Signals from the January circuit

January’s conference circuit — from the consumer gadget theater of CES to the retail-focused NRF and the policy stage at Davos — produced a single, unmistakable signal: AI is no longer an experimental add-on. It’s being woven into workflows, customer experiences and governance discussions. The conversation has moved from theory to rollout plans, pilot timelines and vendor checklists.

At CES, flashy demos of conversational agents and edge inference for devices gave a preview of how AI-enhanced tools will enter day-to-day operations. NRF showed retailers using personalized AI to reimagine supply chains and in-store experiences. Davos brought the governance angle to the fore: executives and policymakers debated regulatory guardrails, model accountability and the geopolitical implications of industrialized AI.

Taken together, these gatherings illuminate a new reality for the work community: enterprise AI adoption is accelerating on multiple fronts — product, operations and policy — and that acceleration creates a new surface of opportunity and risk for organizations and their security partners.

The new attack surface

AI reshapes risk in subtle and profound ways. Models become new repositories of value and liability. The inputs and outputs of AI systems — prompts, embeddings, APIs and model weights — are part of a broader attack surface. A few of the clearest new challenges:

• Data leakage and exposure: Sensitive corporate data can be unintentionally exposed through prompts, telemetry or third-party model services.
• Model-targeted attacks: Prompt injection, malicious fine-tuning and poisoning of training data can corrupt outcomes in ways that are difficult to detect.
• Supply-chain and API risk: Dependence on external models and cloud APIs introduces new trust and availability considerations.
• Operational blind spots: Traditional perimeters and network-centric controls are insufficient when models and microservices flow across cloud, SaaS and edge environments.
• Regulatory and reputational exposure: Misuse of personal data, biased outputs, and opaque decisioning can invite both regulatory scrutiny and brand damage.

This is not a call to slow innovation; it’s a call to adapt security models so they enable controlled, auditable and resilient AI deployments.

How security vendors are repositioning

Security vendors are responding on multiple fronts. Several themes stand out as the industry pivots from legacy defenses to AI-aware protection strategies:

• Zero Trust extended to models and APIs: Identity and least-privilege controls now apply not just to users and devices but to services, model endpoints and service-to-service communication.
• Data-aware controls: Inline inspection and policy enforcement aim to prevent sensitive data from leaking into model prompts or downstream services without governance.
• Observability and auditability: Comprehensive telemetry — who accessed which model, what inputs were used, what outputs were generated — is becoming a compliance and forensics foundation.
• Policy-first governance: Declarative, versioned policy frameworks allow security and product teams to codify allowable AI behaviors and roll them out consistently.
• Cloud-native architectures: Security delivery is shifting toward cloud-native, service-based models that can protect distributed AI pipelines across multi-cloud environments.

These shifts are not incremental adjustments. They represent a reframing of security’s role: from gatekeeper to enabler — enabling teams to ship AI capabilities safely and at scale.

The Zscaler posture in context

Companies that provide network- and cloud-delivered security are translating these themes into capabilities that speak directly to the needs of enterprises adopting AI. For organizations running or integrating models, protection strategies now include:

• Inline data protection and DLP for AI inputs: Preventing sensitive or regulated data from being sent to third-party models or shared across ungoverned channels.
• API-aware controls: Applying authentication, authorization and rate controls specifically tuned for model endpoints and prompt-serving services.
• Model access governance: Treating models as governed resources with access controls, change tracking and testable policy gates.
• Threat detection tuned for AI abuse: Detecting anomalous query patterns, exfiltration attempts via model responses, and suspicious fine-tuning behaviors.
• Unified visibility: Correlating network, cloud and application telemetry so governance teams can trace a model decision back to its inputs and infrastructure.

What this amounts to is a philosophy: security must be integrated into the fabric of AI delivery, not bolted on after the fact. Vendors are refactoring platforms to inspect and govern the flows that matter in AI-driven architectures.

Practical playbook for enterprise leaders

For the Work community — CIOs, security leaders, product managers and engineers — the path forward includes several pragmatic steps that balance speed and safety:

1. Inventory what matters: Catalog models, datasets, endpoints, and third-party AI services. Know where sensitive data sits and how it could flow into an AI pipeline.
2. Classify and control: Apply data classification rules and enforce them through policy-driven controls. Treat model endpoints like any other critical service requiring least privilege.
3. Adopt AI-aware DLP: Extend data loss prevention capabilities into prompt channels and API calls to prevent accidental exposure.
4. Enforce observability: Log inputs, outputs, and model decisions in an auditable way that supports incident response and compliance demands.
5. Test models under adversarial conditions: Red-team prompts, simulate poisoning attempts and monitor for drift or unexpected behavior.
6. Bridge teams: Create governance rituals where product, security and legal teams review high-risk AI projects regularly.
7. Plan for third-party risk: Vet model vendors and cloud providers for controls, data residency and contractual protections.

These steps are not one-time tasks. They amount to a living program of governance that grows alongside an organization’s AI maturity.

Culture, training and change management

Technology controls are necessary but insufficient. The Work community must also attend to human factors: prompting patterns, escalation paths, and decision frameworks. Practical actions include:

• Training engineers and product teams on safe prompt design, data minimization and the limits of model outputs.
• Embedding security reviewers into AI-driven product cycles rather than relying on end-of-pipeline audits.
• Defining escalation and rollback procedures for when models produce risky or noncompliant outcomes.

Security that enables innovation is built as much from empowered teams as from technical controls.

Regulation and reputation — the twin constraints

Conversations at Davos reminded attendees that regulatory attention is coming — and with it, obligations that will alter procurement and deployment choices. Enterprises must prepare for:

• Data protection rules that treat model training and inference as points of potential exposure.
• Transparency obligations requiring explainability and audit trails for automated decisions that affect customers or employees.
• Vendor accountability standards that push organizations to demand stronger guarantees from model and cloud suppliers.

Organizations that bake governance, logging and control into AI programs will be better positioned to respond to both regulatory demands and reputational incidents.

What successful adoption looks like

The best outcomes will look less like a single secure product and more like a composable pattern: identity-anchored access, policy-driven data handling, observability across distributed systems, and continuous validation of models and their outputs. In practice, that means:

• Teams deploying AI features rapidly while maintaining auditable controls.
• Security functions that provide guardrails and guardrails-as-code so product teams can move quickly within known bounds.
• Executives confident in the organization’s ability to answer: who, what, where and why for any model-driven decision.

This composable pattern is what security vendors and enterprise teams are racing to create together.