Zscaler has expanded its Zero Trust SASE offering with a new ZAgent Framework and several security products aimed at unmanaged devices, business partners, and multi-cloud workloads.
The update centres on a framework that uses software agents to manage parts of SASE administration through natural language prompts in the company's Experience Centre. The approach is intended to automate configuration, troubleshooting, and other operational tasks often handled through separate tools and consoles.
One of the first components is the Zscaler Digital Experience Agent, designed to help administrators identify the source of user experience problems. It can diagnose issues linked to Wi-Fi connections, internet service providers, or endpoint devices before they become larger support incidents.
Zscaler also expanded its browser-based access tools, introducing a Zero Trust Browser Extension and an Enterprise Browser built on Chromium. These are designed to provide access controls for unmanaged and bring-your-own devices without relying on virtual desktop infrastructure or traditional virtual private networks.
The browser products are intended to serve as a common access layer to the company's Zero Trust Exchange platform. They include localised data controls and browser detection and response features across device types.
For partner access, Zscaler introduced Zero Trust B2B Connectivity through what it calls a B2B exchange. The product is designed to let customers and external partners access applications in both directions without exposing wider networks or maintaining firewall rules typically associated with site-to-site VPNs and private network links.
Another addition is an endpoint sandbox for files introduced from offline sources such as removable storage devices. This extends the company's sandboxing approach beyond cloud inspection to include endpoint, application programming interface, and inline channels.
Cloud coverage
Zscaler also extended workload protection in public cloud environments. A new Zero Trust Gateway for Google Cloud Platform adds to existing support for Amazon Web Services, with the aim of applying the same policy controls to workload-to-workload and workload-to-internet traffic across multiple cloud providers.
The company is also adding microsegmentation for Kubernetes environments, including Google Kubernetes Engine. The feature is intended to limit lateral movement between virtual machines and containers without requiring code changes.
The announcement reflects a broader effort by security vendors to adapt SASE and zero trust products to more fragmented technology estates, where staff, suppliers, and workloads operate across multiple environments. Zscaler said its cloud processes more than 750 billion daily transactions, which it uses as a source of operational and threat data for its platform.
Jay Chaudhry, Founder, Chairman, and CEO of Zscaler, said the company sees older network security architectures as poorly suited to current enterprise needs.
"Legacy SASE was built in the post-pandemic rush, based on a firewall and VPN model for a network perimeter that no longer exists. In a world of AI with distributed users, partners, and cloud workloads, that model leaves enterprises exposed," Chaudhry said.
"Security in the AI era has to be dynamic. With this expansion of Zero Trust SASE, we are giving organizations one platform that secures every communication and simplifies operations through agentic AI, without the cost and complexity of legacy infrastructure," he said.
Adam Geller, Chief Product Officer of Zscaler, said the administration framework is meant to reduce the manual work security teams face when using multiple products.
"Security teams are spending too much time stitching together fragmented tools and reacting to misconfigurations they should never have to see," Geller said.
"By embedding our ZAgent Framework into Zscaler's platform, we are making SASE management largely autonomous, with root cause analysis, drift detection, and policy validation all happening via agents in the platform. Combined with browser-based access and PQC readiness, this gives organizations a foundation that can scale with their AI initiatives," he said.
Industry analysts have argued that zero trust and SASE suppliers need to address access for third parties and workloads, not only managed employee devices. That shift has become more pressing as companies move more applications into cloud infrastructure and seek alternatives to fixed network perimeters.
"The SASE market is undergoing a fundamental shift as organizations realize that legacy network security approaches cannot keep pace with the scale of the AI era," said John Grady, Principal Analyst at Omdia.
"Today's modern, AI-driven enterprise needs Zero Trust protections across everything from unmanaged devices and B2B partners to multi-cloud workloads. Zscaler's introduction of the ZAgent agentic AI framework goes beyond basic automation and redefines how enterprises can manage and scale security across all these areas within a single, unified architecture," he said.
Zebra Technologies was cited as a customer using the platform as it expands its artificial intelligence projects.
"As we accelerate our AI initiatives, data security and operational agility are our top priorities," said Brad Skibitzki, CISO of Zebra Technologies.
"Legacy VPN and firewall models have failed to provide the granular control and visibility required for a distributed workforce and multi-cloud environment. Zscaler's Zero Trust SASE platform gives us the confidence to innovate rapidly. By leveraging the ZAgent Framework and the new Zero Trust Browser, we can secure every connection, whether it involves employee BYOD devices or cloud workloads, all while dramatically simplifying our security management," he said.