Zscaler has announced its intention to acquire Symmetry Systems, a company specializing in identity mapping and data access security, to strengthen its security platform at a time when companies are beginning to deploy more autonomous AI agents. The deal, whose financial terms have not been disclosed, is pending standard closing conditions, and the company expects to complete it in the coming days.
The acquisition aims to address one of the emerging concerns for cybersecurity teams: how to control what AI agents do when they act on behalf of users, applications, or internal processes. Traditional identity management tools were designed for humans, relatively stable groups, and defined permissions. That model becomes less clear when agents capable of querying data, calling other applications, initiating workflows, or communicating with other agents without constant human intervention come into play.
The new challenge: knowing who accesses what data and why
Symmetry Systems’ technology is based on what the company calls an access graph. In practice, this approach allows representing relationships between human and non-human identities, applications, systems, and data sources. It goes beyond showing permissions on paper; it seeks to identify which permissions are actually being used, which data is being queried, and through which routes information flows.
According to Zscaler, Symmetry Systems’ access graph ingests access logs from SaaS applications, public cloud services, data warehouses, and AI systems to correlate them and display which identities are accessing which data and how. The company aims to integrate this visibility within its Zero Trust Exchange platform, with the goal of applying more precise policies around communication between AI agents, applications, and data.
This distinction is significant. In a traditional company, a user logs into an application, queries a database, or downloads a document. In an organization already working with AI agents, an assistant might act on a CRM tool, consult a document repository, call an internal API, and deliver a response to another system. If permissions are inherited from a user or if temporary identities are used, reconstructing what happened after an incident can be much more difficult.
Zscaler presents a simple case: when an AI agent accesses a customer record, Symmetry Systems’ technology should enable knowing what triggered that action, which identity was used, and which systems were involved in the process. If the behavior is deemed risky, Zero Trust Exchange could enforce an automatic response, from restricting access to blocking communication.
Zero Trust for a company full of non-human identities
The acquisition aligns with the evolution of the cybersecurity market toward models more focused on identities, data, and information flows. For years, many strategies have been built around the perimeter, endpoints, or applications. While this approach has not disappeared, its effectiveness diminishes when companies work with distributed services, automation, APIs, internal bots, and AI agents operating at multiple layers simultaneously.
Jay Chaudhry, CEO and Chairman of Zscaler, argues that the traditional user and directory-based access model cannot scale to environments with millions of AI agents. His thesis is that companies will need to understand relationships between identities, applications, and data sources to implement security policies that are effective in the AI era.
Symmetry Systems shares this view. CEO Mohit Tiwari states that identities and data are becoming the new control plane for enterprise security because AI reduces reliance on traditional boundaries between applications, endpoints, and networks. Symmetry Systems presents its platform as a data and AI security solution capable of discovering, classifying, protecting, and monitoring sensitive information across public clouds, SaaS applications, on-premises repositories, legacy systems, and isolated environments.
This aspect is especially relevant for regulated sectors. Not all organizations operate exclusively in the public cloud or SaaS. Banking, defense, healthcare, industry, and government agencies often maintain local systems, legacy environments, or segregated infrastructures for security and compliance reasons. SiliconANGLE also notes that Symmetry Systems’ technology supports on-premises infrastructure and air-gapped systems, as well as classifying datasets by sensitivity and monitoring for anomalous access patterns.
Why this acquisition matters beyond Zscaler
The deal reflects a broader trend in the industry. Cybersecurity vendors are adapting their platforms to a landscape where protecting human users and known applications is no longer enough. Now, governance must extend to agents, models, prompts, connectors, internal tools, APIs, and sensitive data moving between multiple systems in seconds.
For security teams, the challenge is not just blocking AI use. Many business areas already leverage AI for customer support, document analysis, programming, commercial automation, or internal operations. The key question is how to deploy these systems without creating an opaque layer of automation with excessive permissions.
This is where the principle of least privilege for AI agents comes into play. It’s not only about stating whether an agent can or cannot access a database but understanding what permissions it genuinely needs, which permissions it has used, how often, on behalf of whom, and on what type of information. Such visibility also aids in audits, forensic investigations, compliance, and assessing the scope of exposure if an identity or agent is compromised.
Zscaler has already reinforced its approach to AI security with capabilities for discovery, runtime controls, and application governance. With Symmetry Systems, the company seeks to add a layer of insight into the relationships between identities and data. It’s a less conspicuous component than a corporate chatbot but can be much more critical when a company needs to demonstrate understanding of what’s happening within its environment.
The acquisition also confirms that AI security will not be an isolated category. It will merge with Zero Trust, identity, data protection, cloud security, compliance, and incident response. Organizations deploying autonomous agents without inventory, traceability, or clear policies risk creating systems that act swiftly but whose activities are misunderstood until something goes wrong.
Frequently Asked Questions
What exactly has Zscaler acquired?
Zscaler has announced its intention to acquire Symmetry Systems, a company specializing in identity mapping, data access security, and AI environment security.
What is an access graph?
It is a representation of how identities, applications, and data connect within an organization. It helps visualize who accesses what information, what permissions are used, and how data moves across systems.
Why do AI agents complicate enterprise security?
Because they can operate autonomously, use temporary identities, inherit permissions, and communicate across multiple applications and data sources without direct human intervention at every step.
Are the financial details of the deal known?
No, Zscaler has not disclosed the financial terms of the acquisition and has indicated that the deal is subject to standard closing conditions.
via: zscaler