Building a Zero-Trust Architecture for AI Infrastructure

  • 3
  • August 2026
    Monday
  • 10:00 AM PDT | 01:00 PM EDT

    Duration:  75  Mins

Level

Intermediate & Advanced

Webinar ID

IQW26H0869

  • Why traditional zero-trust controls fail for AI agent workloads
  • Verify explicitly: authenticating non-human AI principals dynamically
  • Least privilege for agents: session-scoped, task-bound, auto-expiring permissions
  • Assume breach: designing AI systems for containment and fast recovery
  • Microsegmentation of AI infrastructure - isolating agents from lateral movement
  • Continuous verification: monitoring AI agent behavior in real time
  • Automated policy enforcement and anomaly-triggered revocation
  • Zero-trust control mapping: NIST SP 800-207 and CISA Maturity Model
  • SOC 2 and ISO 27001 alignment for zero-trust AI deployments
  • Maturity assessment: where your AI infrastructure sits today and what to fix first

Overview of the webinar

Zero-trust has three core principles: verify explicitly, use least privilege, and assume breach. The problem is that all three were designed with a human principal in mind. An AI agent is not a human. It does not authenticate at login and idle between requests. It runs continuously, chains tool calls automatically and can escalate from a simple read request to a database write inside a single session without anyone noticing.

We go through how to apply each zero-trust principle to that kind of principal. What explicit verification looks like when there is no human in the loop. What least privilege means when permissions need to be session-scoped and task-bound rather than role-based. What assume breach means when the agent itself could be the thing that is compromised.

The session covers real deployment patterns we see in production environments, where the specific gaps tend to be, and what a mature zero-trust architecture for AI infrastructure actually looks like. We map controls to NIST SP 800-207 and the CISA Zero Trust Maturity Model throughout, so you leave with something you can hand to a compliance team.

You will also run through a maturity assessment you can apply to your own setup the same week.

Who should attend?

  • Chief Information Security Officers
  • Security Architects
  • Cloud Security Engineers
  • DevSecOps Engineers
  • IT Infrastructure Leads
  • Zero Trust Program Managers
  • Risk Officers
  • SOC Managers
  • IT/Infrastructure Managers
  • AI/ML Engineers & Data Scientists

Why should you attend?

Most security teams have put real work into zero-trust for their human workforce. Defined access boundaries, reviewed permissions, deployed PAM tooling. Then they added AI agents to the environment and left those agents running with none of the same controls. That gap is growing fast.

AI agents do not log in, do not log out, can call dozens of systems in a single session, and can take consequential actions without anyone approving them. The zero-trust principles that work for human users need to be rebuilt from scratch for this kind of principal.

This session gives you a concrete framework for doing that. Not theory. Actual controls, mapped to NIST SP 800-207 and the CISA maturity model, that you can bring back to your security team and start applying this quarter.

Faculty - Mr.Mohammed Ilyas Ahmed

Mohammed is a security and DevSecOps professional with deep experience helping organizations strengthen their security posture across modern, cloud-native environments. His work centers on bridging security, engineering, and operations to enable scalable, resilient, and secure systems in complex enterprise ecosystems.

He is an active contributor to the global technology community and a frequent speaker at leading industry conferences and platforms, including DEF CON, Black Hat, KubeCon (Paris), ISACA, IANS, and Wallarm, among others. He is also regularly invited to serve as a technical session judge, where he brings practical insight and industry rigor to evaluating emerging ideas and innovations.

He maintains strong ties with academia and thought leadership. He contributes research associated with Harvard University, publishing work that advances discussions on modern security practices, governance, and risk management. He is a member of the Harvard Business Review Advisory Council, where he supports collaboration between industry and academia and promotes knowledge sharing and innovation.

His work has a global dimension through his role on the Global Advisory Board of VigiTrust Limited (Dublin, Ireland), where he contributes to international strategies in cybersecurity, data protection, and risk management. He holds numerous industry certifications that reflect the breadth and depth of his expertise in security and cloud technologies.

He is the author of Cloud-Native DevOps, a practical guide to building scalable, reliable, and secure cloud-native applications. The book draws on real-world experience to cover modern DevOps and DevSecOps practices, containers, CI/CD pipelines, and security integration in cloud-native architectures.

His areas of focus include cybersecurity, cloud-native technologies, DevSecOps, risk management, and the role of AI in cloud-native ecosystems. Beyond his professional work, he brings a range of interests and perspectives that inform his leadership and thought leadership.

What if you miss the Live Webinar?
Don't worry! Pay only $29 & get the full Recording.

100% MONEY BACK GUARANTEED

Refund / Cancellation policy
For group or any booking support, contact: