As enterprises wrestle with how to adopt AI responsibly, they’re rediscovering the same lesson cybersecurity mastered years ago: trust must be earned, verified, and continuously monitored.
The Trust Recession in Technology
I recently had the opportunity to sit down with John Armstrong, Senior Product Marketing Manager for Application & Network Security at Ivanti. Our conversation started with Ivanti’s approach to cybersecurity and the growing importance of Zero Trust. But as these conversations often do, it quickly expanded. We found ourselves talking not only about the challenges of securing networks but also about the growing challenge of trusting artificial intelligence.
That connection between cybersecurity and AI is not accidental. Both domains are struggling with the same fundamental problem: trust. Cybersecurity spent decades building systems to verify every user and transaction. AI, on the other hand, has exploded into the mainstream with tools that can generate convincing but sometimes incorrect results. Enterprises are beginning to realize that the same principles that protect networks might also protect decision-making.
Armstrong captured this tension perfectly when he said, “I can’t trust a third party that isn’t trustworthy. I use AI for research, but I double-check everything before I publish.” That instinct to verify before trusting is at the core of a philosophy that has guided cybersecurity for more than two decades: Zero Trust.
From Firewalls to Frameworks: What Zero Trust Really Means
Zero Trust is more than a security buzzword. It is a design principle born from the failure of traditional perimeter defenses. Early network architectures assumed that once users were inside the corporate network, they could be trusted. But that implicit trust became the source of countless breaches.
Zero Trust flips that assumption. It operates on the premise that no one, inside or outside the organization, should be trusted by default. Every user, device, and system must continuously prove they are who they claim to be and are only allowed access to what they need.
As Armstrong explained, “Any user that logs in can only have access to those resources that enable them to do their job and no more. You can’t go browsing around in other departments. Everything is compartmentalized, encrypted, and verified.”
That principle of continuous verification has become the foundation of modern cybersecurity. Now, it is finding new relevance as enterprises grapple with how to integrate AI into their operations.
Zero Trust for AI: Designing Verification Into Intelligence
Generative AI introduces a new kind of vulnerability. It is not about network breaches but about informational integrity. The risks are different but familiar: hallucinations, bias, data exfiltration, and exposure of sensitive information.
Enterprises that have spent decades hardening their networks now face a subtler challenge. How can they prevent AI from leaking or fabricating data with equal confidence? The solution might not come from new technology but from borrowing proven principles of Zero Trust.
- Least privilege access becomes data minimization: feed models only the data they need, nothing more.
- Identity verification becomes source attribution: validate where information originated and how it is being used.
- Continuous monitoring becomes AI observability: track how models evolve, drift, or produce unreliable outputs.
Armstrong’s disciplined approach to using AI mirrors this mindset. “AI is a better research assistant than Google because it can tell me so much more, but I still go back and check every source,” he said. It is a small example of how Zero Trust thinking applies to information, not just infrastructure.
Enterprises adopting AI without verification loops are repeating the same mistake early networks made: trusting the perimeter—in this case, the model—without validating what happens inside it.
Secure by Design to AI by Design
In cybersecurity, Ivanti was among the first to sign the Secure by Design pledge led by the Cybersecurity and Infrastructure Security Agency (CISA). The idea is simple but powerful: security should not be added after a product is built. It should be embedded throughout its creation.
Armstrong describes it as a mindset shift. “We don’t wait until the solution is built to secure it. We build security into it as we create it.”
The same philosophy applies to artificial intelligence. AI by Design means embedding transparency, auditability, and human oversight into the system from the start, before a single output is generated.
That means defining clear data boundaries, documenting model behavior, and ensuring humans remain in the loop to verify accuracy and intent. It also means viewing trust as a design requirement, not a marketing claim.
For GTM teams, this shift is especially important. AI can generate content, summarize calls, or personalize outreach, but each of those functions touches customer data. Building AI by Design ensures that automation enhances brand credibility rather than risking it.
The New Trust Architecture
In cybersecurity, Zero Trust evolved from a policy to a full architectural framework. It now defines how users authenticate, how data moves, and how every action is logged and verified.
AI is headed in the same direction. The current wave of experimentation, running prompts through public models and trusting outputs, is giving way to structured governance. The most forward-looking organizations are already building AI Trust Architectures that define:
- Who can access what data
- When and how models are retrained
- Where human review is required
- What audit trails validate compliance
This is not just an IT initiative. It is a new form of cross-functional leadership that brings together product, marketing, data science, and compliance teams. The future of responsible AI adoption will depend less on speed and more on the strength of these verification frameworks.
As Armstrong reminded us, “Zero Trust runs at the application layer, where all the organization’s crown jewels lie.” In the AI era, that layer is increasingly where business decisions are made and where trust must be engineered in.
Building Systems Worthy of Trust
The lesson from decades of cybersecurity is clear: systems designed for convenience eventually fail. Systems designed for verification endure.
AI is reaching that same crossroads. The technology’s potential is enormous, but only if organizations approach it with the same rigor and discipline that reshaped modern security. That means designing for transparency, embedding oversight, and building controls that protect not just data but the decisions that data drives.
Armstrong captured it perfectly: “There’s nothing like an original voice. AI can help us get there faster, but trust still comes from people.”
In cybersecurity, Zero Trust protects data. In AI, Zero Trust will protect decisions. Both are essential if we want to build technology that earns, not assumes, our confidence.
Disclosure: This article reflects insights from an informal conversation with John Armstrong and does not represent an official statement from Ivanti.