Zscaler’s founder and chief executive Jay Chaudhry said the acquisition advances the company’s aim of being the “trusted partner helping organisations securely adopt AI”. He emphasised that the promise of artificial intelligence can only be realised if it is secured throughout development, deployment and operation. SPLX co-founder Kristian Kamber noted that the two firms share a vision to confront the growing attack surface created by expanding AI infrastructure, and that combining SPLX’s innovation with Zscaler’s platform will help organisations “secure AI innovation at the speed” they are adopting it.
SPLX, founded in 2023 and based in New York, has primarily offered tools that enable enterprises to map AI models, workflows and code repositories, perform red-teaming of generative-AI systems and apply governance frameworks for AI assets. Zscaler will integrate these tools into its Zero Trust Exchange to provide four key capabilities: AI asset discovery and risk assessment across models and code repositories, automated red-teaming and real-time remediation featuring more than 5,000 specialised attack simulations, runtime guardrails and prompt hardening for large-language-models and agentic workflows, and governance/compliance modules to shift organisations from reactive to proactive defence.
The acquisition comes amid forecasts that global AI infrastructure spending will surpass US$250 billion by the end of 2025, a trend Zscaler highlights as creating a dramatically expanded threat surface and “shadow AI sprawl” for enterprises. Zscaler’s reasoning is that as companies build custom-models, deploy retrieval-augmented generation systems and agentic workflows, traditional security tools will fail to track or defend all new assets and attack paths.
Analysts say the integration of SPLX’s capabilities addresses a gap many enterprises face: how to secure AI assets not only at runtime but also during development and deployment. Zscaler’s own product team noted that customers increasingly asked for tools that validate models before go-live, including checking for vulnerabilities such as prompt injection or data exfiltration, something SPLX has specialised in. However, industry watchers caution that the formidable challenge will be blending SPLX’s startup culture, team and product with Zscaler’s large-scale enterprise platform and maintaining innovation speed while scaling. The press release cites integration risks and retention of key employees as possible stumbling blocks.
For Zscaler this marks its second acquisition of the year, following its earlier purchase of Red Canary in August 2025, which strengthened its managed-detection-and-response offering and added agentic-powered security capabilities. The move reinforces Zscaler’s ambition to position itself not simply as a zero-trust networking vendor but as an AI-security platform capable of protecting not only users and devices, but the models, workflows and agents that increasingly underpin enterprise operations.
From a market perspective, the acquisition signals a trend among cybersecurity vendors: as AI deployments proliferate, security strategies must evolve beyond perimeter and endpoint defence into model governance, runtime monitoring, asset discovery and red-teaming of AI stacks. Observers note that many startups in the AI-security space focus on one narrow slice of the problem — for example, runtime policy enforcement or model scanning — but lack broad integration. Zscaler says by combining its infrastructure with SPLX’s toolset it can cover “all of these components” and differentiate in the crowded market. Nevertheless, the real test will be how quickly Zscaler can bring a cohesive, integrated AI-security suite to market, how effectively customers adopt it, and whether the combined solution can scale across the thousands of enterprise clients already using Zscaler’s platform.
Topics
Technology