Agentic AI Is Outgrowing the Zero Trust Model Built for Humans
Traditional Zero Trust verifies you once at login, but three 2026 prescriptions for agentic AI can't agree on where to put the next layer: data, identity, or governance.
Traditional Zero Trust verifies you once at login, but three 2026 prescriptions for agentic AI can't agree on where to put the next layer: data, identity, or governance.
Traditional Zero Trust asks two questions at the door: who is this, and where are they connecting from? Enterprise security has lived inside that frame for the past decade. Agentic AI, the autonomous systems that reason across data sources and trigger downstream workflows without pausing for a human, is pushing the model past its original design.
NetApp Chief Product Officer Syam Nair draws the line at autonomy. Copilots and chatbots still operate under continuous human oversight. Agents do not. "The human role doesn't go away. It evolves. Humans are still accountable for what AI does," Nair said. That accountability gap, in his reading, is what makes the old model structurally insufficient: an agent can fire off a chain of consequential decisions across enterprise systems in seconds, and a single misstep can cascade before any human sees the trail.
Cascade looks like a short chain. An agent pulls a customer record to update a CRM, recognizes a stale address, queries a billing system to verify it, and issues a refund against a new payment method. Each step is a separate action with separate data access. The agent does not pause to ask a human whether each step is allowed, and it should not be expected to. That is the speed the agent model was built for. It is also the speed the existing security model was not built for.
The cascade risk is not measured. NetApp's own blog argues for the data layer as the answer without documenting how often cascade incidents occur in the wild, and Nair's interview carries the case as executive reasoning. The structural concern, though, is shared elsewhere. The Cloud Security Alliance published its Agentic Trust Framework in February 2026, laying out governance principles for AI agents. Zscaler and Zentera followed with their own zero-trust-for-AI-agents positions in the first half of the year.
What they do not agree on is where the new control belongs.
NetApp's answer is the data layer itself. Continuous checks move past identity and network, down to the metadata and the data the agent is about to touch. NetApp turns zero trust into a runtime governance question: every action the agent takes has to be re-evaluated against the sensitivity of the data involved and the business context of the request. That prescription lines up with NetApp's product surface (storage, data classification, metadata engines), which is the structural reason the data-layer pitch leads the vendor's published argument.
Zscaler's answer stays closer to the identity-and-network tradition. Its play treats each agent as a workforce identity, with its own credentials, posture, and policy profile, auditable the way a human employee would be. Zscaler is not arguing that zero trust broke. It is arguing that zero trust needs to onboard agents the same way it onboards people.
The Cloud Security Alliance's framework sits above both, a governance layer with principles for how organizations map agents to roles, define their autonomy tiers, and document where human accountability remains. The CSA document does not pick a technical implementation. It tells buyers what to ask of whichever vendor they pick.
Three vendors, three different layers, and the operational read matters. Data-layer governance lives with the data team. Identity-based agent onboarding lives with IAM, the traditional identity-and-access-management discipline. Governance frameworks live with the AI risk or compliance function. Picking one is not just a security architecture decision. It is a question of who owns the agent problem inside the enterprise.
The first half of 2026 produced more repositioning than resolution. Security architects and AI governance leads staring at agent deployments that already operate faster than their existing controls can police will want to watch for the next batch of independent practitioner commentary, beyond the vendor blogs, to test whether continuous data-layer governance (NetApp's bet), identity-based agent onboarding (Zscaler's bet), or governance-first frameworks (the CSA's bet) is becoming the consensus answer.