Skip to content

Zero Trust as Control Plane for Secure AI Adoption in Southeast Asia

Bottom line: CISOs in Southeast Asia must extend Zero Trust to AI agents and map data flows to manage regulatory and supply chain risks.

Southeast Asia’s CISOs must integrate AI agents as new identities into their Zero Trust architecture while regulators tighten data residency and supply chain security requirements. Zscaler positions Zero Trust as the central control plane for secure AI adoption in highly interconnected, heavily regulated markets.

The core challenge lies in the fact that AI agents are rapidly becoming digital employees in organizations, while regulatory requirements around data residency and sovereignty are simultaneously growing. Zscaler extends its Zero Trust platform with three critical layers: an AI Broker with Agent Registry that inspects prompts and responses and enforces least-privilege access in real time; Endpoint AI Security for detecting unauthorized local AI tools and browser extensions; and an AI Access Graph for mapping AI assets, model usage, and data flows across SaaS, public cloud, and on-premises environments.

For the Southeast Asia region, cross-border connectivity holds particular significance. Zscaler replaces site-to-site VPNs with policy-driven application access and operates cloud infrastructure with strict data locality – regional data centers without external kill switches. This approach is oriented toward GDPR requirements and is now influencing Southeast Asian data regulation as well. Real-world examples from AkzoNobel and Siemens Healthineers demonstrate implementation through non-discoverable infrastructure and explicit AI adoption strategies rather than outright bans.

CISOs face three immediate priorities: First, establish a live inventory of AI usage and data flows ahead of regulatory pressure. Second, hide infrastructure and supply chain behind Zero Trust so that neither partners nor AI agents can exploit misconfigurations to trigger regional incidents. Third, explicitly expand the threat model to include AI agents as identities – with access, actions, and monitoring equivalent to privileged accounts. Prevent lateral movement through segmentation rather than chasing every patch. Document regulatory evidence through logs, policies, and data lineage.


Source: www.csoonline.com · Published 22 June 2026
Lumi AI News — AI-assisted curation in accordance with Article 50 EU AI Act. Paraphrase and classification by Lumi News Pipeline v1.7.1.

Share on: