Each week we find a new topic for our readers to learn about in our AI Education column.
“Trust no one, tell your secrets to fewer, and you will never be betrayed.” – Niccolò Machiavelli.
Machiavelli would have made a hell of an IT guy in the era of cloud computing and AI.
Welcome to AI Education, where this week, we’re going to discuss why the prevailing paradigm in computing has become the rough equivalent of an X-Files poster. We’re introducing you to the concept of zero trust. But before we define zero trust (it’s pretty uch exactly what it sounds like), we need to give you a bit of how we got here.
Since the pandemic of 2020, we’ve stayed the heck away from offices whenever possible—we even sacrificed a full-time job to avoid the drudgery of the office. That’s important because many others have done the same, and working remotely introduces cybersecurity concerns.
That’s because IT security was built on location, originally. A server, a network, knew us and our computer were safe because of where we were—in the office, in our particular office, at a particular desk, with a particular log-in on a particular machine—and would give us access to the files and programs we needed to do our jobs based on those locations. Obviously, that doesn’t work when guys like us are logging in from home, the beach house, the boat, the coffee shop down the street, or a co-working space.
Instead of teaching our systems to remember all of our devices and locations, which would be complicated if not altogether impossible, IT administrators selected a much simpler and straight forward solution—don’t trust anything and make users and devices verify every time they initiate access to files or tools. That is the essence of zero trust.
What Is Zero Trust?
Rather than assuming users, devices or applications deserve confidence simply because they reside within a corporate network, zero trust begins from the opposite assumption. Every request to access data or systems must continuously prove that it is legitimate. Every identity must be verified. Every device must demonstrate that it remains compliant. Every application must receive only the minimum permissions necessary to perform its task.
IBM describes zero trust as a security model that focuses not on defending a network boundary, but on enforcing security policies for every individual interaction among users, devices, applications and data. Instead of granting broad access based upon network location, zero trust continuously validates every request before allowing access to protected resources.
In practical terms, this means an employee logging into a banking application from headquarters may undergo essentially the same authentication process as someone connecting from an airport lounge halfway around the world.
The Three Principles of Zero Trust
Verify Explicitly
The first principle requires organizations to authenticate and authorize every access request using as much contextual information as possible. Authentication is no longer limited to usernames and passwords. Rather than making a single security decision during login, zero trust continuously reassesses whether access should continue. Identity therefore becomes an ongoing process instead of a one-time event.
Least-Privileged Access
Instead of granting employees broad permissions simply because they belong to a department, organizations provide only the minimum access necessary to perform immediate tasks. This concept, known as least privilege, substantially reduces attack surfaces. A wealth manager, for example, might access only the specific client records needed for current meetings rather than an entire customer database. Similarly, an AI application summarizing research reports may receive permission to read market commentary but not confidential merger documents or personally identifiable customer information.
Assume Breach
Rather than asking how to prevent every intrusion, zero trust asks how to limit the consequences when prevention inevitably fails. This assumption changes organizational priorities. Security teams invest heavily in continuous monitoring, anomaly detection, rapid containment and automated response. The objective is resilience rather than perfection. For financial institutions operating increasingly complex digital ecosystems and preparing for autonomous AI agents capable of acting independently across multiple systems, this mindset has become particularly valuable. Rather than hoping every identity behaves correctly, organizations design architectures that continuously verify every interaction.
What Does This Have to do with AI?
As artificial intelligence becomes more deeply embedded within enterprise technology stacks, zero trust has evolved from being merely a cybersecurity architecture into a foundational governance model for AI itself. Large language models, AI agents, autonomous workflows, retrieval-augmented generation (RAG), and machine learning systems all depend upon access—to corporate documents, customer information, software applications, APIs, databases, cloud infrastructure, and increasingly, one another.
That dependence creates a paradox: The more capable an AI system becomes, the more information it requires to produce useful results. Yet the more information it can access, the greater the potential consequences if that system is compromised, misconfigured, manipulated, or simply granted excessive permissions. Zero trust offers a framework for resolving that tension.
Conventional applications generally perform predictable tasks using predefined rules. AI systems, by contrast, ingest enormous quantities of data, dynamically generate outputs, call external tools, interact with APIs, retrieve proprietary documents, and increasingly execute multi-step workflows with limited human intervention. Many organizations are discovering that their greatest AI security risk is not necessarily malicious hackers—it is excessive permissions.
Zero Trust in Finance
The same AI assistant capable of dramatically improving advisor productivity may also become an avenue through which confidential information inadvertently spreads beyond authorized boundaries. Zero trust therefore complements financial AI by ensuring productivity gains do not come at the expense of security. Within wealth management, AI increasingly assists advisors with meeting preparation, document summarization, portfolio analysis, financial planning, CRM updates and client communications. These capabilities often require AI systems to access client records. Under a zero trust model, that access remains narrowly controlled.
Banks are deploying AI across fraud detection, customer service, compliance, lending, operations and cybersecurity itself. Zero trust supports these initiatives by ensuring AI systems interact only with authorized datasets. For example, a conversational banking assistant helping customers reset passwords should not simultaneously possess unrestricted authority over payment processing systems. Likewise, an internal AI used by compliance officers should access regulatory filings without automatically receiving permission to review executive payroll records. Every capability receives explicit authorization.
Perhaps the most significant reason financial institutions are embracing zero trust is that AI security has evolved beyond an information technology issue. It is now an enterprise risk issue. A compromised AI assistant could expose confidential client information. An overprivileged AI agent might execute unauthorized financial transactions. An improperly governed model could leak proprietary investment research worth millions of dollars. Consequently, boards of directors, chief information security officers, chief risk officers and chief technology officers increasingly view zero trust not merely as cybersecurity architecture, but as an essential governance framework supporting trustworthy artificial intelligence.
The Five Pillars of Zero Trust
Identity
Identity serves as the cornerstone of zero trust. Every user, service account, application and increasingly every AI agent must possess a verified identity before accessing organizational resources.
Devices
Zero trust does not assume that a valid user automatically implies a trustworthy device. Before permitting access, organizations evaluate whether laptops, smartphones, servers and IoT devices satisfy security requirements.
Networks and Environments
Traditional networks emphasized broad internal connectivity. Zero trust instead favors segmentation. Networks are divided into smaller protected environments that limit lateral movement. If attackers compromise one segment, they encounter additional authentication and authorization barriers before reaching others. Cloud infrastructure, branch offices, remote users and data centers all become components of a unified security architecture rather than isolated environments protected primarily by perimeter firewalls.
Applications and Workloads
Applications themselves require protection. Organizations increasingly authenticate communications between applications, cloud services, containers, virtual machines and AI workloads. Rather than assuming software can freely communicate because it resides within the same network, zero trust verifies every interaction.
Data
Ultimately, data—not networks—is what organizations seek to protect. Zero trust therefore applies security controls directly to information itself. Whether information resides in cloud storage, databases, email systems or AI knowledge repositories, access remains governed by identity, context and business need rather than physical location.






