical teams should prioritize integration testing to ensure seamless operation across the selected vendors.

What are the market and stakeholder implications of adopting this architecture?

For chief information security officers the multi-vendor approach offers flexibility but also requires careful coordination to avoid integration complexities. Organizations may need to invest in additional resources for managing multiple platforms though the potential reduction in breach risks could justify the expenditure over time. Stakeholders in the AI implementation space will benefit from the emphasis on data sovereignty and controlled access which aligns with regulatory requirements in various jurisdictions. The architecture also highlights the importance of observability in maintaining operational integrity as AI usage expands. Market analysts may view this as a signal of maturing security practices in the agentic AI domain where enterprises seek practical roadmaps rather than abstract frameworks.

Vendors listed in the stack stand to gain from increased demand for their specialized solutions. This could lead to accelerated product development and partnerships among the companies involved. Enterprise customers gain a blueprint that can be adapted to their specific needs potentially shortening the time to secure their AI deployments. However smaller organizations might face challenges in implementing the full stack due to resource constraints. Overall the proposal underscores a shift toward proactive security strategies that anticipate the scale of future AI operations and quantify the business stakes involved in securing non-human actors.

How have experts reacted to the outlined security measures?

Industry leaders have noted the urgency of adapting security frameworks to accommodate agentic AI. The statement from Jay Chaudhry emphasizes the inadequacy of traditional methods in the face of autonomous systems. This perspective resonates with the need for innovative solutions that can keep pace with technological advancements. Security professionals are likely to appreciate the practical listing of tools that can be deployed immediately rather than theoretical models. The focus on prevention and recovery mechanisms addresses both immediate threats and long-term resilience requirements for organizations scaling their AI initiatives.

Traditional security was never designed for millions of autonomous agents that act and reach sensitive data at machine speed.Jay Chaudhry, Chairman and CEO of Zscaler

What developments are expected in enterprise AI security going forward?

Looking ahead enterprises should anticipate further refinements in zero-trust technologies tailored to AI. Vendors are expected to release additional features that enhance agent-specific protections such as advanced behavioral analytics. Collaboration between security providers may lead to more integrated solutions that reduce the burden on IT teams. Regulatory bodies could introduce guidelines that mandate certain controls for agentic systems influencing adoption rates. Organizations that begin implementing these architectures now will be better positioned to navigate the evolving landscape and maintain competitive advantage through secure AI operations.

The emphasis on immutable backups and observability suggests a growing recognition of the need for robust incident response capabilities in AI contexts. As the number of agents increases the volume of data generated by their activities will require sophisticated analysis tools. This could drive innovation in AI-powered security operations centers. Decision makers are encouraged to monitor vendor roadmaps and participate in industry forums to stay informed about best practices. The architecture proposed provides a solid foundation upon which future enhancements can be built to address emerging threats at machine speed.