Zscaler’s Strategic Pivot (2025–2026): Seeking to Secure the Logic Layer in the MDR 3.0 and Agentic AI Era

For over a decade, Zscaler was defined by one foundational idea: eliminate implicit trust from the network. Its Zero Trust Exchange became the architectural blueprint for cloud-era security, shifting enforcement away from firewalls and onto identity, device posture, and application context.

But between 2025 and 2026, Zscaler embarked on a consequential shift. It stopped simply securing access to applications and began moving toward securing the systems making decisions inside them.

Through three acquisition moves—Red Canary, SplxAI, and SquareX—Zscaler has signaled a strategic evolution from a network-centric Zero Trust provider into a platform attempting to secure what might be called the logic layer: the behavioral, operational, and increasingly autonomous layer where humans and AI agents interact, reason, and act.

These moves align with two parallel transformations occurring across enterprise security: the transition toward MDR 3.0 and the emergence of Agentic AI as both a force multiplier and a new attack surface.

The critical question, however, is not whether this shift is strategically logical. It is whether it is executable—and whether controlling access can naturally extend into controlling behavior, reasoning, and autonomous action.

These acquisitions suggest Zscaler is positioning itself not just to enforce Zero Trust, but to participate in—and potentially secure—autonomous trust. Whether this becomes a durable competitive advantage remains to be seen.

Move 1: From Prevention to MDR 3.0

Red Canary and the Attempt to Move Up the Detection Stack

Zscaler’s acquisition of Red Canary in 2025 marked its most visible expansion beyond prevention and into full lifecycle security operations. Historically, Zscaler’s role ended at access control and threat prevention. Detection and response remained the domain of endpoint vendors, SIEM platforms, and managed service providers.

Red Canary changes that boundary and places Zscaler squarely into one of the most crowded and consolidating segments of cybersecurity.

But an important nuance is that Red Canary does not provide its own endpoint detection and response (EDR) agent. Instead, it operates as an aggregation and operational layer, integrating telemetry from third-party EDR, identity, cloud, and SaaS platforms—including many of Zscaler’s direct competitors.

At first glance, this might appear to be a limitation. But in the context of MDR 3.0, it may actually be the point.

Red Canary fits MDR 3.0 precisely because MDR 3.0 is less about owning the telemetry source and more about:

• Correlating telemetry across identity, network, endpoint, SaaS, and cloud layers

• Interpreting behavior across those layers rather than within any single one

• Understanding business risk context—not just technical compromise indicators

• Driving response actions across tools, systems, and workflows

Earlier MDR models, MDR 1.0 and MDR 2.0, were closely tied to endpoint telemetry dominance. The underlying assumption was that the endpoint or infrastructure agent provided the most complete and authoritative view of attacker behavior.

But enterprise architecture has shifted. Critical workflows now occur across SaaS applications, identity systems, APIs, and browser sessions, often without traditional endpoint visibility. In parallel, AI agents are beginning to interact with enterprise systems independently of endpoints altogether.

As a result, MDR 3.0 focuses less on owning the telemetry source and more on owning the correlation and decision layer—the layer that interprets signals across fragmented systems and translates them into operational decisions.

From this perspective, Red Canary provides Zscaler with something arguably more valuable than telemetry: the operational capability to interpret and act on signals across heterogeneous environments.

This aligns naturally with Zscaler’s own architectural position. Zscaler already observes identity and traffic behavior inline. Red Canary adds the ability to operationalize and respond to those signals in coordination with endpoint, identity, and cloud platforms.

The strategic bet then implicit in this acquisition is that the long-term control point in security will not be the telemetry sensor itself, but the system that interprets and acts on telemetry across all sensors.

Whether that layer can remain independent—or will ultimately collapse back into vertically integrated platform vendors—remains an open question.

The Gist: Detection Is Moving Closer to the Decision Layer But That Layer Is Fragmented

The integration of detection into Zscaler’s inline enforcement fabric reflects a broader shift in security operations.

Security is no longer about collecting more telemetry. It is about understanding behavior at the point where decisions are made.

This becomes especially important as enterprise environments become more fragmented. Users operate from unmanaged devices. Applications reside in SaaS environments. AI agents interact with enterprise systems autonomously. And, the traditional endpoint is no longer the primary source of truth.

Instead, the interaction layer—where identity, application, and data intersect—becomes the most reliable observation point.

Zscaler’s architecture gives it a natural vantage point here. It can observe activity regardless of endpoint ownership, device management status, or infrastructure location.

But whether this vantage point is sufficient to fully rival endpoint-native detection platforms remains uncertain. Infrastructure telemetry still provides system-level context that access-layer visibility alone may not capture.

Zscaler is betting that instead of telemetry ownership, correlation and interpretation will ultimately define MDR platform leadership. That bet is directionally sound, but its defensibility is still unfolding.

Move 2: Agentic AI Requires Securing Reasoning, Not Just Access

SplxAI and the Attempt to Secure Autonomous Actors

While Red Canary enables behavioral detection, SplxAI addresses a new and rapidly expanding risk surface: AI agents themselves.

The emergence of Agentic AI represents a structural shift in enterprise computing. AI systems are no longer passive tools responding to user input. They are becoming operational actors capable of initiating actions, accessing data, and executing workflows autonomously.

This introduces a fundamentally new security challenge. Traditional security models assume actions originate from human users. AI agents blur that distinction. They operate with legitimate credentials, access authorized systems, and perform approved tasks. Yet their reasoning can be manipulated.

Prompt injection, data poisoning, and reasoning manipulation attacks do not exploit infrastructure vulnerabilities. They exploit logic vulnerabilities.

SplxAI enables Zscaler to monitor and potentially secure these reasoning processes. This moves security beyond protecting infrastructure into monitoring decision-making itself.

But this also introduces an execution challenge. AI reasoning is probabilistic, opaque, and highly contextual. Securing it reliably, without disrupting legitimate workflows, is still an unsolved technical problem across the industry.

The Gist: Agentic AI Is Both Security Multiplier and Security Risk

Agentic AI is already transforming security operations. AI agents are increasingly used to triage alerts, investigate anomalies, and automate response workflows. This is a foundational component of the move from MDR 2.0 to MDR 3.0.

Security operations can no longer scale through human analysts alone. AI agents must augment detection, investigation, and response. But this introduces a paradox. The same AI agents that improve detection efficiency also become potential targets themselves. If an attacker can manipulate an AI agent’s reasoning, they can influence security decisions.

SplxAI represents an early attempt to address this risk by working to secure these agents as operational entities. This will become essential as AI transitions from assistant to autonomous participant.

SplxAI positions Zscaler alongside vendors investing heavily in AI security, including Palo Alto Networks and Microsoft. But Zscaler’s advantage may lie in the integration because Zscaler already controls access and traffic flows. With this acquisition the goal is to enforce security policies across both human users and AI agents within a unified control fabric, which may, if done well, create a platform capable of securing both the actors and the decisions they make.

Whether defenders can secure autonomous systems as quickly as attackers learn to manipulate them remains a critical open question.

Move 3: The Browser Becomes the Operational Surface for Humans and Agents

SquareX and Enforcement at the Interaction Layer SquareX and the Re-Emergence of the Browser as a Control Point

Zscaler’s acquisition of SquareX in 2026 reflects another structural shift: the browser is becoming the primary execution environment for enterprise work. Yes, applications run in SaaS platforms, and Richmond Advisory Group contends that SaaS is still a relevant entity. However, AI agents operate through browser interfaces. Data access, manipulation, and decision-making increasingly occur within browser sessions making the browser an attractive target for attackers and serving as a relevant environment to monitor and defend. Concurrently, the traditional endpoint operating system is becoming less relevant as a security control point.

SquareX allows Zscaler to enforce policy and observe behavior directly within the browser itself. This positions the browser as both an enforcement point and telemetry source, which is particularly relevant as AI agents interact with enterprise systems through browser-driven workflows. Securing the browser allows Zscaler to monitor these interactions at the exact point where actions originate.

But endpoint vendors and browser providers themselves are also expanding native visibility and enforcement capabilities.

Whether browser-layer security becomes an independent control plane, or remains subordinate to endpoint and identity platforms, is still unresolved.

It seems Zscaler is betting that the browser will become a primary enforcement surface.

That outcome appears increasingly plausible—but far from guaranteed.

The Gist: Zscaler Is Expanding Up the Stack But So Are Competitors

Taken together, these acquisitions form a coherent strategic direction.

Zscaler is building a platform intended to:

• Observe behavior continuously (Red Canary)

• Secure AI reasoning processes (SplxAI)

• Enforce policy at the interaction layer (SquareX)

This aligns closely with MDR 3.0, where detection, response, and prevention operate continuously across behavioral and decision layers. But Zscaler is not alone in pursuing this architecture.

CrowdStrike is extending upward from the endpoint. Microsoft is extending outward from identity and operating systems. Palo Alto Networks is extending from network enforcement into behavioral and AI-driven SecOps.

Each vendor is expanding toward the same logical destination: control of the decision layer.

Zscaler’s architectural starting point in access control gives it a credible path forward, but it is not the only viable path.

The Open Question: Can Zscaler Own the Logic Layer Without Owning the Telemetry Layer?

Zscaler’s acquisitions in 2025 and 2026 represent a clear attempt to move upward in the security stack from controlling access to influencing detection, reasoning, and autonomous action. But this strategy introduces structural dependencies.

Because Red Canary relies heavily on integrations with third-party telemetry providers, including endpoint, identity, and cloud vendors that compete directly with Zscaler, the long-term viability of this model depends on continued ecosystem cooperation.

Competitors such as Microsoft, CrowdStrike, and Palo Alto Networks are increasingly pursuing vertically integrated platform strategies. Each has strong incentives to keep detection, response, and telemetry correlation within their own ecosystems.

If those vendors begin restricting integration depth, limiting telemetry access, or steering customers toward native detection and response offerings, Red Canary’s, and by extension Zscaler’s, visibility could erode over time.

Equally important is the customer dimension.

Many Red Canary customers today rely on it as an independent, vendor-agnostic detection and response provider. Following the acquisition, some customers may question whether that neutrality persists—particularly if they are using endpoint, identity, or cloud platforms that compete directly with Zscaler.

This introduces a real risk of customer attrition not because Red Canary’s technical capabilities diminish, but because its perceived independence may.

In effect, Zscaler’s move into MDR 3.0 strengthens its position in the logic layer but also increases its dependence on telemetry sources and ecosystem relationships it does not control.

The defining security question may no longer be who owns the endpoint, the network, or even the identity system. It may be who owns the interpretation layer—the system that translates signals into decisions.

Zscaler is betting that layer can remain independent.

Whether competitors and customers allow it to remain so will ultimately determine how successful that bet becomes.

The Future of Security Lies in Controlling Autonomous Trust

Zscaler’s acquisitions in 2025 and 2026 represent a strategic move in this direction

Security is no longer defined solely by preventing access or detecting malware. Rather, it is defined by understanding behavior, both human and machine alike. As AI agents become operational participants in enterprise workflows, security platforms must monitor and secure decision-making itself.

Zscaler’s expansion into detection, AI security, and browser enforcement reflects a recognition that the logic layer is becoming a necessary control surface. The defining security question is no longer who controls infrastructure. It is who secures autonomous action. Through Red Canary, SplxAI, and SquareX, Zscaler is positioning itself to answer that question.