Zscaler Zenith Live 2026, Vienna: A wrap up on the key announcements and why they matter for our partners.
Securing agentic AI took center stage
The headline in Vienna was Zscaler's Zero Trust AI Security solution, built on three new innovations that map to discovery, enforcement and protection:
- AI Access Graph, maps how identities, agents and data connect across the enterprise, powered by the Symmetry Systems acquisition.
- AI Broker, secures agent communications over MCP and agent-to-agent (A2A) protocols, with an integrated agent registry.
- AI Endpoint Security catches AI threats where work happens: browsers, plugins, AI IDEs and local models.
The narrative for presales is sharp: AI agents are becoming the new weakest link, multiplying attack surface through agent sprawl, non-human identities, fine-grained authorization gaps and intent-based threats. This extends the Zero Trust platform to a new pillar, Zero Trust AI Agents alongside the existing AI Protect capabilities (asset management, secure AI access, and app/infrastructure security).
The EMEA angle: digital sovereignty
Vienna leaned hard into Europe. Zscaler framed rising sovereignty demands around an evolving transatlantic relationship, the EU's push for competitiveness and simplification, a shifting threat landscape, and digital sovereignty itself.
Its answer is a committed 5-C approach
- Choice (no vendor lock-in)
- Control (verified data residency)
- Continuity (resilience during disruption)
- Collaboration (trusted local partnerships)
- Compliance (regulatory compliance by default)
- underpinned by a dedicated European Cloud of 25+ data centers that ensures data sovereignty and GDPR/DORA compliance.
Zero Trust SASE modernization: the browser as the new on-ramp
Beyond agentic AI, Zscaler pushed its Zero Trust SASE platform forward and the standout for partners is the Zero Trust Browser. Delivered as a cross-browser extension or a full enterprise browser (built on the SquareX acquisition), it brings Zero Trust controls, localized data protection and Browser Detection & Response (BDR) to any device, managed or not.
Compelling cost-takeout pitch angle to this: replace expensive VDI and VPN setups for unmanaged and BYOD scenarios, contractors, third parties, M&A, with a browser that becomes a unified on-ramp to the Zero Trust Exchange. It ties directly into the core ZIA/ZPA/ZDX stack our partners already sell, so it lands as an expansion motion in existing accounts rather than a net-new platform.
Post-quantum cryptography
A topic that each years gains relevance at Zenith, Zscaler now performs real-time inline inspection of PQC traffic using the NIST-standardized ML-KEM (FIPS 203) hybrid key exchange, with PQC visibility and reporting in the admin portal. This is concrete proof Zscaler is ahead of the curve: it defends against "harvest now, decrypt later" attacks, helps customers meet emerging government PQC mandates, and shows which clients and servers are already quantum-ready, a strong differentiator for forward-looking and regulated accounts.
Agentic SOC: a managed-services opportunity
Zscaler also detailed its approach to agentic security operations, built on the Red Canary acquisition and the Data Fabric for Security. The model is a closed loop: connect your data, detect active threats, apply agents, and drive closed-loop remediation, automating investigation and response that previously consumed analyst hours.
For Westcon partners, this is arguably the highest-margin, stickiest play in the portfolio. The agentic SOC is explicitly designed to let partners offer managed SOC / MSSP services on top of Zscaler, pairing well with existing managed-service programs and giving resellers a recurring-revenue motion into the mid-market, not just one-off product sales.
Advice for our partners
Lead with AI and Data-readiness and governance leveraging the Westcon DSPMs and EASM assessments based on Zscaler technology to scope customer's AI attack surface, a consultative way to build pipeline today. Then position the strongest near-term plays: the Zero Trust Browser for BYOD, contractor and VDI-replacement scenarios; the sovereign European Cloud story for regulated accounts; and the agentic SecOps stack for recurring revenue and managed SOC services.
Make Zscaler's zero-day protection strategy central to every conversation: if you're reachable, you're breachable. With frontier AI finding exploits at machine speed, patching can't keep up but apps placed behind the Zero Trust Exchange have no public IP, ports or discoverable surface, so even a known CVE can't be reached. Zscaler's Project Glasswing work (using Anthropic's Mythos model to harden its own platform) is strong proof of this.
Final takeaway
Zenith Live 2026 made clear where Zscaler is heading, extending Zero Trust from users, branches and clouds to a new frontier of AI agents. For partners, the throughline is consistent: secure how customers adopt AI, modernize access through the browser, build recurring revenue on managed SecOps, and anchor every conversation in an architecture that removes the attack surface entirely