Strategic Expansion of Zero‑Trust Capabilities Through Browser‑Centric Security

Zscaler Inc., the San Jose‑based cloud‑security company, has announced the acquisition of SquareX, a browser‑security specialist that protects users on Chrome and Edge without employing traditional VPN technology. The deal, completed in the second quarter of 2026, expands Zscaler’s zero‑trust portfolio into the browser layer, enabling native threat protection for unmanaged devices and reducing the attack surface for enterprises that rely on web‑based applications.

Technical Rationale for the SquareX Acquisition

  • Browser as a New Attack Surface – With the rise of SaaS, the web browser has become the primary entry point for data exfiltration, phishing, and drive‑by malware. SquareX’s solution intercepts traffic at the browser level, enforcing policy without the latency overhead of a full‑stack VPN.
  • Zero‑Trust Alignment – The acquired technology allows Zscaler to deliver “Zero‑Trust Browser” (ZT‑Browser) that authenticates every request and evaluates risk in real time, consistent with the company’s broader Zero‑Trust Architecture (ZTA) framework.
  • Operational Simplicity – By eliminating the need for remote‑access software on endpoints, Zscaler can reduce IT overhead, simplify compliance audits, and accelerate rollout for unmanaged devices such as BYOD laptops and IoT gateways.
Metric20252026 (Projected)
Global spending on zero‑trust solutions$10.2 bn$13.4 bn (+32 %)
Share of browser‑centric security vendors7 %12 %
Enterprise AI adoption (top 10 markets)45 % of IT budgets60 % by 2028

The global zero‑trust market is expected to grow at a CAGR of 18 % through 2030, driven by regulatory pressures (e.g., GDPR, CCPA) and the shift toward remote work. Browser‑centric security, while still a niche segment, is projected to capture a growing share of the market as organizations move beyond VPNs to lightweight, policy‑based controls.

ThreatLabz 2026 AI Security Report Highlights

Zscaler’s ThreatLabz team released an AI‑focused security report in March 2026, emphasizing the heightened risk of data leakage as enterprises adopt generative AI and machine‑learning (ML) tools. Key findings include:

  • India Leads AI Adoption – India ranks second globally in enterprise AI usage, with 58 % of firms deploying generative AI for product development, customer support, and internal analytics. Only the United States exceeds India in adoption rates.
  • Data Leakage Incidence – The report documents a 27 % increase in AI‑related data leakage incidents compared to 2025, primarily due to inadvertent exposure of proprietary datasets via ML model outputs.
  • Risk Mitigation Gap – 72 % of surveyed organizations reported insufficient AI‑specific controls, such as model access monitoring and data‑sanitization pipelines.

Actionable Insights for IT Decision‑Makers

  1. Integrate Browser‑Centric Zero‑Trust – Evaluate the ZT‑Browser solution from SquareX for compatibility with existing Zscaler Edge and Cloud Access Security Broker (CASB) offerings. This can reduce exposure from untrusted devices and simplify compliance reporting.
  2. Implement AI‑Specific Controls – Deploy AI‑centric monitoring to track data flows in ML pipelines, enforce least‑privilege access to training datasets, and embed data‑sanitization steps before model deployment.
  3. Assess Vendor Risk – Conduct a vendor risk assessment for AI tools, focusing on data residency, model explainability, and third‑party dependencies that may introduce new attack vectors.
  4. Leverage ThreatLabz Intelligence – Incorporate ThreatLabz threat intelligence feeds into the security operations center (SOC) to detect anomalous AI‑related behaviors, such as unusual model inference traffic or data extraction patterns.

Expert Perspectives

Dr. Maya Patel, Chief Security Officer at SecureAI Labs “Browser‑centric zero‑trust is the logical next step in the evolution of endpoint security. By pushing policy enforcement directly into the browser, we eliminate a major vector that traditional VPNs often miss.”

Rajiv Menon, Head of AI Strategy at Infosys “The report’s findings are a wake‑up call. Our AI initiatives must be paired with robust data governance; otherwise, the very tools that drive innovation become liability.”

Conclusion

Zscaler’s acquisition of SquareX and the release of the ThreatLabz 2026 AI Security Report underscore a strategic pivot toward addressing the most immediate and evolving cyber‑risk vectors: the web browser and AI‑driven operations. By integrating browser‑centric zero‑trust controls and fortifying AI governance, enterprises can protect unmanaged devices and sensitive data without compromising agility or innovation.