By 2025, Zero Trust has evolved from a conceptual framework into an essential pillar of modern security. No longer merely theoretical, it's now a requirement that organizations must adopt. A robust, defensible architecture built on Zero Trust principles does more than satisfy baseline regulatory mandates. It underpins cyber resilience, secures third-party partnerships, and ensures uninterrupted business operations. In turn, more than 80% of organizations plan to implement Zero Trust strategies by 2026, according to a recent Zscaler report.
In the context of Zero Trust, artificial intelligence (AI) can assist greatly as a tool for implementing automation around adaptive trust and continuous risk evaluation. In a Zero Trust architecture, access decisions must adapt continuously to changing factors such as device posture, user behavior, location, workload sensitivity, and more. This constant evaluation generates massive volumes of data, far beyond what human teams can process alone.
AI is key to managing that scale, playing a critical role across all five of CISA's Zero Trust pillars—identity, devices, networks, applications, and data. By filtering signal from noise, AI can help detect intrusions, identify malware, and apply behavioral analytics to flag anomalies that would be nearly impossible to catch manually. For example, if a user suddenly downloads sensitive files at 2 a.m. from an unusual location, AI models trained on behavioral baselines can flag the event, assess the risk, and trigger actions like reauthentication or session termination. This enables adaptive trust: access that adjusts in real time based on risk, supported by automation so the system can respond immediately without waiting on human intervention.
Predictive vs. Generative AI: Different Tools, Different Purposes
There are two primary categories of AI relevant to Zero Trust: predictive models and generative models. Predictive AI, including machine learning and deep learning, is trained on historical data to identify patterns, behaviors, and early indicators of compromise. These models power detection and prevention systems—such as EDRs, intrusion detection platforms, and behavioral analytics engines—that help catch threats early in the attack chain. When it comes to Zero Trust, predictive AI supports the control plane by feeding real-time signals into dynamic policy enforcement. It enables continuous evaluation of access requests by scoring context: is the device compliant? Is the login location unusual? Is the behavior consistent with baseline activity?
Generative AI, such as large language models like ChatGPT and Gemini, serves a different purpose. These systems are not predictive and don't enforce controls. Instead, they support human operators by summarizing information, generating queries, accelerating scripting, and providing faster access to relevant context. In high-tempo security environments, this functionality helps reduce friction and allows analysts to triage and investigate more efficiently.
Agentic AI takes large language models beyond support roles into active participants in security workflows. By wrapping an LLM in a lightweight "agent" that can call APIs, execute scripts, and adapt its behavior based on real-time feedback, you gain a self-driving automation layer that orchestrates complex Zero Trust tasks end to end. For example, an agentic AI could automatically gather identity context, adjust network micro-segmentation policies, spin up temporary access workflows, and then revoke privileges once a risk threshold is cleared, all without manual intervention. This evolution not only accelerates response times, but also ensures consistency and scalability, letting your team focus on strategic threat hunting while routine enforcement and remediation happen reliably in the background.
These approaches all have a place in a Zero Trust model. Predictive AI enhances automated enforcement by driving real-time risk scoring. Generative AI enables defenders to move faster and make better-informed decisions, especially in time-sensitive or high-volume scenarios. Agentic AI brings orchestration and end-to-end automation into the mix, letting you automatically adjust policies, remediate risks, and revoke privileges without manual intervention. The strength of a Zero Trust architecture lies in applying it where it fits best.
Human-Machine Teaming: Working in Tandem
Despite their growing roles, AI models alone can't serve as the sole "brain" of a Zero Trust architecture. Predictive AI, generative AI, and agentic AI each act more like specialized co-pilot analysts—surfacing patterns, summarizing context, or orchestrating workflows based on real-time signals. True Zero Trust still relies on human-defined policy logic, rigorous system-level design, and ongoing oversight to ensure that automated actions align with your security objectives.
That's especially important because AI is not immune to manipulation. The SANS Critical AI Security Guidelines outline risks, including model poisoning, inference tampering, and vector database manipulation—all of which can be used to subvert Zero Trust enforcement if the AI system is blindly trusted. This is why our SANS SEC530 Defensible Security Architecture & Engineering: Implementing Zero Trust for the Hybrid Enterprise course emphasizes the concept of human-machine teaming. AI automates data analysis and response recommendations, but humans must set boundaries and validate those outputs within the broader security architecture. Whether that means writing tighter enforcement rules or segmenting access to model outputs, the control stays with the operator.
This model of collaboration is increasingly being recognized as the most sustainable way forward. Machines can outpace humans when it comes to processing volume, but they may lack certain business context, creativity, and ethical reasoning that only humans bring. Practitioners – "all-around defenders", as I like to call them - remain essential not just for incident response, but for designing resilient enforcement strategies, interpreting ambiguous scenarios, and making the judgment calls that machines can't. The future of Zero Trust isn't AI replacing human. It's AI amplifying the human, surfacing actionable insight, accelerating investigation, and scaling enforcement decisions without removing human control.
Ready for More Insight?
For a deeper dive on AI's role in Zero Trust, SANS Certified Instructor Josh Johnson will be teaching SEC530 at our SANS DC Metro Fall 2025 live training event (Sept. 29-Oct. 4, 2025) in Rockville, MD. The event cultivates a dynamic learning environment that features industry-leading hands-on labs, simulations, and exercises, all geared towards practical application.
Register for SANS DC Metro Fall 2025 here.
Note: This article was written and contributed by Ismael Valenzuela, SANS Senior Instructor and Vice President of Threat Research and Intelligence at Arctic Wolf.
