Resource Center
/
Blog
/
Extending Zero Trust to Non-Human & Agentic Identities

Extending Zero Trust to Non-Human & Agentic Identities

Leandro Iacono

Leandro Iacono

Solution Architect

Published on

Jun 10, 2026

Updated

Jun 10, 2026

Read Time

8

minutes

Share

Table of Contents
Heading 2
Heading 3

How combining identity governance with inline enforcement closes the visibility and control gap for non-human and agentic identities.

Enterprise traffic no longer looks the way zero trust was designed for. Most connections inside a modern enterprise are already machine-to-machine. AI agents are accelerating that shift, generating their own traffic, spawning sub-agents, and reaching systems at a pace no human team can match.

Zero trust was built on a simple premise: there is an authenticated, accountable identity behind every connection, and policy can be applied to it. That premise holds for human users. It breaks down for the service accounts, API keys, OAuth tokens, IAM roles, and secrets that already make up the vast majority of non-human identities in most enterprises, and it breaks down further for AI agents and MCP servers that now appear on managed endpoints carrying hardcoded secrets and broad standing access, often without the security team's knowledge.

You cannot apply zero trust to an identity you cannot see, do not own, and cannot govern. That is the gap Oasis Security and Zscaler are closing together.

Two layers, one control plane

Securing non-human and agentic identities takes two things working in concert: enforcement on the wire, and governance of the identity behind it. Neither is sufficient alone.

Zscaler brings the enforcement layer. The Zscaler Zero Trust Exchange inspects, brokers, and enforces every connection across users, devices, workloads, and applications, and now extends that same inline control to how agents connect, access data, and operate across the enterprise.

Oasis brings the identity layer that has historically been missing for machine and agentic traffic. For every non-human identity and AI agent, Oasis answers the questions enforcement alone cannot: Who created it? Who owns it? What can it actually access, and what should it be permitted to access? Is it still in use, and how should its credentials be rotated or revoked?

Together, this gives joint customers a single control plane for every identity that touches the enterprise, from Active Directory to autonomous AI agents. Zscaler enforces the policy. Oasis governs the identity behind it.

What can joint customers do with the Oasis–Zscaler integration?

With the integration, identity and security teams can:

  • Discover non-human identities across cloud, SaaS, and on-premises systems, alongside the AI agents and MCP servers surfaced by Zscaler.
  • Attribute every identity to an owner and score its risk, so nothing operates anonymously or unaccountably.
  • Govern the full lifecycle: rotating secrets, right-sizing access, and decommissioning identities that are stale, orphaned, or over-privileged.
  • Enforce zero trust policy inline across every connection, backed by the identity context that makes each decision meaningful.

The result is the end of reconciling stale credentials and orphaned accounts across a fragmented set of tools, and the start of governing identity at the speed AI now demands.

Why does the agentic era raise the stakes on identity?

The shift to agentic AI raises the stakes on identity, because an agent's reach is only as safe as the identity it carries. As enterprises route agentic communication through inline control points, including emerging agent and MCP brokers such as the newly announced Zscaler AI Broker, the deciding factor between safe automation and uncontrolled access becomes the identity behind each agent and each tool call, and whether that identity is entitled to what it is attempting.

This is where the two layers reinforce each other most directly. Enforcement decides whether a given call is allowed in the moment; governance decides what the underlying identity should ever have been able to reach, keeps that scope tight over time, and ensures every credential has an owner and an expiry. Oasis is built to supply that authorization and identity context through Agentic Access Management, and we see the agentic broker as a natural place for it to land. It is a direction we intend to keep building toward with Zscaler.

To see how a single control plane changes the way your team governs non-human and agentic identities, request a demo.

Keep Learning

From Cloud Exposure to Identity-Governed Action: Oasis Joins the Wiz Integration Network (WIN)

Adam Ochayon
April 21, 2026

Claude Mythos and the End of 'Hard to Exploit'

Oasis Team
April 14, 2026

Inside Oasis’s NHI Enrichment Layer: How Context Gets Built

Yonit Glozshtein
March 4, 2026

Related Resources

See All Resources
AI Access Management
Machine Identity
NHI Management