ZS

Zscaler, Inc.

Technology · Cybersecurity / EDP Services
4
/5
High
BOTTOM LINE

Zscaler faces high AGI risk — it sells to IT security teams that could be automated away and protects workloads that could be eliminated, though the AI-intensified threat landscape and need for AI agent security provide meaningful but uncertain counterweights.

BUSINESS OVERVIEW

Zscaler is a leading cloud-native cybersecurity company that provides a zero-trust security platform delivered entirely as a cloud service. The company's Zero Trust Exchange platform sits between users/devices and applications/internet, inspecting all traffic to enforce security policies without the need for traditional network firewalls or VPN appliances. Zscaler enables secure digital transformation by allowing enterprises to move applications to the cloud while securing access for distributed workforces, replacing legacy castle-and-moat network security architectures.

REVENUE SOURCES
Zscaler Internet Access (ZIA) - secure web gateway, cloud firewall, URL filtering, cloud sandboxingZscaler Private Access (ZPA) - zero trust network access replacing VPNsZscaler Digital Experience (ZDX) - digital experience monitoringZscaler for Workloads - cloud workload security, segmentationZscaler Data Protection (DLP, CASB, SSPM)Zscaler Deception - deception-based threat detectionZscaler Risk360 - risk quantification and reportingZscaler Business AnalyticsZscaler Branch Connector (SD-WAN integration)AI-powered threat detection and response
PRIMARY CUSTOMERS

Zscaler serves large enterprises and government organizations globally, particularly those undergoing cloud migration and digital transformation. The company focuses on organizations with 5,000+ employees. Key verticals include financial services, healthcare, manufacturing, technology, government, retail, and education. Customers include many Fortune 500 and Global 2000 companies seeking to replace legacy network security with zero-trust architecture.

AGI EXPOSURE ANALYSIS

Zscaler provides cloud-based cybersecurity — Zero Trust network access, secure web gateways, cloud access security brokers, and data loss prevention. AGI could potentially automate the entire cybersecurity function: detecting threats, responding to incidents, configuring policies, and managing security posture without a dedicated security product. More fundamentally, if AGI can write perfectly secure code from the start, the attack surface shrinks and security becomes less necessary. Zscaler's customers are enterprise IT and security teams — knowledge workers who configure, monitor, and manage security tools. These are IT departments serving other IT workers. If AGI automates IT and security operations, the human security teams that buy and manage Zscaler shrink. Furthermore, if AGI eliminates many of the SaaS applications and cloud workloads that Zscaler protects, there is less to secure.

RISK FACTORS
  • Sells security tools to IT/security teams — knowledge workers managing technology infrastructure
  • If AGI automates security operations, dedicated security products become less necessary
  • AGI could make software inherently more secure, reducing the attack surface Zscaler protects
  • If AGI eliminates many enterprise SaaS applications, there are fewer cloud workloads to secure
  • Per-user/per-seat pricing model collapses as enterprise headcount shrinks
  • AGI could provide integrated security as part of infrastructure (cloud providers bundling AI security)
  • IT departments (Zscaler's buyers) face direct AGI displacement
RESILIENCE FACTORS
  • AGI also empowers attackers — AI-powered threats could make security MORE critical
  • Zero Trust architecture becomes more important as AI agents access systems autonomously
  • The threat landscape likely intensifies with AGI, driving demand for security
  • Regulatory compliance requirements mandate security controls regardless of AGI
  • Zscaler's cloud-native architecture and massive data exhaust position it for AI-powered security
  • Even AI-managed systems need security — the 'things to protect' shift from users to AI agents
  • Network security is infrastructure-level, not knowledge-worker-level