According to CRN, Zscaler announced Monday it has acquired AI security startup SPLX to expand its zero-trust security platform for protecting generative AI and agentic adoption. The acquisition brings capabilities in AI asset discovery, automated red teaming, and governance, though financial terms for the 2023-founded startup were not disclosed. This marks Zscaler’s second acquisition of 2025 following its $675 million purchase of Red Canary in August, which also brought agentic-powered security capabilities. Zscaler Founder and CEO Jay Chaudhry stated that integrating SPLX technologies with Zscaler’s Zero Trust Exchange will enable securing “the entire AI lifecycle on one platform,” calling AI security the “third big area” for the company alongside zero-trust security and security operations. This strategic move signals a fundamental shift in how enterprises will approach AI security.
Sponsored content — provided for informational and promotional purposes.
The Technical Architecture Behind AI Asset Discovery
The acquisition of SPLX represents more than just feature acquisition—it’s about architectural integration at the network level. Traditional security tools struggle with AI systems because they operate at the application layer, while AI workloads span multiple environments including cloud, on-premise, and edge locations. SPLX’s technology likely employs distributed scanning agents combined with API-based discovery mechanisms that can identify AI models, training data repositories, and inference endpoints across hybrid environments. What makes this particularly valuable for Zscaler is the integration with their Zero Trust Exchange platform, which already processes massive amounts of traffic data. By correlating network traffic patterns with AI-specific signatures, they can identify shadow AI deployments that traditional security tools would miss entirely.
The Evolution of Automated Red Teaming
Automated red teaming for AI systems represents a significant technical advancement beyond traditional penetration testing. Unlike conventional security testing that focuses on known vulnerabilities, AI red teaming must address emergent behaviors, prompt injection attacks, and model manipulation techniques. SPLX’s technology likely employs reinforcement learning algorithms that continuously evolve attack strategies based on the AI system’s responses. This creates an adaptive testing environment where the red teaming system learns from each interaction, becoming more sophisticated over time. The integration with Zscaler’s platform means these tests can be conducted in production-like environments without disrupting actual operations, providing continuous security validation rather than periodic assessments.
Governance in the Age of Agentic AI
The governance capabilities SPLX brings address one of the most challenging aspects of enterprise AI adoption: maintaining control over autonomous systems. Agentic AI—where AI systems can make decisions and take actions independently—introduces unprecedented governance challenges. Traditional role-based access control and compliance frameworks break down when AI systems can initiate transactions, modify data, or interact with external systems. SPLX’s governance technology likely provides real-time policy enforcement, audit trails for AI decision-making processes, and automated compliance checking against frameworks like NIST’s AI Risk Management Framework. The integration with Zscaler’s platform means these governance controls can be applied at the network level, providing a unified enforcement point regardless of where the AI workloads are running.
Strategic Market Implications
Zscaler’s acquisition strategy reveals a clear pattern: they’re building an integrated security platform that addresses the three most critical areas of modern enterprise security. The Red Canary acquisition brought MDR capabilities for traditional threats, while SPLX addresses the emerging AI security challenge. This creates a powerful synergy where the same platform can detect both conventional cyberattacks and AI-specific threats. For enterprises, this means reduced complexity and improved security posture, but it also represents a significant vendor lock-in risk. Competitors like Palo Alto Networks and CrowdStrike will likely respond with their own AI security acquisitions, potentially triggering consolidation in the nascent AI security market. The timing is strategic—as enterprises move from AI experimentation to production deployment, the need for comprehensive AI security solutions becomes urgent rather than optional.
Technical Implementation Challenges
While the acquisition makes strategic sense, the technical integration presents significant challenges. SPLX’s AI-focused security tools must be seamlessly integrated into Zscaler’s existing architecture without impacting performance. The Zero Trust Exchange processes enormous volumes of traffic, and adding AI security scanning could introduce latency if not implemented carefully. Additionally, there’s the challenge of false positives—AI systems can exhibit complex behaviors that might be misinterpreted as malicious by automated security tools. The integration will require sophisticated machine learning models to distinguish between legitimate AI operations and actual security threats. Another challenge is scale: as enterprises deploy hundreds or thousands of AI agents, the security platform must be able to monitor and protect all of them simultaneously without becoming a bottleneck.
