Zscaler has announced plans to acquire Symmetry Systems, a move aimed at giving enterprises better visibility into how AI agents, service accounts, and other non-human identities access applications and data. The proposed acquisition would add Symmetry’s access graph technology to Zscaler’s Zero Trust Exchange platform, giving Zscaler a way to connect access mapping with policy enforcement.
The deal comes as enterprises are beginning to deploy AI agents that can operate across systems, invoke tools, and interact with sensitive data with varying levels of human oversight. Those workflows are putting pressure on traditional identity and access management systems, which were largely designed around human users, stable accounts, and role-based permissions.
IAM tools can show which users or groups have been granted access to systems. But AI agents may operate through inherited permissions, temporary credentials, or chains of machine-to-machine communication that are harder to interpret using conventional controls.
"The core issue facing enterprises today isn't a lack of security configuration; it's that we are trying to force human-centric identity and data security models onto an explosion of autonomous AI agents,” said Dhawal Sharma, Executive Vice President & Head of Product Strategy at Zscaler. “Legacy architectures simply weren't built for machine-scale problems.”
Symmetry’s technology is designed to address that gap by building an access graph — a map of which identities are accessing which data, through which systems, and under what conditions. Zscaler says that graph can help security teams compare granted permissions with actual use, identify overprivileged accounts, and detect unexpected behavior.
From Visibility to Enforcement
Zscaler says the access graph will feed into its Zero Trust Exchange, where that visibility can be used to enforce policy rather than simply document risk. In theory, that could give customers a more dynamic way to limit exposure, analyze blast radius, and trigger automated responses when agent or identity behavior appears risky.
But the approach also depends on execution. Enterprises often run fragmented environments with identity data, cloud permissions, application logs, and security telemetry spread across multiple platforms. Integrating Symmetry’s access graph into those environments — and making it useful at scale — may prove as important as the technology itself.
Why Project AI-Guardian Matters
Zscaler is positioning the acquisition as part of a broader push into AI security. Alongside the deal, the company introduced Project AI-Guardian, a partner-led initiative involving global systems integrators including EY, Cognizant, Infosys, TCS, Wipro, and HCLTech.
The program is intended to help enterprises assess and manage risks tied to AI deployments, reflecting a practical challenge for security teams: AI governance is not simply a product deployment problem, but a process that requires risk assessment, policy definition, agent monitoring, and coordination among security, IT, legal, and compliance teams.
That is where systems integrators could become central to Zscaler’s strategy. Many large enterprises are already relying on consulting firms to implement AI programs. By bringing those partners into its AI security push, Zscaler is signaling that governance will require operational support as much as new tooling.
The Bigger Question for Enterprise Security
For security leaders, the deal points to a larger architectural question: whether existing IAM, SIEM, and data-security tools can be extended to cover AI agents, or whether enterprises will need purpose-built governance layers for non-human identities.
The answer is not yet clear. The Zscaler-Symmetry deal shows how one major security vendor is trying to define the problem and its solution. Whether enterprises can turn that model into practical, scalable controls will determine how much the acquisition changes AI security in practice.
