TechSignal.news
Cybersecurity

Zscaler Acquires Airgap as Non-Human Identities Hit 144:1 Ratio to Humans

Zscaler's Airgap buy targets agentless segmentation for unmanaged devices as new data shows enterprises now manage 144 non-human identities per employee—up 44% in 12 months.

TechSignal.news AI4 min read

Zscaler bets $2.1B revenue stream on identity-centric segmentation

Zscaler acquired Airgap Networks, a micro-segmentation vendor that applies identity-aware policies to unmanaged endpoints without requiring agent deployment. The deal arrives as Zscaler reported $2.13 billion in FY 2025 revenue—up 31% year over year—with Zero Trust and identity-centric security driving growth.

Airgap's customer base spans manufacturing, healthcare, and critical infrastructure, with deployments protecting tens of thousands of unmanaged and OT devices per environment. For enterprise buyers already standardizing on Zscaler for ZTNA and SASE, the acquisition creates a consolidation argument: identity-aware segmentation for OT, IoT, and legacy networks can now sit inside the same vendor stack as remote access.

The move directly challenges Palo Alto Networks (Prisma Access plus Cloud NGFW micro-segmentation), Cisco (Secure Access and Hypershield), and Cloudflare. Unlike agent-centric offerings from CrowdStrike or VMware NSX, Airgap emphasizes agentless deployment—critical in environments where installing endpoint software is operationally or technically infeasible.

For buyers not on Zscaler, the deal shifts the segmentation conversation from pure network controls to identity-driven segmentation. Budget authority for these projects may move from network teams to security or IAM teams over the next 12 to 18 months, accelerating pilots that treat segmentation as an identity problem rather than a firewall rule problem.

Non-human identities now outnumber humans 144 to 1

Clarity Security reports that non-human identities—service accounts, bots, AI agents, workload credentials—have reached a 144:1 ratio to human identities in enterprise environments, a 44% increase from 2024 to 2025. For every employee account, IT now manages 144 machine credentials.

This ratio fundamentally breaks IAM cost models and operational assumptions built around human seat counts. Vendors whose licensing or architecture assumes a human-centric identity count become cost-prohibitive when applied to hundreds of non-human identities per employee. Buyers will look for pricing models that scale to high NHI counts—per-tenant, per-cluster, or consumption-based rather than per-identity—and automation for lifecycle management to avoid manual onboarding and offboarding of thousands of service accounts.

The data strengthens the internal business case for centralized secrets management, automated credential rotation, and continuous monitoring of non-human tokens. PAM and secrets-management vendors (CyberArk, Delinea, BeyondTrust, HashiCorp Vault) and cloud IAM workload identity products (AWS IAM, Azure Managed Identities, Okta Workload Identity) gain relevance. Traditional workforce SSO vendors without strong non-human identity and machine credential capabilities face a relative disadvantage in RFPs informed by this trend.

Forrester elevates AI agent identities to primary IAM concern

Forrester's "The Top Trends Shaping Identity And Access Management In 2026" explicitly elevates AI agent identities and non-human identities as first-class IAM requirements, not edge cases. The report identifies eight key trends, including the elevation of AI agent identities, the explosion in non-human identities, and the need for crypto-agility in IAM due to algorithm deprecation risks.

Forrester's framing favors vendors that manage service accounts, workloads, bots, and AI agents at scale and provide policy-driven authorization suitable for agentic AI. This includes products like CyberArk, Okta Workload Identity, Microsoft Entra Workload Identities, Auth0, Axiomatics, Styra, and Open Policy Agent-based products. The research encourages security leaders to budget IAM roadmap items explicitly for agent identities and non-human accounts, not just human SSO and MFA.

Expect a shift in IAM RFPs to include line items around AI agent governance and machine identities. Procurement cycles will re-prioritize spend away from incremental MFA upgrades toward PAM, machine identity management, and policy-based authorization capable of handling large numbers of automated entities. Vendors that can demonstrate purpose-bound, time-limited credentials for AI agents and continuous monitoring of non-human tokens will have a procurement advantage.

What to watch

The Zscaler-Airgap deal is likely to trigger similar M&A or partnership activity from Palo Alto, Cisco, and Cloudflare as they respond to identity-centric segmentation pressure. Watch for vendors to articulate how their ZTNA and IAM stacks protect unmanaged and non-human identities at scale.

The 144:1 non-human-to-human identity ratio will force enterprises to revisit IAM architecture and cost assumptions in 2026 budget cycles. Projects that treat IAM as a human-only problem will face scope creep or failure. The enterprises that build scalable machine identity management now will avoid operational bottlenecks as AI agent deployments accelerate over the next 18 months.

IAMZero TrustNon-Human IdentitiesZscalerAI Agents

Technology decisions, clearly explained.

Weekly analysis of the tools, platforms, and strategies that matter to B2B technology buyers. No fluff, no vendor spin.

More in Cybersecurity