Artificial intelligence (AI) promises transformative productivity gains, but it also amplifies cybersecurity risks on an unprecedented scale. As organizations deploy AI agents closer to the edge, they introduce thousands of new endpoints. Each agent operates with credentials, API keys, and the autonomy to perform actions, expanding the potential for compromise far beyond traditional devices.
These distributed systems heighten exposure to data exfiltration, lateral movement, and automated attacks. While AI’s growth will create opportunities across the sector, Zscaler (NASDAQ:ZS) and CrowdStrike (NASDAQ:CRWD) are uniquely positioned to capitalize on the growing threat level. Their core technologies — zero-trust access and endpoint protection — directly counter the vulnerabilities inherent in this agent-driven landscape.
Zscaler (ZS)
Zscaler delivers zero-trust network access (ZTNA) through its Zscaler Private Access solution, which connects users and workloads directly to applications without exposing the underlying network. In the AI era, this model addresses the proliferation of agent endpoints by enforcing least-privilege access and continuous verification for every interaction.
The just-released ThreatLabz 2026 AI Security Report analyzed nearly one trillion AI/ML transactions from January to December 2025 across the Zscaler Zero Trust Exchange. It revealed a 91% year-over-year surge in enterprise AI activity, with enterprises processing 989.3 billion total AI/ML transactions. Critical vulnerabilities existed in 100% of analyzed enterprise AI systems, many compromisable in under 16 minutes. Organizations transferred 18,033 terabytes (TB) of data to AI/ML apps, up 93% year-over-year, while ChatGPT alone triggered 410 million data loss prevention (DLP) policy violations. Finance & Insurance led at 23.3% of AI/ML traffic, followed by Manufacturing at 19.5%.
The report warns that AI has become a primary vector for autonomous, machine-speed conflict, with adoption outpacing oversight and enterprises blocking 39% of AI/ML transactions due to security concerns.
On the same day, Zscaler unveiled the AI Security Suite to secure enterprise AI adoption, applying zero-trust principles to AI interactions, offering visibility into prompts, responses, and data flows while preventing unauthorized actions and data exfiltration. This positions Zscaler to secure the growing number of AI endpoints that traditional perimeter defenses cannot handle, as agents demand real-time, identity-driven controls to block lateral threats and data exfiltration.
As enterprises accelerate AI deployments and face mounting regulatory scrutiny over data privacy and model security, demand for Zscaler’s specialized AI security capabilities is likely to drive accelerated revenue growth and market share gains in the zero-trust segment. This could support sustained premium valuation multiples for the stock as the company captures a larger portion of the expanding AI cybersecurity spend.
CrowdStrike (CRWD)
CrowdStrike’s Falcon platform provides AI-powered endpoint protection that detects and responds to threats at the device level, where AI agents execute. With agents running on endpoints, this capability becomes critical for identifying compromises involving credentials or API misuse before they escalate.
Last year’s Threat Hunting Report documents adversaries weaponizing generative AI to scale operations while targeting AI agent-building tools for credential theft and malware deployment. It notes a 27% increase in hands-on-keyboard intrusions, with 81% malware-free, and highlights how autonomous systems and machine identities form a core part of the attack surface. Nation-state actors exploited vulnerabilities in AI development tools for initial access, persistence, and ransomware deployment.
CrowdStrike announced the general availability of Falcon AI Detection and Response (AIDR) in December, extending the platform to secure the AI prompt and agent interaction layer. AIDR delivers unified protection across enterprise AI — from data and models to agents, identities, infrastructure, and interactions — covering development through workforce usage. It provides prompt-layer security to block injections and anomalies in real time with up to 99% efficacy at sub-30-millisecond latency, maps relationships between users, prompts, models, agents, and model context protocol (MCP) servers, captures runtime logs for compliance and monitoring, and enforces governance to illuminate shadow AI.
Built on one lightweight sensor and console, it protects endpoints, applications, agents, gateways, and cloud environments, enabling CrowdStrike to stop breaches at the source amid the surge in agent-driven threats.
With endpoints remaining the primary initial access point for advanced attacks and AI agents adding new layers of complexity to the attack surface, CrowdStrike’s integrated Falcon platform stands to benefit from higher module adoption and upsell opportunities. This positions the company for continued strong subscription revenue growth and could reinforce investor confidence in the stock’s long-term trajectory in the high-growth cybersecurity market.
Top Gaining Stocks
Top Losing Stocks