Reports
AI-generated structured vendor updates
Zscaler's ZAgent Framework and Zero Trust Browser: Control Shifts from Network to AI Orchestration
At Zenith Live 2026, Zscaler launched the ZAgent Framework for natural-language agent orchestration, a Zero Trust browser extension and enterprise browser to replace VDI/VPN, and expanded workload security to GCP. This shifts SASE control from network appliances to AI-managed endpoints and browser-based access.
Cloudflare One Stack: AI Agent Skills to Automate SASE Migration, Targeting Zscaler Lock-in
Cloudflare launches the Cloudflare One Stack, a set of skill files for AI agents to automate Zero Trust deployment and migration, with built-in logic for migrating from Zscaler and Palo Alto Networks. It integrates with the MCP server for live API access, aiming to slash switching costs and accelerate defection from rival SASE platforms.
HPE Expands Self-Driving Networks: AI Control Plane Unifies Juniper & Aruba, Locks Management Stack
HPE integrates Juniper networking into its AI Data Center Solution, expanding self-driving networks across edge, campus, DC, and AI factories. New Mist support for CX switches, Marvis AIOps in Aruba Central, and QFX switches optimized for inferencing. Unified SASE platform aims to simplify operations via agentic AI automation, consolidating control under a single AI management plane.
Cisco Security Portfolio Moves to AWS Marketplace: Ecosystem Lock-in Accelerates, Multi-Cloud Neutrality Questioned
Cisco announces availability of its full SaaS security portfolio (Duo, Secure Access, Identity Intelligence, Hybrid Mesh Firewall) on AWS Marketplace, with deep integration with Amazon Bedrock and SageMaker for AI security and zero-trust agent management. This move simplifies procurement and accelerates deployment but deepens AWS dependency, potentially sacrificing multi-cloud flexibility.
Cloudflare Extends Security Stack to Private Origins via DNS Routing
Cloudflare launches Application Services for Private Origins, enabling Enterprise customers to route public traffic to private IPs via DNS records. WAF, bot management, rate limiting, caching, and Workers now protect private applications without public exposure or connector software. Built on existing private network connectivity (IPsec/GRE/CNI/Mesh), it extends to Spectrum and Workers VPC, unifying the control plane for private traffic.
Cloudflare as Customer Zero: Layered Defense Architecture Against Frontier AI Threats
Cloudflare reveals its production defense architecture against frontier AI models, using itself as customer zero. Combines WAF Attack Score, API Shield, Bot Management, Zero Trust, and MCP Server Portal. Core insight: architecture around the vulnerability matters more than patch speed, using ML scoring and positive security models to block attack variants before they hit, and contain lateral movement after a breach.
Cisco Unveils AI-Native Branch Architecture with AgenticOps and PQC
At Cisco Live 2026, Cisco refreshes the Secure Router 8000 series and introduces a Unified Branch architecture with AgenticOps, post-quantum cryptography (PQC), and hybrid mesh firewalling. The control plane moves to Cisco Cloud Control, aiming for an AI-native, cloud-managed WAN platform.
Cisco Agent Gateway: Zero Trust Evolves from Access to Action Control for AI Agents
Cisco launches Agent Gateway for Secure Access, extending Zero Trust from access control to action-level control for AI agents. Using Duo for agent identity, it enforces policies across LLMs, MCP servers, and SaaS APIs, with server-side credential injection and unified audit—addressing the unique security challenges of autonomous agent workflows.
Cisco & Microsoft Join Forces: Browser Becomes Zero Trust Control Plane with SSE-Edge Integration
Cisco Secure Access integrates deeply with Microsoft Edge for Business, embedding zero-trust access, DLP, and AI threat protection directly into the browser. The browser replaces VPN/agent as the primary entry point for private apps, with unified policy enforcement that also governs AI agents like Copilot, signaling a control plane shift from network to browser layer.
Anthropic Releases Zero Trust Framework for AI Agents
Anthropic releases the industry's first Zero Trust framework for AI agents, defining core principles, five agent-specific threats, and a six-capability roadmap. It shifts security focus from network perimeters to agent identity, behavior, and least agency, setting a new baseline for AI agent security.
Zscaler Acquires Symmetry: AI Agent Identity Becomes New Security Control Plane
Zscaler acquires Symmetry Systems to integrate Access Graph into Zero Trust Exchange, targeting AI Agent identity blind spots. Provides NHI visibility, least privilege, data lineage tracking, real-time anomaly detection, and blast radius analysis. Signals security control plane shift from network perimeter to Agent identity.
Zscaler's AI-Guardian Shifts Zero Trust Control Plane to Non-Human AI Identities
Zscaler launches Project AI-Guardian with six GSIs to extend Zero Trust to AI agents, introducing AI Protect suite. The core shift treats non-human identities as first-class security principals, enabling granular access control and continuous red-teaming for AI agent ecosystems.
HPE's Autonomous Network Agentic Mesh: Locking Ops Control via AI Agents
HPE announces 'self-driving network' capabilities, powered by a microservices, autonomous agents, and an advanced agentic mesh, integrated into HPE Mist and HPE Aruba Central. Claiming industry-first fully autonomous, agentic AIOps networking, it detects, diagnoses, and resolves issues in real-time without human intervention. UK Ministry of Justice cites ~75% fewer helpdesk tickets.
Cisco Acquires Astrix Security to Strengthen Non-Human Identity and AI Agent Security Control Plane
Cisco announces its intent to acquire Astrix Security, a Non-Human Identity (NHI) security specialist. The goal is to integrate AI agent and credential (API keys, service accounts) security management deeply into Cisco's Identity Intelligence platform and Zero Trust Access solutions. This move signals a shift in the security control plane from traditional human-machine interactions towards securing automated AI agent workloads, addressing the new attack surface created by AI agents abusing credentials.
CISA Agentic AI Security Deployment Guide: Government Framework Reshapes Enterprise AI Procurement Standards
...
In-depth Analysis of CISA Agentic AI Security Guidelines
CISA released the world's first Agentic AI security deployment guidelines on May 1, 2026, marking a critical transition from theoretical discussions to mandatory compliance requirements.
Microsoft Publishes Cybersecurity Responsibility Framework for AI Era, Emphasizing Public-Private Collaboration and Modernized Vulnerability Management
Microsoft published a framework on securing the global digital ecosystem with next-generation AI, arguing that as AI accelerates vulnerability discovery, response and remediation must keep pace. The document outlines five recommendations, emphasizing public-private collaboration, responsible release of AI capabilities, and modernizing vulnerability management processes.
Cloudflare Dynamic Workflows: Control Plane Shift to Per-Tenant Durable Execution
Cloudflare launches Dynamic Workflows, a library enabling per-tenant dynamic dispatch of durable execution code at runtime. Built on Dynamic Workers, it allows Worker Loader to route and isolate tenant workflows with zero idle cost. Targets multi-tenant SaaS, AI agents, and CI/CD, but creates ecosystem lock-in around Cloudflare runtime.
Cloudflare & Stripe Enable AI Agents to Auto-Provision Accounts, Pay, and Deploy
Cloudflare and Stripe launch a protocol enabling AI agents to autonomously create Cloudflare accounts, obtain API tokens, buy domains, and deploy apps. Using Stripe Projects CLI and extended OAuth, agents discover services, authenticate, and pay via tokens, eliminating manual steps from zero to production.
Cloudflare GA Post-Quantum IPsec: Hybrid ML-KEM Standard Defeats QKD, Proprietary Suites
Cloudflare announces GA of post-quantum encryption for its IPsec product, implementing hybrid **ML-KEM (FIPS 203)** per **draft-ietf-ipsecme-ikev2-mlkem**. It achieves interoperability with **Cisco IOS XE** and **Fortinet FortiOS 7.6.6+** without special hardware. This extends post-quantum security to site-to-site WAN and explicitly rejects the **QKD** approach.