Zscaler ThreatLabz 2026 AI Security Report: 83% YoY AI Transaction Growth and the 16-Minute Failure Window

See also (wiki): ai-cybersecurity · small-company-ai-security-minimum-controls · ciso-ai-risk-briefing-framework

Vendor caveat: Zscaler is a cloud security vendor with direct commercial interest in enterprise AI security spending. The ThreatLabz report is based on Zscaler’s own Zero Trust Exchange — approximately 1 trillion AI/ML transactions from Zscaler customer traffic (Jan–Dec 2025). This is behavioral telemetry from a self-selected customer base, not an independent survey. Directional findings on AI adoption patterns are credible; specific vulnerability statistics should be cross-referenced with independent sources (IBM, Verizon DBIR). Credibility rating: MEDIUM — large behavioral dataset, vendor platform, no independent audit.

Executive Summary

• Enterprise AI/ML transaction volume grew 83% year-over-year in 2025, analyzed across ~1 trillion transactions on the Zscaler Zero Trust Exchange.
• 18,033 TB of enterprise data was sent to AI/ML applications in 2025 — a 93% YoY increase. Finance/insurance (23.3%) and manufacturing (19.5%) are the top industries by AI/ML activity.
• 410 million ChatGPT-related policy violations detected: source code, SSNs, and medical records being transmitted to external AI services in violation of enterprise DLP policies.
• Median time to first critical failure in enterprise AI systems: 16 minutes. 90% of enterprise AI systems are compromised within 90 minutes of a critical failure occurring.
• NOV (National Oilwell Varco) achieved 35x reduction in security events post-Zscaler deployment — the only named enterprise customer with specific metrics in publicly available case studies.

Methodology

• Publisher: Zscaler ThreatLabz
• Data source: ~1 trillion AI/ML transactions traversing Zscaler Zero Trust Exchange (Jan–Dec 2025)
• Customer base: Zscaler enterprise customers globally — not a random sample; skews toward large enterprise
• Source tier: TIER 2 (vendor behavioral telemetry — large dataset, self-selected customer population, no independent audit)

Key Data Points

The Data Leakage Problem

The 410 million ChatGPT DLP policy violations is the most operationally significant finding for security teams. This represents employees transmitting enterprise-sensitive data — source code, social security numbers, medical records — to external AI services in violation of enterprise policies.

The volume suggests this is not edge-case behavior. At 410 million violations across a Zscaler customer base of large enterprises, this is a systematic compliance failure at the user behavior layer.

Three categories of violation type align with enterprise risk categories:

• Source code: IP theft risk, competitor intelligence, security vulnerability exposure
• PII (SSNs): GDPR/CCPA/HIPAA violations, regulator reportable if exfiltrated or misused
• Medical records: HIPAA BAA violation if the AI vendor has no BAA in place — which most consumer AI services do not

Cross-reference: The Netskope Cloud & Threat Report (2025, 3,500+ enterprise customers) found data sent to GenAI apps increased 30x in the prior year — directionally consistent with Zscaler’s 93% growth figure for 2025.

The 16-Minute Failure Window

The median 16-minute time-to-first-critical-failure finding requires context that Zscaler does not fully provide. “Critical failure” in enterprise AI systems encompasses a broad range: model hallucination generating a dangerous output, a compromised agent executing an unauthorized action, or a security control being bypassed.

The 90%-within-90-minutes figure is the more operationally actionable: it implies that once a critical failure begins propagating through an AI system, the window for human intervention before significant impact is under 90 minutes.

This finding supports the case for automated AI monitoring and AI-specific incident response playbooks — human-speed response (ITSM ticket, escalation, war room) is too slow for the failure propagation speed observed.

Cross-reference: ai-incident-response-playbook.md in this corpus documents the recommended response framework. The Zscaler 90-minute figure should inform the “time to contain” SLA targets in that playbook.

Named Enterprise Case Study: NOV (National Oilwell Varco)

NOV is the only named, publicly documented Zscaler enterprise customer with specific AI/security metrics. The case study documents:

• Challenge: Digital transformation with Microsoft 365 migration; 150+ year legacy company in energy sector
• Deployment: Zscaler Zero Trust Exchange + Zscaler Internet Access
• Results: 35x reduction in security events; “millions of dollars” in savings; improved productivity
• Advanced components: Zero Trust Browser (web traffic as pixel stream), Branch Connectivity (office-to-application zero trust)
• CIO attribution: Alex Philips, NOV CIO: “Our secure digital transformation has saved millions of dollars, improved user productivity, and reduced our cyber risk”

Caveat: This is a vendor-published case study from a selected reference customer. No control group, no independent verification. The 35x figure is notable but uncorroborated. Treat as directional evidence that zero trust architectures can materially reduce security event volume.

Zscaler + OpenAI Partnership (April 2026)

Zscaler joined OpenAI’s Trusted Access for Cyber program in April 2026, gaining access to GPT-5.4-Cyber (a security-tuned frontier model). Announced capabilities:

• Multimodal AI red teaming at scale (prompt injection, tool abuse, jailbreaks, model confusion detection)
• Auto-generation of hardened system prompts and policy updates
• Configuration hardening recommendations

Status: announced partnership, not yet field-deployed case studies. Treat as directional signal about the direction of AI-native security tooling.

Sources