Can Zero Trust survive the AI era? | CyberScoop<\/title> <meta name=\"description\" content=\"As AI increases the speed of cyber attacks, governments and businesses must weigh the tradeoffs that come with deploying semi-autonomous AI agents to stop them.\"> <link rel=\"canonical\" href=\"https:\/\/cyberscoop.com\/ai-zero-trust-security-federal-agencies-elastic-public-sector\/\"> <meta property=\"og:locale\" content=\"en_US\"> <meta property=\"og:type\" content=\"article\"> <meta property=\"og:title\" content=\"Can Zero Trust survive the AI era?\"> <meta property=\"og:description\" content=\"As AI increases the speed of cyber attacks, governments and businesses must weigh the tradeoffs that come with deploying semi-autonomous AI agents to stop them.\"> <meta property=\"og:url\" content=\"https:\/\/cyberscoop.com\/ai-zero-trust-security-federal-agencies-elastic-public-sector\/\"> <meta property=\"og:site_name\" content=\"CyberScoop\"> <meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/cyberscoop\/\"> <meta property=\"article:published_time\" content=\"2026-03-19T21:06:20+00:00\"> <meta property=\"article:modified_time\" content=\"2026-03-19T21:06:49+00:00\"> <meta property=\"og:image\" content=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/03\/can-zero-trust-survive-the-ai-era-2.jpg\"> <meta property=\"og:image:width\" content=\"6000\"> <meta property=\"og:image:height\" content=\"4000\"> <meta property=\"og:image:type\" content=\"image\/jpeg\"> <meta name=\"author\" content=\"djohnson\"> <meta name=\"twitter:card\" content=\"summary_large_image\"> <meta name=\"twitter:creator\" content=\"@CyberScoopNews\"> <meta name=\"twitter:site\" content=\"@CyberScoopNews\">  <link rel=\"dns-prefetch\" href=\"\/\/securepubads.g.doubleclick.net\">\n<link rel=\"dns-prefetch\" href=\"\/\/use.typekit.net\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Feed\" href=\"https:\/\/cyberscoop.com\/feed\/\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Comments Feed\" href=\"https:\/\/cyberscoop.com\/comments\/feed\/\"> <link rel=\"stylesheet\" id=\"all-css-2\" href=\"https:\/\/cyberscoop.com\/wp-includes\/css\/dist\/block-library\/style.min.css?m=1773246214g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-6\" href=\"https:\/\/cyberscoop.com\/wp-content\/mu-plugins\/search\/elasticpress\/dist\/css\/related-posts-block-styles.min.css?m=1772477397g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-8\" href=\"https:\/\/cyberscoop.com\/wp-content\/themes\/scoopnewsgroup\/dist\/css\/frontend.css?m=1773271249g\" type=\"text\/css\" media=\"all\">\n<link rel=\"stylesheet\" id=\"typekit-css\" href=\"https:\/\/use.typekit.net\/itk2qbh.css?ver=13897d660a0ac2c9c7d1\" media=\"all\"> <link rel=\"https:\/\/api.w.org\/\" href=\"https:\/\/cyberscoop.com\/wp-json\/\"><link rel=\"alternate\" title=\"JSON\" type=\"application\/json\" href=\"https:\/\/cyberscoop.com\/wp-json\/wp\/v2\/posts\/88311\"><meta name=\"generator\" content=\"WordPress 6.8.5\">\n<link rel=\"shortlink\" href=\"https:\/\/cyberscoop.com\/?p=88311\">\n<link rel=\"alternate\" title=\"oEmbed (JSON)\" type=\"application\/json+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fai-zero-trust-security-federal-agencies-elastic-public-sector%2F\">\n<link rel=\"alternate\" title=\"oEmbed (XML)\" type=\"text\/xml+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fai-zero-trust-security-federal-agencies-elastic-public-sector%2F&format=xml\">   <link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=32\" sizes=\"32x32\">\n<link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=192\" sizes=\"192x192\">\n<link rel=\"apple-touch-icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=180\">\n<meta name=\"msapplication-TileImage\" content=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=270\"> <\/head><body class=\"wp-singular post-template-default single single-post postid-88311 single-format-standard wp-theme-scoopnewsgroup wp-child-theme-cyberscoop\" id=\"readabilityBody\"> <a href=\"https:\/\/cyberscoop.com\/ai-zero-trust-security-federal-agencies-elastic-public-sector\/#main\" class=\"skip-to-content-link visually-hidden-focusable\">Skip to main content<\/a> <\/p>\n<div class=\"ad ad--top ad--top-desktop\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p> <main id=\"main\" role=\"main\" tabindex=\"-1\"> <\/p>\n<div class=\"ad ad--top ad--top-mobile\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<section id=\"stickybar\" class=\"stickybar stickybar--newsletter js-stickybar\" readability=\"0.82\"> <button class=\"stickybar__close js-stickybar-close\" aria-controls=\"stickybar\"> <svg class=\"icon icon--close\" width=\"21\" height=\"22\" viewBox=\"0 0 21 22\" fill=\"none\"><path d=\"m.822.518-.805.805L9.695 11 .017 20.678l.805.805 9.678-9.678 9.677 9.678.806-.805L11.305 11l9.678-9.677-.806-.805-9.677 9.677L.822.518Z\" fill=\"currentColor\" \/><\/svg> <span class=\"visually-hidden\">Close<\/span> <\/button> <\/section>\n<article class=\"single-article content\">\n<div class=\"single-article__container js-single-article-content\">\n<header class=\"single-article__header \" readability=\"25.69758812616\">\n<div class=\"single-article__header-content\" readability=\"34.564556962025\">\n<ul class=\"single-article__eyebrow\">\n<li class=\"single-article__category\"> <a class=\"single-article__category-link\" href=\"https:\/\/cyberscoop.com\/ai-zero-trust-security-federal-agencies-elastic-public-sector\/\"> <span>Government<\/span> <\/a> <\/li>\n<\/ul>\n<p> As AI increases the speed of cyber attacks, governments and businesses must weigh the tradeoffs that come with deploying semi-autonomous AI agents to stop them. <\/p>\n<p>  <br \/>\n<audio id=\"audio-player\" src=\"https:\/\/wp-tts-cdn.api.scpnewsgrp.com\/cyberscoop\/88311\/english.openai.mp3\"><\/audio> <\/p>\n<div readability=\"11\">\n<div>\n<p>Listen to this article<\/p>\n<p>  <\/p>\n<p>0:00<\/p>\n<\/p><\/div>\n<p>  <\/p>\n<p> <span id=\"tts-tooltip\">Learn more.<\/span> <span> This feature uses an automated voice, which may result in occasional errors in pronunciation, tone, or sentiment. <\/span> <\/p>\n<\/div>\n<p>  <\/div>\n<div class=\"single-article__cover-wrap\">\n<figure class=\"single-article__cover\"> <img data-recalc-dims=\"1\" fetchpriority=\"high\" width=\"640\" height=\"426\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2026\/03\/can-zero-trust-survive-the-ai-era.jpg?resize=640%2C426&ssl=1\" class=\"single-article__cover-image wp-post-image\" alt decoding=\"async\" fetchpriority=\"high\" srcset=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/03\/can-zero-trust-survive-the-ai-era-2.jpg 6000w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/03\/can-zero-trust-survive-the-ai-era-2.jpg?resize=300,200 300w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/03\/can-zero-trust-survive-the-ai-era-2.jpg?resize=768,512 768w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/03\/can-zero-trust-survive-the-ai-era-2.jpg?resize=1024,683 1024w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/03\/can-zero-trust-survive-the-ai-era-2.jpg?resize=1536,1024 1536w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/03\/can-zero-trust-survive-the-ai-era-2.jpg?resize=2048,1365 2048w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/03\/can-zero-trust-survive-the-ai-era-2.jpg?resize=600,400 600w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/03\/can-zero-trust-survive-the-ai-era-2.jpg?resize=252,168 252w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/03\/can-zero-trust-survive-the-ai-era-2.jpg?resize=506,337 506w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/03\/can-zero-trust-survive-the-ai-era-2.jpg?resize=1013,675 1013w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/03\/can-zero-trust-survive-the-ai-era-2.jpg?resize=1265,843 1265w\" sizes=\"(max-width: 1013px) 100vw, 1013px\"><figcaption> Mike Nichols, Elastic GM of Security Solutions, discusses AI at the Elastic Public Sector Summit on Thursday, March 19. (Sergey Kolupaev\/EPNAC) <\/figcaption><\/figure>\n<\/p><\/div>\n<\/header>\n<div class=\"single-article__content\">\n<div class=\"single-article__content-inner has-drop-cap\"> <html readability=\"52.526107594937\"><body readability=\"106.34215795328\"><\/p>\n<p>For the past decade, cybersecurity experts in the federal government have argued that trust, or a lack of it, was key to developing effective security policies for agency systems and data.<\/p>\n<p>But today, cybercriminals and state-sponsored hackers are using artificial intelligence to develop and launch cyberattacks <a href=\"https:\/\/cyberscoop.com\/booz-allen-report-ai-helps-attackers-move-faster-than-current-defenses\/\">more quickly and efficiently<\/a>. Governments and businesses are facing pressure to adopt AI-powered cybersecurity defenses, along with security architectures that delegate key security decisions to AI agents.<\/p>\n<p>Jennifer Franks, Director of the Center for Enhanced Cybersecurity at the Government Accountability Office, said federal agencies were currently grappling with how to do both.<\/p>\n<p>\u201cWe\u2019re having to consider a two-in-one approach,\u201d Franks said Thursday at the Elastic Public Sector Summit presented by FedScoop. \u201cIt\u2019s not something that we have to consider as a tool that\u2019s nice to have, it\u2019s a needed necessity right now in an environment to really look at the best practices for really anticipating the adversaries that could target your environment.\u201d<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>Zero Trust \u2013 a set of security principles with roots in older cybersecurity <a href=\"https:\/\/en.wikipedia.org\/wiki\/Principle_of_least_privilege\">concepts<\/a> like \u201cleast privilege access\u201d \u2014 essentially argues that defenders should treat everything on their network as a potential compromised asset. Thus, everything requires constant verification of identity, access, and authorization to protect from hackers, data breaches and insider threats.<\/p>\n<p>But threat researchers are reporting that malicious hackers have been able to leverage AI-driven automation and scaling to significantly increase the speed of their attacks, making it increasingly difficult for human operators on the defensive side to keep up or make decisions in real time. <\/p>\n<p>At the same event Mike Nichols, general manager for security solutions at Elastic, said his company and other threat research firms have found that AI tools have helped drive down the time it takes to execute an attack and gain access to an organization\u2019s network to around 11 minutes.<\/p>\n<p>Other metrics over the past year point to a lowered barrier for malicious hackers, including an 80-90% decrease in the cost to develop custom malware and a 42% increase in exploitation of zero days before public disclosure.<\/p>\n<p>He argued that cybersecurity defenders will need to embrace AI to defend at similar speeds, going so far as to say \u201cif you\u2019re not using it, you are going to be compromised\u2026like that is a guarantee at this point.\u201d<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>Nichols said that despite what \u201cdisingenuous vendors\u201d may promise, there is currently no technology or process that can provide an organization with genuine, agentic, autonomous cybersecurity operations. Human operators can still control critical decisions made by AI agents <a href=\"https:\/\/cyberscoop.com\/anthropic-ai-orchestrated-attack-required-many-human-hands\/\">through planning on the front end<\/a>.<\/p>\n<p>\u201cThe bottom line is these things are executing your existing processes and adding some reasoning to it,\u201d he said. \u201cAnd so\u2026you have to have a well-oiled process and documented process.\u201d<\/p>\n<p>Cybersecurity veteran and author Chase Cunningham \u2014 who has earned the nickname \u201cDr. Zero Trust\u201d for his advocacy of the principles \u2013 told CyberScoop that agentic AI can \u201cabsolutely\u201d co-exist within a Zero Trust security architecture, as long as you treat agents like any other non-human identity in an enterprise.<\/p>\n<p>He said that network microsegmentation, strict account controls, and continuous logging all align with Zero Trust principles and would limit the potential damage an AI agent could cause.<\/p>\n<p>\u201cIt is just another entity on the network that needs to be explicitly known, verified, constrained, monitored, and governed,\u201d he said. \u201cIf you do not know what model it is, what data it can access, what systems it can call, what actions it can take, and under what conditions it can do those things, then you have introduced ambiguity into the environment. And ambiguity is exactly what Zero Trust is supposed to remove.\u201d<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>But Nichols said humans should always be in the loop when agents make decisions on their behalf, and said AI vendors had an equal responsibility to provide more transparency behind the products they\u2019re selling.<\/p>\n<p>\u201cYou can\u2019t have a black box anymore, you can\u2019t have an AI that says \u2018hey, we fixed it, I\u2019m not going to explain why that\u2019s the case,\u2019\u201d said Nichols. \u201cBy design you need to find a vendor that\u2019s open API [and who can provide] explainability, the work that has to be there.\u201d<\/p>\n<p><\/body> <\/p>\n<footer class=\"single-article__footer\" readability=\"3.5071428571429\">\n<div class=\"author-card\" readability=\"13\">\n<div class=\"author-card__avatar\">\n<figure class=\"author-card__image-wrap\"> <img data-recalc-dims=\"1\" decoding=\"async\" class=\"author-card__image\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2026\/03\/can-zero-trust-survive-the-ai-era-1.jpg?w=640&ssl=1\" alt=\"Derek B. Johnson\"> <\/figure>\n<\/p><\/div>\n<p><h4 class=\"author-card__name\">Written by Derek B. Johnson<\/h4>\n<p> Derek B. Johnson is a reporter at CyberScoop, where his beat includes cybersecurity, elections and the federal government. Prior to that, he has provided award-winning coverage of cybersecurity news across the public and private sectors for various publications since 2017. Derek has a bachelor\u2019s degree in print journalism from Hofstra University in New York and a master\u2019s degree in public policy from George Mason University in Virginia. <\/p>\n<\/p><\/div>\n<div class=\"single-article__tags-container\">\n<h4 class=\"single-article__tags-title\">In This Story<\/h4>\n<\/p><\/div>\n<\/footer>\n<p> <\/html><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"single-article__ads js-single-article-sidebar\">\n<div class=\"ad ad--sidebar js-single-article-sidebar-5 ad--rightrail_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-4 ad--rightrail_2 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-3 ad--rightrail_3 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div><\/div>\n<\/article>\n<div class=\"popular-stories popular-stories--single-post\">\n<div class=\"popular-stories__container\">\n<h2 class=\"popular-stories__title\"> More Scoops <\/h2>\n<p>  <\/div>\n<p>\n<\/div>\n<p> <\/p>\n<section class=\"latest-podcasts\">\n<h2 class=\"latest-podcasts__title\"> Latest Podcasts\t<\/h2>\n<\/section>\n<div class=\"top-categories\">\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Government<\/h3>\n<\/p><\/div>\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Technology<\/h3>\n<\/p><\/div>\n<\/p><\/div>\n<p> <\/main> <\/p>\n<div class=\"ad ad--bottom \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div id=\"interstitial\" class=\"welcome__container\"> <button id=\"close-modal-1\" class=\"welcome__clickable_area\"><\/button> <\/p>\n<div class=\"welcome__ad_wrapper\">\n<p> <button id=\"close-modal-3\" class=\"welcome__continue-button\">Continue to CyberScoop<\/button> <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<p>   <\/body> <a href=\"https:\/\/cyberscoop.com\/ai-zero-trust-security-federal-agencies-elastic-public-sector\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Can Zero Trust survive the AI era? | CyberScoop Skip<\/p>\n","protected":false},"author":11,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[235,384,78,3935,1292,117,4805,900],"tags":[236,388,86,3936,1298,119,4807,907],"class_list":["post-8449","post","type-post","status-publish","format-standard","hentry","category-ai","category-artificial-intelligence-ai","category-cybersecurity","category-elastic","category-gao","category-government","category-large-language-models","category-zero-trust","tag-ai","tag-artificial-intelligence-ai","tag-cybersecurity","tag-elastic","tag-gao","tag-government","tag-large-language-models","tag-zero-trust"],"featured_image_urls":{"full":"","thumbnail":"","medium":"","medium_large":"","large":"","1536x1536":"","2048x2048":"","chromenews-featured":"","chromenews-large":"","chromenews-medium":""},"author_info":{"display_name":"Cyber Scoop","author_link":"https:\/\/ddi.mohflo.net\/index.php\/author\/cyberscoop\/"},"category_info":"<a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/ai\/\" rel=\"category tag\">AI<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/artificial-intelligence-ai\/\" rel=\"category tag\">artificial intelligence (AI)<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cybersecurity\/\" rel=\"category tag\">Cybersecurity<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/elastic\/\" rel=\"category tag\">Elastic<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/gao\/\" rel=\"category tag\">GAO<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/government\/\" rel=\"category tag\">Government<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/large-language-models\/\" rel=\"category tag\">large language models<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/zero-trust\/\" rel=\"category tag\">Zero Trust<\/a>","tag_info":"Zero Trust","comment_count":"0","jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/8449","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/users\/11"}],"replies":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/comments?post=8449"}],"version-history":[{"count":0,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/8449\/revisions"}],"wp:attachment":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media?parent=8449"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/categories?post=8449"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/tags?post=8449"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}

{"id":8449,"date":"2026-03-19T16:06:20","date_gmt":"2026-03-19T21:06:20","guid":{"rendered":"https:\/\/cyberscoop.com\/?p=88311"},"modified":"2026-03-19T16:06:20","modified_gmt":"2026-03-19T21:06:20","slug":"can-zero-trust-survive-the-ai-era","status":"publish","type":"post","link":"https:\/\/ddi.mohflo.net\/index.php\/2026\/03\/19\/can-zero-trust-survive-the-ai-era\/","title":{"rendered":"Can Zero Trust survive the AI era?"},"content":{"rendered":"