360/68 Wednesday, September 24, 2025
Cyber threats have entered a new era driven by artificial intelligence (AI), pushing the Zero Trust security model – built on the principle of “never trust, always verify” – to face critical challenges. While Zero Trust remains a strong framework for preventing unauthorized access and minimizing damage through network segmentation, many security experts agree that the architecture must evolve to keep pace with increasingly sophisticated threats, especially those powered by AI such as deepfakes and highly convincing social engineering attacks.
AI-powered attacks allow hackers to escalate both the speed and quality of their operations at an alarming rate. Shawn Chakravarty, a security expert at UpWork, noted a significant surge in identity-based attacks. A striking example is the supply chain attack through AI-driven applications like Salesloft Drift and its integration with Salesforce, where even organizations employing Zero Trust measures still fell victim as attackers stole OAuth tokens to gain access. Experts warn that attacks are no longer primarily targeting networks, but rather identity and credential theft, a weakness AI is especially adept at exploiting.
Even so, experts emphasize that Zero Trust remains a critical foundation for defense, but it requires enhancement to remain effective. Rik Turner, an analyst at Omdia, highlighted that AI has made phishing and deepfake attacks much harder to detect, suggesting that future Zero Trust models may need additional verification layers. Meanwhile, Andy Piazza of Palo Alto Networks cautioned that organizations rushing to adopt AI may overlook data segmentation, inadvertently giving AI excessive access to sensitive information – turning it into a prime target for attackers. Leveraging AI to help enforce Zero Trust properly, while maintaining discipline in access control, is therefore essential in this rapidly evolving technological landscape.
