The Invisible Layer Protecting the World's Biggest Companies
By Maksym Misichenko · Nasdaq ·
By Maksym Misichenko · Nasdaq ·
What AI agents think about this news
Despite potential risks from AI-driven network automation and edge computing, Zscaler's 'Zero Trust Exchange' is seen as well-positioned due to its data moat, structural lock-in, and expansion into AI partnerships and SecOps. However, execution risks, competition, and the need for relevance in a rapidly evolving landscape are significant concerns.
Risk: Obsolescence of Zscaler's architecture due to AI-driven network automation and edge computing, as well as execution risks in integrating Red Canary and migrating legacy customers.
Opportunity: Expansion into AI partnerships and SecOps, leveraging Zscaler's data moat and structural lock-in to drive aggressive growth.
This analysis is generated by the StockScreener pipeline — four leading LLMs (Claude, GPT, Gemini, Grok) receive identical prompts with built-in anti-hallucination guards. Read methodology →
In this episode of Motley Fool Hidden Gems Investing, Motley Fool analyst Jason Moser talks with Zscaler CFO Kevin Rubin about zero-trust security, the agentic AI threat landscape, and why the cybersecurity build-out may be one of the most durable investment themes of the next decade.
To catch full episodes of all The Motley Fool's free podcasts, check out our podcast center. When you're ready to invest, check out this top 10 list of stocks to buy.
Will AI create the world's first trillionaire? Our team just released a report on the one little-known company, called an "Indispensable Monopoly" providing the critical technology Nvidia and Intel both need. Continue »
A full transcript is below.
When our analyst team has a stock tip, it can pay to listen. After all, Stock Advisor’s total average return is 935%* — a market-crushing outperformance compared to 207% for the S&P 500.
They just revealed what they believe are the 10 best stocks for investors to buy right now, available when you join Stock Advisor.
**Stock Advisor returns as of June 14, 2026. *
This podcast was recorded on June 7, 2026.
Kevin Rubin: There's no going back, if you will. I mean, as an industry, agentic is going to be as disruptive as, any of the tech waves have been in the past, whether it was mobile, Internet, etc. This is just the next frontier of how businesses will need to compete.
Jason Moser: That was Zscaler CFO Kevin Rubin on the future of AI security. I'm Motley Fool analyst Jason Moser. I sat down with Kevin to talk about how Zscaler’s protecting the world's largest organizations from an exploding wave of cyber threats and why the rise of agentic AI could be the biggest opportunity the company has ever seen. Enjoy.
Welcome to Motley Fool Conversations. I’m Jason Moser. Today, I'm excited to welcome the CFO of Zscaler, Mr. Kevin Rubin. Now, prior to Zscaler, Kevin was the CFO at BetterUp. Prior to that, he served as the CFO of Alteryx, a company that Motley Fool members are likely familiar with. Today, we're diving into the business of cybersecurity and Zscaler's role in this crucial market. Kevin, welcome to the show.
Kevin Rubin: Thanks, Jason. Appreciate you guys having us on.
Jason Moser: Well, really happy to have you here. And I guess the first thing I want to get into here because when we talk about cybersecurity, most of us, whether we're investors or not, we know that cybersecurity is necessary, but we don't exactly understand what it ultimately. There's so many different ways to view it. First things first, we said at the top, Zscaler is a cybersecurity company, but what is it that ZScaler actually does?
Kevin Rubin: Thanks for the question. It really comes down to two fundamental things in my mind. No. 1 is preventing bad actors from getting into your corporate network and being able to access sensitive information or breaching your environment. No. 2 is ensuring that sensitive data and corporate assets don't escape out of your corporate network. Those are the fundamental things that we seek to solve.
Jason Moser: I can tell you just from my day-to-day, we use Zscaler all the time here at The Motley Fool, and I appreciate that you're looking out for us. We hear a lot about zero trust. That's a word that we hear a lot in the cybersecurity market. Zscaler really pioneered a zero-trust model years ago, before it became mainstream. But now it seems like everybody claims to offer zero trust. I guess I'm wondering, like, can you talk a little bit about what separates genuine zero trust from what other people call zero trust? I've heard it called zero-trust washing before. Like, is there a unique property or quality to Zscaler or zero-trust dynamic?
Kevin Rubin: Zero trust is a set of principles that simply mean provide the least amount of access only for the necessary particular use for either an individual, a workload, or a device that sits within the corporate environment. The concept is you should not give access to anything and everything because somebody wants to access a single application. The principles are clear: give the least necessary access for what it is that somebody or something is trying to accomplish with that particular request. We architected Zscaler specifically with those principles in mind. The way that we approach zero trust and cybersecurity is through our zero-trust exchange. We don't believe, in today's environment, that companies need to build out large, complicated corporate networks. That was something that happened, you know, 30 or 40 years ago, when the Internet didn't exist, and stable ability to drive traffic didn't exist. But today, those are as common as driving on the interstate. If you go back probably 100 years, you had oil drillers who had to build private roads to be able to access their oil fields because general public roads didn't exist. Today, you don't see organizations building basic infrastructure to be able to access certain assets. The same analogy would hold true as you think about corporate access to applications and other corporate sets of data.
Our approach is simple. You allow your users and other resources to access what they need. Only at the time that they need it, and you go through the zero-trust exchange. Think about it as a one-to-one set of connection. You want to access your email. By way of example, you request access to the email server. We authenticate you. We ensure that you're authorized to access that. We allow you to get your email, and then that session terminates when you're done using email. The next time you come in, in the background, we'll go through that same process. In doing so, you don't have the ability to move laterally within the network. You have no reason or business to go to other applications if all you're doing is looking to serve email. The same would hold true if you're trying to go to your HRIS system or you're trying to go to your CRM system. Access what you need, be able to do the work that you need to do, but then get off the network and become invisible again.
That's how we've philosophically approached zero trust. If you are largely building corporate networks and providing network-based security architecture, your application of zero trust is likely through very complicated policy-driven zero trust principles, and our argument would be to your point about zero-trust washing, it's probably not effectively zero-trust, but you can brand it as zero-trust and go to market with that. We are actually living, breathing, and applying the principles in how we’ve architected our zero-trust exchange and our cybersecurity service.
Jason Moser: Well, I'm going to get into some numbers here as the CFO. I think you like that, but you've set a target of $5 billion and beyond in annual recurring revenue here over the next several years. You're guiding for $3.75 billion in revenue this year. As an investor, that's an exciting growth prospect, but I wonder what are the drivers that will get you there?
Kevin Rubin: Thanks for the question. We have a series of growth levers that are available to us as we think about our path to $5 billion and more. First off, you know, we started with zero trust for users, so the ability to protect user communication traffic between users and applications. We then extended that to zero-trust cloud. Being able to provide the same zero trust principles to workload-to-workload communication. Think about that as an application, talking to an application. Then, more recently, we extended that to zero-trust branch, the idea that organizations have branch offices. You can think about a bank and having branches around the country. All of those branches need to ultimately connect into other systems and resources, and we don't think that they all need to connect to each other and form a mesh network, as is traditionally thought. But connect each individual device in a branch to only the application that it needs. If it's a door sensor to monitor access, have it connect to the application that monitors access. It doesn't need to connect to other applications, and it certainly doesn't need to connect to other branches, as is the case today. If one of those devices were to get breached in the traditional sense, it has the ability to infect your entire web network in the zero-trust branch situation. If one particular device gets breached, it's limited the attack surface to that particular device.
The other area of growth opportunity for us is data security. We have seen significant momentum in our ability to protect data. As a service, we sit in the path of traffic, and so we have an ability to inspect that traffic as it's going back and forth. We have an ability to apply policy. That's how we determine what is and isn't acceptable use. On top of that, now we can also provide data security. Looking at the data that is being transacted back and forth and what is and isn't acceptable to go in and out of the organization, as we talked about at the upfront of the conversation.
Then, lastly, AI. AI is a very significant tailwind for us from a couple of different dimensions. First is we're going to be extending zero trust for users, branch, and cloud into zero trust for agents. The ability to orchestrate from a cybersecurity perspective, the communication between an agent and another agent or an agent and an individual, as well as machine-to-machine communication, and ensure that the same principles of one-to-one communication lease permissioning is adhered to. We think that's a huge opportunity. You have today, we protect more than 50 million users, and tomorrow, that could be millions or billions of agents that are doing work on behalf of organizations. If one rogue agent got breached or hacked, imagine the damage that they could produce in an organization if it had the ability to move throughout that corporate network and have access to things that it never needed to. Again, applying those zero-trust principles to agents is something that is near and dear to us.
Lastly, we’ve all heard a lot about Mythos and these frontier models that have been introduced more recently, and just the proliferation of vulnerability identification. Palo Alto was identified just this week as having a vulnerability that had been unknown for years, that got exposed by one of these models. It just reinforces the fact that companies today have got a backlog of vulnerabilities that they need to patch, and that's just what's known on their plate today. These models are identifying vulnerabilities at a rate and a pace that is at machine pace. We're talking about volumes of vulnerabilities that we can't even solve the vulnerabilities that were already identified previously, and now we're just piling on significantly more vulnerabilities that were unknown for decades, and it's overwhelming IT organizations. They can't possibly keep pace in terms of their ability to patch and address these things.
Our solution is very simple. Hide your applications behind Zscaler Exchange. What you can't see, you can't breach. In our architectured approach to cybersecurity, you hide your applications, and you only provide access to what is needed at that time, and so your blast radius gets minimized to a single device.
Jason Moser: This is a great segue. I'm glad you got us into the AI conversation because that's really where I wanted to go next. One thing I noticed, in this recentearnings call you talked about joining the partnership with Anthropic via Project Glasswing. I think that's a really interesting concept. We're seeing tech companies of all walks joining into that consortium, so to speak. I wonder what opportunities does that partnership offer Zscaler?
Kevin Rubin: I think we're still uncovering all of the opportunities, to be candid. These are models that weren’t specifically developed initially to identify vulnerabilities, and yet they were doing so at machine speed and at a scale that nobody anticipated. We were an early partner with Anthropic in Glasswing. We’re an early partner with OpenAI on Daybreak, and it really does give us an opportunity to understand these models. We get to apply those models internally and understand how it would affect us. Then we get to learn and be able to apply those learnings to our customers and prospects so that we can provide the best cybersecurity for them and their environments. Being a participant has, obviously, been very important for us, and we have a great relationship with the frontier model companies.
Jason Moser: This is obviously a very competitive space. You've got incumbents out there that are building integrated security platforms and just really going all in. Zscaler is not the most acquisitive company in the world, but you recently made a fairly big acquisition in Red Cary. I wonder if you could just talk a little bit about why y'all did that what you think the challenges and the opportunities there are.
Kevin Rubin: One of the areas of opportunity that we've seen for a bit of time is the fact that we sit on an incredible amount of high-fidelity, rich security-oriented data. We process a half a trillion transactions a day through the zero trust exchange, orders of magnitude greater than even Google searches on a given day, to put a context to how much volume of traffic goes through our security cloud each and every day. We believe we have a unique position to provide our customers with an understanding and a perspective and a context around that data that is unique to us as a vendor. The rationale behind Red Canary was they had a decade-plus experience doing detection and response. They had taken that experience and established dozens of agents that were being able to scale that experience across a wide population of data. If we could pair that with our rich data set, that does provide a very unique set of information and insights to our customers. That was the ultimate approach and philosophy. Red Canary, after evaluating a variety of vendors in the space, surfaced as the right partner for us in being able to integrate their technology into what we will ultimately launch in the near term, which is our integrated secOps solution. The goal is to migrate legacy Red Canary customers into this new integrated solution, as well as offer it to existing customers, and we think it's a very differentiated opportunity to provide that insight.
Jason Moser: I want to go back to AI for just a second because I think one of the headlines that we're seeing a lot these days is companies starting to question the return on investment in regard to AI. Token usage is eating up budgets left and right. You're starting to question whether what's cheaper, the employee or the AI. It used to be that that was the argument was AI is going to make it cheaper, but now the employees are starting
Four leading AI models discuss this article
"The transition from protecting human users to securing billions of autonomous AI agents represents a fundamental expansion of Zscaler's total addressable market."
Zscaler (ZS) is positioning its 'Zero Trust Exchange' as the essential firewall for the agentic AI era. By abstracting the network and hiding applications, they solve the 'blast radius' problem inherent in machine-to-machine communication. The shift from protecting users to protecting autonomous agents creates a massive expansion in the addressable attack surface. With 500 billion daily transactions, Zscaler has the data moat required to train superior detection models. However, the pivot to SecOps via the Red Canary acquisition signals a shift toward a more crowded, competitive market. If they successfully integrate this into a unified platform, they justify their premium valuation; if not, they risk becoming a legacy 'pipe' provider.
Zscaler faces significant 'platformization' risk from incumbents like Palo Alto Networks, which offer integrated, end-to-end security stacks that may be more attractive to budget-constrained CISOs than a best-of-breed point solution.
"Zscaler has real secular tailwinds in zero-trust and AI-driven threats, but the article oversells agentic AI as a revenue driver and underplays competitive commoditization risk from larger, integrated platforms."
Zscaler (ZS) is positioning itself at the intersection of two powerful trends: zero-trust architecture adoption and AI-driven security threats. The $5B ARR target from ~$3.75B implies ~10% CAGR over several years—respectable but not explosive. The Red Canary acquisition adds detection/response capabilities to their inspection layer, addressing a real gap. However, the article conflates two separate tailwinds: agentic AI as a *threat* (requiring more security spend) versus agentic AI as a *customer* (billions of agents needing zero-trust). The second is speculative. More concerning: Zscaler's moat depends on sitting in the traffic path, but cloud-native architectures and edge computing erode that positioning. The Anthropic/OpenAI partnerships are defensive—understanding vulnerability discovery before it becomes a liability.
If enterprises successfully patch vulnerabilities faster than frontier models discover them, or if AI-driven security becomes commoditized across Palo Alto, Microsoft, and Cloudflare, Zscaler's 'unique data advantage' evaporates. The $5B target also assumes zero-trust adoption accelerates beyond current trajectory—but adoption curves flatten.
"Zscaler's agentic AI opportunity hinges on unproven execution scaling zero-trust to millions of agents before commoditization erodes pricing power."
Zscaler's push into zero-trust for agents, data security, and branch workloads aims to drive ARR past $5B from the current $3.75B guide, leveraging its half-trillion daily transactions for differentiated secOps via the Red Canary acquisition. Yet the transcript glosses over execution risk in migrating legacy customers and scaling agentic protections before competitors embed similar controls. Palo Alto's recent vulnerability exposure highlights how even established players face rapid threat evolution, but ZS's 'hide behind the exchange' approach may not scale if frontier models accelerate vulnerability discovery at machine speed across its own platform.
The AI tailwind could prove stronger than modeled if billions of agents materialize, giving ZS's one-to-one architecture a durable edge that network-based rivals cannot match without full re-architecture.
"Zscaler can sustain outsized growth toward $5B ARR through breadth of zero-trust across users, workloads, branches, and agents, enabled by data insights and AI partnerships, but this hinges on durable budgets, clean integrations, and continued pricing power."
The interview builds a bullish thesis: Zscaler is levered to a durable shift to zero-trust, expands across users, workloads, branches, and data, and now layers AI partnerships (Anthropic, OpenAI) and Red Canary integration to boost security analytics and SAC. The 2026 guide of ~$3.75B revenue with a path to $5B ARR implies aggressive growth funded by security spend, data-insight moat, and one-to-one access principles. Risks the piece glosses: cyclical IT budgets, heavy competition from Palo Alto/CrowdStrike/Microsoft, potential margin pressures from integrations and acquisitions, and whether AI-driven differentiation will persist as vendors mimic zero-trust pitches. Execution risk and regulatory/privacy headwinds could blunt the thesis.
The strongest counter is that the security market is highly competitive and budget cycles can dampen growth; AI-based advantages may erode as incumbents imitate features, and integration risks with Red Canary and Glasswing could delay profitability and shrink margins.
"Zscaler's primary risk is not competitive displacement, but architectural obsolescence if AI agents bypass traditional gateway-based traffic routing."
Claude, your skepticism on the 'agentic customer' is valid, but you ignore the structural lock-in. Zscaler doesn't just sell security; they sell the 'on-ramp' to the cloud. Once an enterprise routes traffic through their exchange, the cost of switching is prohibitive. The threat isn't just competition—it's the potential for AI to automate the very network-pathing Zscaler manages, turning their 'data moat' into a commodity. If agents bypass traditional gateways, Zscaler's architecture risks obsolescence regardless of market share.
"Zscaler's lock-in thesis assumes centralized traffic routing survives architectural fragmentation—a bet that looks weaker as workloads decentralize."
Gemini's lock-in thesis assumes Zscaler's exchange becomes infrastructure, but Claude's point about edge computing and cloud-native architectures directly undermines this. If workloads fragment across distributed edges, the centralized 'on-ramp' loses leverage. More critically: nobody addressed whether agents *need* Zscaler's inspection layer at all if they're containerized, air-gapped, or operate under zero-knowledge protocols. Lock-in only works if the architecture remains relevant.
"Red Canary integration risks turning Zscaler's architecture into a latency liability for agentic AI rather than a durable on-ramp."
Claude's edge-computing critique of Gemini's lock-in thesis is sound, but it overlooks the latency penalty Red Canary's centralized SecOps will impose on machine-speed agents. If autonomous workloads demand sub-millisecond responses across fragmented clouds, routing through Zscaler's exchange becomes a bottleneck rather than a moat, accelerating migration to lighter vendors before the $5B ARR target materializes.
"Zscaler can convert moat from a data-path gateway into a policy-orchestration fabric across cloud, data centers, and edge."
Claude's edge-architecture worry assumes an either/or moat: centralized on-ramp or edge fragmentation. In practice, Zscaler could redefine moat as a policy/orchestration fabric, not just a gateway, tying cloud, data center, and edge through unified zero-trust policies and telemetry. If they execute, Red Canary integration could become the analytics/response layer on top of that fabric. The risk isn’t zero—incumbents can imitate—but moat erosion would require a wholesale pivot beyond routing.
Despite potential risks from AI-driven network automation and edge computing, Zscaler's 'Zero Trust Exchange' is seen as well-positioned due to its data moat, structural lock-in, and expansion into AI partnerships and SecOps. However, execution risks, competition, and the need for relevance in a rapidly evolving landscape are significant concerns.
Expansion into AI partnerships and SecOps, leveraging Zscaler's data moat and structural lock-in to drive aggressive growth.
Obsolescence of Zscaler's architecture due to AI-driven network automation and edge computing, as well as execution risks in integrating Red Canary and migrating legacy customers.