New tools and guidance: Announcing Zero Trust for AI

Over the past year, I have had conversations with security leaders across a variety of disciplines, and the energy around AI is undeniable. Organizations are moving fast, and security teams are rising to meet the moment. Time and again, the question comes back to the same thing: “We’re adopting AI fast, how do we make sure our security keeps pace?” Explore the updated Microsoft Zero Trust Workshop and Assessment It’s the right question, and it’s the one we’ve been working to answer by updating the tools and guidance you already rely on. We’re announcing Microsoft’s approach to Zero Trust for AI (ZT4AI). Zero Trust for AI extends proven Zero Trust principles to the full AI lifecycle—from data ingestion and model training to deployment and agent behavior. Today, we’re releasing a new set of tools and guidance to help you move forward with confidence: A new AI pillar in the Zero Trust Workshop . Updated Data and Networking pillars in the Zero Trust Assessment tool. A new Zero Trust reference architecture for AI. Practical patterns and practices for securing AI at scale. Here’s what’s new and how to use it. Why Zero Trust principles must extend to AI AI systems don’t fit neatly into traditional security models. They introduce new trust boundaries—between users and agents, models and data, and humans and automated decision-making. As organizations adopt autonomous and semi-autonomous AI agents, a new class of risk emerges: agents that are overprivileged, manipulated, or misaligned can act like “double agents,” working against the very outcomes they were built to support. Watch the video: AI with Zero Trust Security By applying three foundational principles of Zero Trust to AI: Verify explicitly —Continuously evaluate the identity and behavior of AI agents, workloads, and users. Apply least privilege —Restrict access to models, prompts, plugins, and data sources to only what’s needed. Assume breach —Design AI systems to be resilient to prompt injection, data poisoning, and lateral movement. These aren’t new principles. What’s new is how we apply them systematically to AI environments. A unified journey: Strategy → assessment → implementation The most common challenge we hear from security leaders and practitioners is a lack of a clear, structured path from knowing what to do to doing it. That’s what Microsoft’s approach to Zero Trust for AI is designed to solve—to help you get to next steps and actions, quickly. Zero Trust Workshop—now with an AI pillar Building on last year’s announcement , the Zero Trust Workshop has been updated with a dedicated AI pillar, now covering 700 security controls across 116 logical groups and 33 functional swim lanes. It is scenario-based and prescriptive, designed to move teams from assessment to execution with clarity and speed. The workshop helps organizations: Align security, IT, and business stakeholders on sha