Zscaler CEO On Vulnerability Surge From AI: ‘We All Need To Be Paranoid’

In an interview with CRN, Zscaler CEO Jay Chaudhry says there’s no question that Anthropic’s Claude Mythos model is ‘very powerful’ for vulnerability discovery—and other AI models that could be available to attackers ‘aren’t too far behind.’

In the wake of Anthropic’s initiative to make its Claude Mythos vulnerability discovery tool available to select IT and security vendors, there’s no question that the “very powerful” AI capabilities are a sign of massively heightened cyber risk to come, according to Zscaler founder and CEO Jay Chaudhry.

In an interview with CRN, Chaudhry said it’s clear that while Anthropic is being “responsible” in its handling of the capabilities with the initiative, known as Project Glasswing, other AI models that could be more easily available to attackers “aren’t too far behind.”

These could include models used by nation-state adversaries such as China, for instance, or open-source models that won’t have the same controls as Claude Mythos, he said.

As a result, “we all need to be paranoid and do [the right] things about it,” Chaudhry told CRN. “The good thing is customers are actually all looking at doing something about it.”

In addition to improving vulnerability management practices, the biggest recommendation Zscaler has for partners and customers is to focus on containing the attack surface through implementing zero-trust controls, he said.

To enable a strong security posture in a threat environment that may see as much as a 20-fold spike in software vulnerabilities, “our view is that the best security is what we have been talking about from the start of Zscaler with zero trust,” Chaudhry said.

At the same time, the pitches being made by legacy network security technologies such as firewalls and VPNs—which themselves are frequently the source of exploited vulnerabilities—will be increasingly recognized as dubious, according to Chaudhry.

“To keep [relying] on these firewalls, to create segments and rules, will be almost impossible,” he said.

In addition to Anthropic, rival AI platform OpenAI has likewise made available its GPT‑5.4‑Cyber model for vulnerability discovery to select vendors. Zero-trust security powerhouse Zscaler is one of just two pure-play cybersecurity vendors that have so far announced participation in both Anthropic’s Project Glasswing and the parallel initiative at OpenAI, known as Trusted Access for Cyber.

“I applaud [Anthropic CEO] Dario [Amodei], who actually has taken the high ground all along. He has been pushing for responsible use of AI. And he took a stand on Mythos,” Chaudhry said.

According to Chaudhry, following the announcement of Project Glasswing and the private Claude Mythos Preview earlier this month, many have asked if he thought Mythos’ capabilities were being overly hyped.

By and large, Chaudhry said he doesn’t believe that to be the case because “the risk is real.”

OpenAI, meanwhile, has “similar capabilities” with GPT‑5.4‑Cyber, he noted.

Ultimately, Chaudhry said the emergence of AI-accelerated vulnerability discovery—paired with long‑running challenges such as insufficient patching—has created a level of anxiety in the cyber field that he has never seen before.

The overall reaction in cybersecurity right now is, “‘Man, this is so scary,’” Chaudhry said. “I don’t recall a moment like this in cybersecurity in the past 30 years."

What follows is more of CRN’s interview with Chaudhry.

What can you say about Zscaler joining Anthropic’s Project Glasswing and the importance of that initiative?

I think Anthropic has done a very responsible thing. Now it’s not new [as a concept]. Microsoft has been finding vulnerabilities for about 20 years [and] has a program where they make some of these vulnerabilities available to providers like us—to make sure we build the protection for it before it gets generally released. Here [with Anthropic] this is a much bigger deal than just one or two or five software vulnerabilities. This is a very powerful model. It is uncovering things that have been hidden there for 20 years. Some of this information is not made public for the right reasons because if you’re being too specific, then the bad guys can start exploiting it. That’s why you’re not hearing exactly about what’s being found [in] detail. But some of the stuff is coming out—like Mozilla talked about—[where] this model has found [hundreds] of vulnerabilities.

Now, the sheer count of vulnerabilities doesn’t matter. It’s the degree of risk that matters. You could have 50 low-risk vulnerabilities versus one very high-risk vulnerability. That one is far more dangerous. We are seeing that, so I think it’s a good thing they picked up a few dozen vendors. And that’s not just security. This is security, infrastructure, the hyperscalers. About 10 or so got announced in the first batch. That announcement came together very quickly, with CEOs saying, ‘Let’s do it.’ But we have been part of the program. And then we talked to them about being able to talk to our customers because our customers are asking us, ‘Hey, what are you doing about it? I didn't see your name.’ Well, it’s there. It’s just that it [fell] under the program. So that’s why they said, ‘Let’s go ahead and you can discuss it. You can talk to your customers.’ Because we are getting scores of calls from our customers and partners. And they’re saying, ‘What do we do? How do we protect ourselves?’ I had three calls this morning, and all three of them brought Mythos into the discussion—while the calls were not scheduled for Mythos. So I think it’s important.

How effective do you think organizations will realistically be when it comes to dealing with an increase in exploitable vulnerabilities like this?

It’s an interesting challenge. There are already tons of vulnerabilities that every company has a list of—that they know they have, but they haven’t been able to patch them because they don’t have resources to patch them. And even if they patch them, sometimes applications break, so they can’t even patch them. Now, imagine the problem of vulnerabilities when it became 20-fold more.

You can’t keep on hiring people. First of all, you can’t find them. And even if you find them, can you even patch? So our view is that the best security is what we have been talking about from the start of Zscaler with zero trust. You hide your applications behind us. The biggest risk is everything starts by finding your attack surface [and then targeting it] as they find vulnerabilities, and that’s why they go after it.

So that’s the biggest discussion we’re having with our customers [around] working hard to hide them. Because many times, they can hide [their attack surface] behind Zscaler, but they haven’t done so—even Zscaler customers—because nobody except Zscaler talks about hiding your attack surface. So now we are doubling down to help the customer by saying, ‘You already have the technology. You just need to work on configuring things right.’

So you feel like zero trust is the technology that’s going to do the most for helping partners and customers with the increased vulnerability exploitation?

Everything in security is multiple steps. If you think about the four steps of a breach, they find your attack surface, No. 1. No. 2, they compromise you somehow. No. 3, the compromised entity—maybe an endpoint, maybe an application that’s part of your network—the [attacker] moves laterally, finds high-value assets and brings them down or encrypts it for ransomware. And step four, they exfiltrate your data. All four steps need to be looked at [where] if they’re able to get in, what do you do? No. 1 is hiding your attack surface. No. 2 is preventing compromises. This is where we sit inline. We’re inspecting all the stuff, so bad stuff doesn’t come in because almost all bad things come from the internet. Step No. 3, if they’re able to breach [a system], they get on the network, they move laterally. The lateral movement is the biggest issue. And this is where the second aspect of zero trust comes in. And that basically says, if I have zero trust—where only a certain entity can talk to a certain entity— the lateral movement goes away, and you’re not on the network. That becomes very important. Then related [to] that is—if they got on your network, we have this honeypot decoy technology. They try to go after something, we set up a decoy and they fall for it, and they get picked up. And then you need to make sure you have a proper DLP solution in place so they can’t exfiltrate your data. So [you need a] holistic approach. But the No. 1 thing is the attack surface.

So AI then is not necessarily the full solution on the security side? It’s going to help and be important, but the more crucial defense is everything we already have, such as zero- trust technologies?

Absolutely. The scary part is when the tool knows how to write code, then the tool also knows how to find vulnerabilities. Then the same tool who knows how to write vulnerabilities also knows how to exploit them. It’s a fascinating thing that’s going on out there. And so Mythos started it. And I applaud [Anthropic CEO] Dario [Amodei], who actually has taken the high ground all along. He has been pushing for responsible use of AI. And he took a stand on Mythos. Now, people talk to me and say, ‘Hey, was it to create marketing hype, or was it real?’ Perhaps there was some element of marketing hype. But the risk is real. And now OpenAI has its own model [GPT‑5.4‑Cyber] that has similar capabilities as well. We are part of that program as well. So they follow a similar [approach]. They have two security vendors in the program, and we’re one of the two.

Now my big worry is that other models aren’t too far behind—Chinese models or other models. And some of these open-source models, they can be trained to do something similar. And they’re not going to put controls, like Mythos is trying to put controls on it. So we all need to be paranoid and do [the right] things about it. The good thing is customers are actually all looking at doing something about it. The question is how quickly will they move? Hackers have no inertia. The larger the enterprise, the more inertia.

So perhaps we have a bit of a time window before attackers have similar capabilities, but is there any sense about how long that could be?

The scary part is things keep on getting discovered. Are we ever going to say we really discovered all the hard stuff? The more sophisticated [the models] are, the more they find. For example, Firefox browsers are everywhere—[and] if these models can discover vulnerabilities in these tools that have been hidden there for 20 years-plus, it gets hard. That’s why minimizing exposure is probably the No. 1 thing we all need to do. And then if something happens, then the other steps are [to] fall back to make sure they don’t happen. That’s where, assuming that something gets infected, then zero trust—to make sure it doesn’t allow them to move laterally—becomes a second piece. Some of these honeypots become the third piece. Those are the additional measures we need to take. I don’t recall a moment like this in cybersecurity in the past 30 years of my [career], where somebody said, ‘Man, this is so scary.’

First of all, I think every software provider and critical infrastructure provider needs to take care of [these risks]. It’s not just security companies. How about routers and switches and all those devices? What makes it more scary is you do not need source code to find vulnerabilities. Typically, you will look at a source code and find, ‘They haven’t taken care of this condition.’ So you look, you guess, you experiment, you find. [With AI tools] you can go from a binary. Binaries are very easily accessible. Source code is not easily accessible. Binaries are because these binaries are sitting everywhere. So I think, with knowing that somebody will exploit [these systems], just containing the attack surface becomes very important. And containing the attack surface really means doing zero trust—where everything is an island of its own, and [you can] only talk to certain parties, and you can’t just move left or right on the network. To keep [relying] on these firewalls, to create segments and rules, will be almost impossible.

Threat actors have extensively targeted network devices, such as firewalls, VPNs, for exploitation in the past—so is AI-powered vulnerability discovery going to be a major problem for those devices?

Yes, exactly. And even routers and switches too. They need to step up and do some more work. The challenge ends up being these devices sit out there with customers. A cloud-based service can be patched and updated a lot more easily because you centrally control it. [Huge amounts of] boxes have been sold and deployed somewhere out there, and no one knows where they are. And then patching becomes hard because even these enterprises don’t know where they are. An enterprise may have 800 firewalls. They know the [main] ones in the data center. But a lot of them are sitting in the branch offices and warehouses. Networks were designed to connect things, so they form a mesh. The goal is you should be able to get on the network in one of the 800 branch offices. Once you’re on the network, you’re like on a highway system. You move left, you right, you find an application, you connect and do your job. The bad guys are exploiting the same design feature of the network. I will get on the network. I’ll move left, I’ll move right, and I find things and compromise things. So containing the blast radius—by really doing zero trust, where each entity becomes a segment of its own—is a powerful story. One business which has done this thing very well is the telcos for their mobile networks. They created a network segment [where] each device is its own segment. The blast radius is just this [device]—nothing more than that. In the case of traditional IT, the network was designed so that everything connects to the same network—so they can find each other, connect with each other. And that causes problems. That’s why, in the office, [if] one machine got infected somewhere, the malware is going around. That’s why we are so passionate about bringing zero trust everywhere.

So you do believe we are going to see a lot more exploitation of those traditional network security devices?

Unfortunately, the answer is yes because there are no easy answers [about fixing them]. If you look at how many security vulnerabilities have been discovered in firewalls and VPNs over the past two years, the number has been pretty high. But if you ask someone, how many of those firewalls have been patched? No one knows. They’re sitting out there somewhere. What makes it more dangerous is you take the vulnerabilities discovered by these sophisticated models. Then you’ve got agentic technology, which is getting very smart. These AI agents are not simple automation. These are smart things. You can vibe code and create these things. And say, ‘Go and look for A, B and C, and make sure you remain hidden.’ They’re building agents, which try to evade decoys. They’re smart.

What is your message to channel partners about what they should be focusing on and what Zscaler is going to do to enable them around this issue?

There are two things. No. 1, obviously, is deploying zero trust. But I think there’s an opportunity for them to work with customers in the short term to help hide their attack surface and take some proactive measures. In fact, we are creating some material for our partners and customers [on] how do you, step by step, find your attack surface? How do you go about blocking? Because a lot of them don’t know the basics. And the customer often says, ‘Why do I have a big attack surface? I’m not sure.’ We run the attack surface report, and it says [there is an] employee portal that has not been used for the last five years. There used to be a portal that was created, so employees could come over the internet and log in. It’s still sitting there. They moved it to a new system. The old one is still sitting there. No one has patched it. And some of those things essentially end up being the beachhead for bad guys to go in. So we’re educating our partners, so they can go and work with their customers.

Every CISO and every CIO is saying, ‘What can I do tomorrow?’ The good thing is boards and CEOs are paying attention. The key is having a pragmatic approach to take care of these things because security can get geeky. I think that’s one of the things people need to keep in mind. They say, ‘Gee, I already have 1,000 vulnerabilities.’ The issue is not just having the sheer number. The issue is to prioritize them. And that’s the second area we are trying to help.

A typical CISO in a large enterprise will tell you that they have 2,000 vulnerabilities with [severity scores] that are very high. There’s so many that they can’t fix them. But the problem is to only look at [the score] alone is not enough. If a software [application] has a very high [severity] vulnerability, but it’s sitting deep inside your data center, it’s not that high risk. If a vulnerability has only the score of 7.0 [out of 10.0], but it’s facing the internet, it’s a much bigger risk. So one solution we have is what we call ‘unified vulnerability management.’ We take the vulnerabilities, we take many other contexts—internet-facing, non-internet-facing. Is it accessed by outside people or only employees? If it’s employees, is it a smaller group of employees or a larger group of employees? Are these applications requiring two-factor authentication or not? So you look at all of that stuff, and then you create a real business risk score, rather than just a CVE score. And with that, customers can prioritize and say, ‘OK, I will patch these things first, or I’ll hide these things first, and then others.’ So prioritization of risk is probably one of the most important things.