The Zero Trust Hub

Trends, insights, and resources for today's cybersecurity leaders. Updated weekly.

Subscribe on LinkedIn
Weekly Podcast

The Monday Microsegment

NEWS

Ransomware Is Thriving, Despite 2024’s Flurry of Law Enforcement Activity

In an interview with Dark Reading, Trevor Dearing explains why ransomware groups are thriving despite high-profile takedowns in 2024 — and why their success underscores the need for stronger containment measures.

NEWS

Ransomware Attack Cripples Energy Contractor for Weeks

The Record reports that a ransomware attack locked ENGlobal Corporation out of critical systems for six weeks. Trevor Dearing warns that ransomware is becoming more pervasive and disruptive, forcing more organizations to halt operations or face major business failures.

Weekly Briefing

Why I’m Not Losing Sleep Over AI

Artificial intelligence is cybersecurity’s latest boogeyman. And with the latest introduction and massive hype of China’s DeepSeek AI, I can feel the panic setting in further.

People worry AI-powered attacks will overwhelm defenses and that cybercrime will become more dangerous than ever.  

But while the headlines sound scary, I’m not losing sleep over AI.

Zero Trust makes AI-powered threats less worrisome. Whether attackers use AI, quantum computing, or an army of cybercriminals in a dark room, Zero Trust greatly reduces their ability to succeed.

Attackers need permission to succeed — Zero Trust denies it

Every breach has one thing in common: there was a policy that allowed it. All bad things happen inside of an allow rule. That’s the hard truth of cybersecurity.  

No matter how sophisticated the attack is, it only works if there’s an open door. The problem is that traditional security models assume everything inside the perimeter is safe. That’s a mistake.

Zero Trust flips this mindset. It denies all access by default. If someone or something isn’t explicitly allowed, it’s blocked.

This means an attacker using AI to craft the most advanced phishing email or the most convincing deepfake still runs into the same problem. They don’t have permission to access what matters: the Protect Surface. Their AI-powered attack is useless if it can’t reach the target.

AI can’t break the laws of cyber physics

People treat AI like magic, as if it can bypass all security barriers effortlessly. It can’t.  

AI still operates within the constraints of cybersecurity’s foundational rules — protocols like TCP/IP.

Think of it like bowling. If you roll a ball down the lane, it follows the defined path. You can’t magically teleport the ball five lanes over to knock down another set of pins. In the same way, attackers using AI can’t escape the reality of network protocols.

Zero Trust policies act like the bumpers in a bowling alley, keeping everything in strict lanes. Attackers can try all the tricks they want, but if the policy says “no,” the attack goes straight into the gutter.

The real AI risk? Not securing your own AI systems

While I don’t worry about AI-powered attacks breaking through Zero Trust, I do worry about organizations failing to protect their own AI models.

AI isn’t just a tool for attackers. It’s a critical asset for defenders.  

AI helps security teams analyze data, detect anomalies, and refine Zero Trust policies. But if an organization doesn’t treat its AI models as Protect Surfaces, they risk being manipulated, poisoned, or outright stolen.

That’s why AI itself must be secured within a Zero Trust framework. Organizations need to:

  • Identify AI models as Protect Surfaces and apply least-privilege access controls.
  • Monitor AI inputs and outputs to prevent poisoning attacks.
  • Segment AI systems so that even if attackers breach one part of the network, they can’t move laterally to compromise AI-driven decision-making.

Zero Trust ensures AI strengthens security rather than becoming a liability.

AI doesn't change the game because Zero Trust already did

Cybercriminals will always evolve. AI just makes their job easier — but only if organizations continue relying on outdated security models.

Zero Trust changes the game by eliminating the attacker’s ability to move freely. It doesn’t care how an attacker operates, whether they’re using AI, brute force, or social engineering. If they don’t have explicit access, they don’t get in. Period.

So no, I’m not losing sleep over AI. Because with Zero Trust, attackers won’t win.  

Statshot

Ransomware’s High Toll

The impact of ransomware attacks is worsening across the board. More organizations report shutdowns, lost customers and sales, job cuts, higher security costs, and brand damage. A significant percentage also reported demoralized employees, a factor not tracked in 2021.

Zero Trust Resources

eBook

Strategies for DORA Compliance: Key Role of Zero Trust Segmentation

Is your organization ready for the January 2025 DORA deadline? Discover key strategies for cyber resilience and how Illumio Zero Trust Segmentation simplifies compliance.

GUIDE

Zero Trust Segmentation for Dummies

Breaches are inevitable, but the damage isn’t. Zero Trust Segmentation for Dummies simplifies how to stop threats from spreading, protecting your organization before they cause harm.

REPORT

Cloud Security Index 2023

The Cloud Security Index 2023 reveals that 60% of IT leaders view cloud security as a significant risk, with 93% agreeing Zero Trust Segmentation is essential. Download the report to learn more about key cloud security challenges and solutions.

88% of organizations were hit by ransomware last year, with 58% shutting down operations for an average of 12 hours.

The Global Cost of Ransomware Study reveals the real impact and how to stay resilient against the next inevitable attack.

Top contributors

John Kindervag

Chief Evangelist

Raghu Nandakumara

Head of Industry Solutions

Sudha Iyer

VP, Security Product Management

Gary Barlet

Public Sector CTO

Trevor Dearing

Director of Critical Infrastructure Solutions

Michael Adjei

Director, Systems Engineering

Christer Swartz

Director of Industry Solutions