Zero Trust Security — Purpose-Built Networking and AI Make It Possible

Suresh Katukam, the Chief Product Officer and Co-Founder at Nile, explains how purpose-built networking and AI make zero trust security possible. This article originally appeared in Insight Jam, an enterprise IT community that enables human conversation on AI.

Ransomware attacks in the U.S. have surged 149 percent year over year. The sheer scale and sophistication of these threats—often powered by AI—are overwhelming traditional security defenses. At the same time, remote work, cloud adoption, and the proliferation of IoT devices have pushed the modern enterprise far beyond the limits of perimeter-based security.

To play catch-up, organizations have implemented many bolted-on controls and quick fixes. This is not working, as Gartner has evidenced. In their 2024 State of Zero Trust Adoption Survey, 63 percent of respondents had either attempted or partially attempted a zero-trust initiative; however, 35 percent reported failures in their initiatives that adversely affected their organization. A fundamentally different approach is needed: one that combines Zero Trust principles with purpose-built network infrastructure and AI-driven automation.

Zero Trust: More Than a Marketing Term

As applications, users, and devices have moved outside the traditional network perimeter, assumptions that led to legacy security models have collapsed. To counter this, the Zero Trust security framework was introduced in 2010 and is based on the simple principle of “never trust, always verify”. Over 15 years later, it’s now more relevant than ever.

Zero Trust is intended to outline the steps needed to enforce least-privilege access, continuously verify identity, and lay the groundwork for segmenting networks that limit lateral movement. It’s a powerful model in theory, but in practice, most organizations struggle to implement it effectively at scale.

Why Zero Trust Initiatives Fail

In Gartner’s more recent “Predicts 2025: Scaling Zero-Trust Technology and Resilience” report, they paint a sobering picture: by 2028, 30 percent of organizations are expected to abandon their zero-trust initiatives, citing complexity, lack of integration, cultural resistance, and limited vendor value. Unless we fundamentally rethink how Zero Trust is implemented, that prediction will likely prove accurate.

Additional barriers include:

• Legacy infrastructure that was never designed for dynamic access control or micro-segmentation.
• Agent-based models like ZTNA that do not work for unmanaged IoT or operational tech devices.
• Operational missteps—everything from misconfigurations to policy sprawl.
• Skill gaps, especially in lean IT teams.

In essence, Zero Trust can’t be reduced to a product. It’s an architectural shift, and unfortunately, many organizations are trying to retrofit Zero Trust principles into environments that were never meant to support them.

Where AI Fits—And Where It Doesn’t

AI plays a critical role in making Zero Trust scalable. But AI alone isn’t enough. If the underlying network is based on legacy principles and vulnerabilities, it is inconsistent, reactive, or fragmented in how Zero Trust is delivered, AI becomes just another bolted-on solution—or worse, a band-aid. This is why a combination of a deterministic network architecture and closed-loop AI automation is so powerful.

A fundamentally different approach must be explored. One where every port and access point is secured by default, with identity-based access baked into the infrastructure, where VLANs, the spanning tree protocol, bolt-on NAC solutions, and a reliance on agents are no longer needed. The network must be designed to enforce consistent access policies across users and devices from day one, regardless of whether they are connecting on campus or remotely.

AI then amplifies this by:

• Monitoring user and entity behavior in real-time across the entire fabric.
• Detecting anomalies and surfacing root causes proactively.
• Reducing the need for manual intervention and guesswork.
• Continuously optimizing policy adherence.

AI and automation should not be bolted on to fix legacy vulnerabilities. Instead, networks should be designed so that security is an outcome of control and visibility, and AI reliably scales that outcome. The better path is to adopt a network designed from the ground up to isolate devices, enforce identity, and deliver policy-based access consistently, without depending on manual configuration or human enforcement.

With AI, this network becomes inherently more secure and intelligent, capable of adapting in real-time as users, devices, and threats evolve.

Again, Start with the Right Foundation

Before launching into a Zero Trust initiative or trying to fix an existing implementation, organizations should ask:

• What are the vulnerabilities in our current network architecture?
• Can our environment support identity-based access and segmentation without complexity?
• How are we scaling security with the resources we have—and where can AI and automation help?
• Are we moving to or enabling Zero Trust, which was built in by design, or are we trying to duct-tape it onto a legacy foundation?

The future of enterprise security isn’t just about AI or Zero Trust in isolation. It’s about unifying both through a purpose-built network architecture, made intelligent by AI. This allows you and your organization to move from aspiration to assurance—and from reactive security to real protection.