According to TechRepublic, cloud security firm Zscaler has acquired AI security startup SPLX to integrate dedicated AI protection into its Zero Trust Exchange platform. The financial terms weren’t disclosed, but the timing aligns with massive AI spending projections—companies are forecast to spend $375 billion on AI infrastructure alone in 2025, a 67% jump from last year. SPLX, founded just last year in 2023, had raised about $9 million from LAUNCHub Ventures and Rain Capital and focused on helping organizations identify and secure AI models across their entire lifecycle. Zscaler CEO Jay Chaudhry stated the combination will secure “the entire AI lifecycle on one platform” by classifying and protecting sensitive data across prompts, models, and outputs. The integration specifically addresses the growing problem of “shadow AI” where employees use unauthorized AI tools without IT knowledge.
Sponsored content — provided for informational and promotional purposes.
The Shadow AI Problem Is Real
Here’s the thing about shadow AI—it’s basically the modern version of shadow IT but way more dangerous. Employees are spinning up AI tools and workflows without telling anyone, trying to move faster and get stuff done. But these blind spots create perfect attack vectors. The scary part? Most enterprises don’t even know what AI models and autonomous workflows are running in their environments. SPLX’s AI Asset Management platform was designed specifically to shine a light on this mess, and now Zscaler gets to bake that capability directly into their existing security perimeter. It’s a smart move, but I wonder how many companies are even aware of the scale of their shadow AI problem.
Flipping the Security Script
The most interesting part of this acquisition might be SPLX’s automated red-teaming capability. They ship with over 5,000 purpose-built attack simulations specifically designed to probe AI systems. That’s a huge shift from the traditional “patch and pray” approach to actually testing and hardening systems before they’re exploited. As AI systems become more autonomous and interconnected, this proactive mindset becomes absolutely critical. But here’s my question—can 5,000 simulations really cover the endless ways AI systems can be attacked? The attack surface for AI is fundamentally different from traditional software, and we’re still learning about all the vulnerabilities.
Zero Trust Meets AI Security
Zscaler’s play here is essentially applying zero-trust principles to AI security, which makes perfect sense on paper. Traditional security tools simply weren’t built to handle AI’s quirks—protecting sensitive data inside prompts, defending ML models from targeted attacks, governing AI usage permissions. The acquisition announcement positions this as securing “AI innovation at the speed organizations are adopting it,” which sounds great but feels ambitious. Basically, they’re trying to build guardrails that don’t slow down innovation. But let’s be real—security and speed have always been in tension, and AI adoption is moving faster than any technology we’ve seen before.
A Big Bet With Big Questions
This acquisition feels like Zscaler making a necessary bet as AI security becomes its own category. Companies are pouring hundreds of billions into AI infrastructure, and security can’t be an afterthought. But I’m skeptical about how smoothly these integrations typically go. Acquiring a startup and baking their technology into an existing platform is notoriously difficult. And while SPLX’s technology looks promising, they’re a young company—founded just last year. Does their platform scale to enterprise levels? Can it keep up with the rapid evolution of AI threats? These are the questions that will determine whether this acquisition is truly transformative or just another checkbox in the AI security feature war.
