As artificial intelligence accelerates both the speed and sophistication of cyberattacks, one network security company is rethinking the entire framework of enterprise defense and containment, not detection, is at the center of its answer.

Zero Networks, the automated microsegmentation firm founded in 2019, has launched AI Segmentation, a next-generation platform capability designed to govern AI agents operating inside corporate environments, block access to unsanctioned cloud AI services, and stop AI-driven lateral movement before it can cascade into a full enterprise breach. The announcement comes against a backdrop of mounting evidence that the AI threat landscape has fundamentally shifted and that traditional network security architecture is no longer adequate to contain it.

## The Problem: AI Is Closing the Window Between Access and Damage

For years, enterprise security teams have operated with a reasonable assumption: even when an attacker gains initial access, there is time to detect and respond before serious damage is done. That assumption is rapidly becoming obsolete.

Attackers are now using AI to build tools faster and run them more autonomously, shortening the window between initial access and lateral spread. Where an attacker once needed hours or days to perform reconnaissance, move laterally through a network, and reach high-value targets, AI-accelerated attack tooling is collapsing that timeline to minutes in some cases, seconds.

The implication for enterprise defense is stark. If lateral movement happens faster than detection-and-response can act, then detection alone is not a viable security strategy. What organizations need, according to Zero Networks, is a containment layer that stops lateral movement before it begins regardless of how fast the attacker moves.

## Zero Networks' Diagnosis: Trusted Access Paths Are the Real Threat

Before building a solution, Zero Networks undertook an extensive analysis of how real attacks actually unfold inside enterprise environments. The company analyzed approximately 3.4 trillion activities across 400 enterprise environments over a 12-month period to understand how attacks progress after initial access.

The findings challenged a common assumption in enterprise security. Most enterprise security risk is driven by the routine abuse of normal, trusted access paths not rare zero-day exploits or novel attack techniques. In other words, attackers are not primarily succeeding by finding exotic vulnerabilities. They are succeeding by walking through doors that were already wide open service accounts with excessive permissions, administrative credentials left active, and internal systems that trust each other without verification.

These findings point to a clear conclusion: enterprises do not need more alerts; they need fewer paths for attackers to move. This shift in framing from detection-centric to containment-centric is the philosophical foundation of Zero Networks' entire platform approach.

## What Makes Traditional Microsegmentation Insufficient

Microsegmentation has long been recognized as a powerful technique for limiting lateral movement by dividing a network into isolated segments and restricting traffic between them. But the practical reality of traditional microsegmentation implementations has kept adoption low.

Early approaches relied on VLANs and IP-based isolation coarse controls that provided limited enforcement at the host level. The next generation of tools typically required dedicated agents on managed assets, manual policy creation, and in some cases hardware dependencies. Zero Networks was founded around the argument that existing microsegmentation tools demand too much manual effort to be practical at scale.

CEO and co-founder Benny Lakunishok put the core problem plainly: "What's difficult or what's hard you don't do. What's easy you do." If a security control requires significant manual overhead to configure and maintain, organizations will configure it partially, let it drift, or skip it entirely. The result is segmentation that exists on paper but provides little real containment.

Zero Networks' platform addresses this by being fully agentless and automated. Rather than requiring agents on managed assets or dependencies on hardware, the platform enforces network segmentation without dedicated agents on managed assets or manual policy creation. The platform syncs with asset repositories including Active Directory, Microsoft Entra ID, and third-party tools like Axonius to build a complete inventory of everything on the network then enforces policy automatically.

## The New Frontier: AI Segmentation

The release of AI Segmentation marks Zero Networks' most significant platform expansion to date, directly responding to the organizational reality that AI agents are now running inside virtually every enterprise environment and most security teams have no visibility into what those agents are doing or where they are connecting.

Employees are running AI tools that operate as autonomous processes on endpoints, connecting to internal systems and external services, often without any network policy governing what they can reach. This creates a dual risk: AI agents may inadvertently exfiltrate sensitive data to external services, and attackers can exploit the same pathways that AI agents use for legitimate activity to move laterally inside the network.

AI Segmentation addresses this across three dimensions:

1. AI Agent Control The platform identifies AI agents running on managed operating systems and treats them the same way it treats any other process. The platform identifies what an agent is, learns what it typically does, and enforces a least-privilege boundary around it. When an agent attempts a connection outside that boundary, the platform blocks it and alerts both the end user and the security team. This means an AI coding assistant, for example, cannot silently reach internal databases or credentials stores it was never meant to access.

2. Unsanctioned Cloud AI Services On the SaaS side of AI, Zero Networks categorizes all outbound internet connections. An organization can permit access to a sanctioned AI service while blocking all other AI destinations in a single policy rule, covering both well-known tools and niche services employees may be running without authorization. This provides a practical, policy-driven approach to the sprawling challenge of shadow AI employees using AI tools that IT and security teams have never evaluated or approved.

3. AI-Driven Lateral Movement Perhaps most critically, AI Segmentation applies the platform's least-privilege enforcement model to the threat actor side of the AI equation. Zero Networks' least-privilege enforcement model applies the same controls to AI-assisted lateral movement as to any other unauthorized connection attempt. Whether lateral movement is initiated by a human attacker, an automated script, or an AI-powered intrusion tool, the platform enforces the same containment boundaries.

## How the Platform Enforces Policy Without the Overhead

A key element of Zero Networks' approach is its use of what Lakunishok calls a "living off the land defense" leveraging native security controls already built into the assets being protected. On Windows, that means Windows Firewall. On Linux, it is IPTables or NFTables. For IoT and OT devices, the platform manages ACL rules directly on the network switch.

Policy is written at the label and group level rather than against raw IP addresses, which means rules remain valid even as IP addresses change. Before enforcement begins on any asset, the platform enters a learning period, builds rules automatically based on observed traffic, and simulates the enforcement against real traffic patterns showing administrators exactly what would be allowed, blocked, or MFA-challenged on the enforcement date. This pre-enforcement simulation dramatically reduces the risk of operational disruption, one of the most common reasons enterprises delay microsegmentation projects.

Network-layer Just-in-Time (JIT) MFA is available for administrative and lateral access attempts, adding a step-up authentication requirement for connections that would otherwise be allowed a critical control for stopping credential-based attacks where valid credentials have been compromised.

## Containment as the New Prevention: A Strategic Shift

Building cyber resilience in 2026 means prioritizing proactive threat containment by eliminating always-on access and measuring what really matters: time-to-containment and blast-radius reduction.

This framing represents a meaningful departure from how most enterprises have historically measured and invested in security. The dominant metrics mean time to detect (MTTD) and mean time to respond (MTTR) assume that the security team will catch an attacker and respond before serious damage is done. In an AI-accelerated threat environment, those timelines may simply not be achievable.

Blast-radius reduction limiting how much of the environment an attacker can reach from any given entry point becomes the more strategically important metric. An attacker who gains access to a single endpoint in a well-segmented environment is an isolated incident. The same attacker operating across a flat, implicitly trusted network is an enterprise-wide catastrophe.

Zero Networks' automated, identity-aligned microsegmentation solution delivers a containment layer to isolate and neutralize cyberattacks in real time.

## What's Coming: Deeper Visibility at the Application Layer

Zero Networks is not standing still on this platform trajectory. Looking ahead to the second half of 2026, Zero Networks plans to move further into the detection space and become more inline with certain protocols. The aim is to gain richer visibility into what is happening at the application layer, not just at the network metadata level.

This roadmap reflects the company's recognition that network metadata IP addresses, ports, connection volumes provides an incomplete picture of what AI agents and human attackers are actually doing. Application-layer visibility would allow the platform to understand the semantic content of traffic, enabling more precise policy enforcement and richer alerting when behavior deviates from established baselines.

As Lakunishok noted: "Microsegmentation exists to stop lateral movement, and now lateral movement has taken it up a notch because it's more automated and easier."

## Why This Matters for Enterprise Security Teams

The Zero Networks AI Segmentation launch arrives at a moment when enterprise security teams are grappling with two simultaneous pressures: an attack surface that is expanding as AI agents proliferate inside their environments, and an attacker ecosystem that is using AI to move faster and with less human oversight than ever before.

The traditional perimeter-based security model has become obsolete in today's distributed digital environment, with 82% of organizations now operating in hybrid or multi-cloud infrastructures and remote work becoming the standard. In this environment, a perimeter does not meaningfully exist and any security strategy that relies on keeping attackers outside the network is already compromised by design.

The strategic answer that Zero Networks is advancing automated containment enforced at the network layer, applied equally to human users, AI agents, and attacker tools addresses this reality directly. It does not assume the perimeter holds. It assumes breach is possible and focuses on what happens after.

## Key Takeaways for Security Decision-Makers

For CISOs and security architects evaluating their 2026 security posture, the Zero Networks AI Segmentation launch highlights several priorities worth immediate attention:

• ▸AI agents are ungoverned network participants in most enterprise environments. Without a policy layer governing their connections, they represent both an internal data governance risk and an external attack surface.
• ▸Always-on access is the root of blast-radius risk. Every service account, administrative credential, and trust relationship that persists indefinitely is a potential path for lateral movement.
• ▸Containment speed matters more than detection speed when attackers use AI to compress their timeline. Investing in containment architecture now reduces the dependency on response time later.
• ▸Automated, agentless segmentation removes the operational friction that has historically prevented organizations from deploying effective microsegmentation at scale.

## Final Thoughts

The cybersecurity industry has spent years building faster and smarter detection tools. Zero Networks is making the case that detection, however sophisticated, is no longer enough and that the most durable answer to AI-driven threats is a network architecture that leaves attackers nowhere to go, regardless of how fast they move.

In a threat landscape where AI is automating both attack and defense, the organizations that will weather the next wave of intrusions are those that have already eliminated the trusted access paths attackers depend on. That work starts with containment and it starts now.

Stay ahead of the threat curve. Subscribe to the ReconShield newsletter for weekly threat intelligence, vulnerability advisories, and enterprise security analysis.

Read More:

AI-Powered Cyber Threats Are Escalating Faster Than Enterprise Defenses Can Adapt

Urgent Chrome Update Released After Critical Remote Code Execution Vulnerabilities Discovered

Hackers Exploit Vulnerable Lenovo Driver to Disable EDR Security Protections

QR Code Phishing Explodes in 2026 as Microsoft Detects 8.3 Billion Email Threats

Public Exploit Code Emerges for Chromium Flaw Potentially Affecting Millions Worldwide

F5 BIG-IP Appliances Targeted by Hackers for SSH Intrusions Into Enterprise Linux Systems