This article was written and provided by our partner, Zscaler.
Top 5 Security Gaps
- AI Attacks are Here: 61% of organizations encountered AI-enabled attacks in the last 12 months. However, 70% have little to no visibility into these threats moving over their VPNs.
- The Patching Lag: 54% of organizations require a week or more to patch critical VPN vulnerabilities. In an AI-accelerated environment, this "remediation window" provides ample time for attackers to operationalize exploits.
- Encryption Blind Spots: 1 in 3 organizations inspect 0% of encrypted VPN traffic. Without visibility into encrypted flows, defenders cannot detect quiet, fast-moving AI threats.
- Excessive Lateral Movement: Only 11% of organizations can restrict a compromised session to a single application. For the vast majority, a single stolen credential grants broad network-level access.
- The Friction Factor: 63% of users bypass VPN controls to reach apps faster, citing slow connections and frequent disconnections. These workarounds create "shadow access" paths that fall outside security oversight.
The Shift to Containment-First Access
The report confirms a mainstream industry shift: 84% of organizations are now transitioning to Zero Trust (up from 78% two years ago).
To close the breach window, IT leadership is moving away from broad network connectivity in favor of containment-first principles:
- Shrink the Blast Radius: Limit access to specific apps rather than the entire network.
- Inspect Everything: Eliminate blind spots by inspecting all encrypted traffic.
- Prioritize UX: Ensure the secure path is the fastest path to prevent user bypass.
AI machine speed renders traditional VPN models obsolete. Resilience now depends on an architecture built for containment, fast detection, and identity-based access.
Read full report here: Zscaler ThreatLabz 2026 VPN Risk Report