Really enjoyed this... especially the point that AI breaks the traditional idea of where trust “belongs.” What you describe is exactly what we’re seeing in agentic systems: the flow of action no longer follows predictable, network-visible paths. It gets reshaped in real time by tools, APIs, and delegated capabilities. That makes conventional Zero Trust enforcement - tied to ports, routes, or perimeter choke points - far less meaningful.
Where I’d push the conversation is this... AI hasn’t invalidated Zero Trust, but it has invalidated its network-centric implementation.
Your diagrams show the same pattern: the agent becomes the new centre of gravity, and trust is reconstructed across chains of delegation. That’s the exact failure mode in traditional networking models - they assume fixed topology and human-paced workflows. AI operates across domains, clouds, and toolchains at machine speed.
The evolution we need is identity-first, authenticated-before-connect overlays where:
- trust is bound to workloads, agents, and tools, not IP space
- every action is evaluated at the service or API level, not the subnet
- zero-inbound connectivity removes the “implicit reachability” problem
- lateral movement disappears structurally rather than being mitigated
- audit and policy follow the agent across boundaries, not the network
In other words: Zero Trust still holds - but the network is no longer the place to enforce it.
AI forces us to shift ZT upward into an identity + policy + overlay connectivity layer, where reasoning systems and delegated actions can be constrained without relying on the old choke points you rightly point out are disappearing.
Your conclusion is spot on: trusting ZT blindly is dangerous. But abandoning it would be worse.
We just need to implement it where AI actually lives - not where networks used to.
If you are interested in this more, we are currently starting to work on a paper in the Cloud Security Alliance on it, essentially Agentic AI/MCP and Zero Trust (connectivity).
Well said. I completely agree, pushing ZT up into identity and action level controls is where it actually has leverage. I’d be very interested in the CSA work you’re starting on this.
Really enjoyed this... especially the point that AI breaks the traditional idea of where trust “belongs.” What you describe is exactly what we’re seeing in agentic systems: the flow of action no longer follows predictable, network-visible paths. It gets reshaped in real time by tools, APIs, and delegated capabilities. That makes conventional Zero Trust enforcement - tied to ports, routes, or perimeter choke points - far less meaningful.
Where I’d push the conversation is this... AI hasn’t invalidated Zero Trust, but it has invalidated its network-centric implementation.
Your diagrams show the same pattern: the agent becomes the new centre of gravity, and trust is reconstructed across chains of delegation. That’s the exact failure mode in traditional networking models - they assume fixed topology and human-paced workflows. AI operates across domains, clouds, and toolchains at machine speed.
The evolution we need is identity-first, authenticated-before-connect overlays where:
- trust is bound to workloads, agents, and tools, not IP space
- every action is evaluated at the service or API level, not the subnet
- zero-inbound connectivity removes the “implicit reachability” problem
- lateral movement disappears structurally rather than being mitigated
- audit and policy follow the agent across boundaries, not the network
In other words: Zero Trust still holds - but the network is no longer the place to enforce it.
AI forces us to shift ZT upward into an identity + policy + overlay connectivity layer, where reasoning systems and delegated actions can be constrained without relying on the old choke points you rightly point out are disappearing.
Your conclusion is spot on: trusting ZT blindly is dangerous. But abandoning it would be worse.
We just need to implement it where AI actually lives - not where networks used to.
If you are interested in this more, we are currently starting to work on a paper in the Cloud Security Alliance on it, essentially Agentic AI/MCP and Zero Trust (connectivity).
Well said. I completely agree, pushing ZT up into identity and action level controls is where it actually has leverage. I’d be very interested in the CSA work you’re starting on this.
Sure... for now, this was my proto 'opinionated' paper, happy to share more on the CSA group... hit me up on Linkedin or something - https://docs.google.com/document/d/1CdmM1Bk4MU4oCGnhOfrnQMisPxb5h8I3A3F3TFOMsg0/edit?tab=t.0 - https://www.linkedin.com/in/philipleonardgriffiths/