Recently, I heard someone claim on a podcast, “Zero Trust is dead.” I couldn’t disagree more. Zero Trust remains one of the most enduring and widely used concepts in cybersecurity. Every year, as we analyze thousands of submissions for RSAC™ Conference, it consistently dominates the word cloud. It’s everywhere, and for good reason.
In the latest episode of Cyber at the Top, I had the opportunity to speak with Alissa “Dr. Jay” Abdullah, Deputy Chief Security Officer at Mastercard and the company’s resident AI futurist. Our conversation made one thing clear: Zero Trust isn’t fading away; it’s evolving. As AI reshapes how organizations operate and how adversaries attack, Zero Trust has become even more essential. Dr. Jay shared how Mastercard applies Zero Trust in practice, why AI has raised the stakes, and what cyber leaders should prioritize as they begin or mature their Zero Trust journey.
Evolution of Zero Trust topics at RSAC Conference since 2021
The RSAC™ Cybersecurity Atlas: Map of Topics, 2021-2025 analyzes data from the RSAC Call for Submissions process to visualize changes to the community’s priorities over time. Below are a few examples of the evolution of Zero Trust-related topics since 2021:
Cyber Atlas tool in the RSAC™ Community Platform.
A walk across the Expo floor at RSAC Conference will inevitably surface countless vendors promoting Zero Trust solutions, but as Dr. Jay emphasized, Zero Trust is not a product. It’s a principle and a fundamental shift in mindset. “It’s more important now than it’s ever been,” she explained. “There is no implicit trust. We have to be in the mindset of Zero Trust because AI is a game changer.”
At Mastercard, that mindset translates into enforcing least privilege, ensuring users have access only to what they need, for exactly as long as they need it. This discipline becomes even more critical as AI systems move faster, automate decisions, and operate at a scale humans simply can’t match. Dr. Jay also made an important point: Zero Trust shouldn’t live solely in the cybersecurity domain. It’s a mindset worth extending to non-profits, small businesses, and even conversations with family members. The more broadly we understand and adopt Zero Trust principles, the better positioned we are to ensure that innovation and security advance together. Why Zero Trust is critical in the age of AI Zero Trust has been a recurring theme in RSAC Conference submissions for many years, long before topics like generative and agentic AI became part of the mainstream conversation. While AI-related terms may dominate headlines today, that doesn’t diminish the relevance of Zero Trust. In fact, it makes it non-negotiable. AI accelerates everything, including both innovation and attack. Organizations are using AI to scale operations, increase efficiency, and unlock new capabilities. At the same time, adversaries are leveraging AI to discover vulnerabilities faster, evade detection, and launch more sophisticated attacks. According to Dr. Jay, Zero Trust helps eliminate the blind spots AI can introduce. It provides the guardrails organizations need to harness innovation without sacrificing security, ensuring that trust is continuously verified rather than assumed. Getting started on the Zero Trust journey One of the most compelling ideas I took away from our conversation was treating AI itself as an identity. Models and agents should be governed with the same principles as human users to ensure clear accountability, least privilege, and continuous oversight. Framing it this way helps organizations understand the risk and the responsibility that comes with deploying AI at scale. Above all, remember that Zero Trust isn’t a one-time technology project; it’s a cultural shift. Focus on quick wins, build momentum, and embed the mindset into your organization’s DNA. If you start with identity and access, you’re already well on your way.
To hear more details from our conversation and to continue learning from Dr. Jay, listen to the full podcast episode or watch the video here.