Key insight
Zero trust is one rule: verify every request on its own merits, every time, and never assume something is safe just because of where it came from. The old model trusted location; zero trust verifies identity and context instead — which matters enormously once AI agents, not just people, are the ones making requests.
For decades, company computer security worked like an old castle. Build one strong wall around everything valuable, and once someone was standing inside that wall, they were treated as trustworthy everywhere behind it, free to walk from room to room without being checked again. Zero trust throws that entire assumption away, and this article explains exactly why, and what replaced it.
1 · The old castle model, and why it failed
Picture a castle with one strong outer wall and a guarded gate. Anyone who talks their way past that single gate, whether a legitimate visitor or someone who lied to get in, can then walk freely through every hallway and every room inside, because the castle's entire security plan was “keep bad people outside the wall,” with nothing planned for what happens if one gets in anyway. Company networks were built the exact same way for decades: one strong perimeter, and once a device or a person was “inside the network,” it was trusted everywhere behind it.
This model failed for one simple, repeated reason: the moment any single attacker got past the outer wall, through a stolen password or a tricked employee, every door behind that wall opened for them freely, because the whole model trusted location instead of verifying identity.
2 · What zero trust actually means
Zero trust replaces that single gate check with one plain rule: verify every single request on its own merits, every time, regardless of where it came from. There is no longer an “inside the wall, therefore trusted” zone at all. A request from a laptop sitting inside the company office building is checked exactly as carefully as a request from somewhere on the open internet, because location was never actually proof of anything — it was only ever a convenient shortcut, and shortcuts are exactly what attackers learn to exploit.
Zero trust does not mean nobody is ever trusted. It means trust is re-earned on every single request, based on real evidence, rather than assumed once and carried forward forever.
3 · The three things checked on every request
- Identity. Who, or what, is actually making this request, verified with real proof, not just an unverified claim.
- Device and context. What is the request coming from, is that device in a healthy, expected state, and does the request look consistent with how this identity normally behaves?
- Scope of the request itself. Is the specific thing being asked for actually something this identity should be allowed to do, checked fresh, every time, rather than assumed from a past approval.
4 · A worked example: one stolen password, two outcomes
An attacker steals an employee's password through a phishing email. Under the old perimeter model, that password alone is enough: once the attacker logs in from anywhere that looks like “inside the network,” every system behind that perimeter treats them as fully trusted. Under zero trust, the stolen password alone is not enough. The login attempt is also checked against the device it is coming from, the location and time it is arriving at, and whether this specific request matches the employee's normal pattern of behavior. A password showing up from an unfamiliar device, at an unusual hour, asking for something this account has never asked for before, gets flagged and blocked, even though the password itself was entered correctly.
5 · Why AI agents need this more than people ever did
An AI agent that happens to be running inside a company's own network was, under the old model, automatically trusted simply because of where it was running, even if the specific task it was performing at that moment was never actually approved by anyone. Zero trust removes that free pass entirely: every tool call an agent makes is checked on its own merits, using the agent's identity, the specific action being requested, and whether that action is consistent with what this agent is actually supposed to be doing right now, regardless of which network happens to be carrying the request.
6 · Applying zero trust on purpose
- Remove implicit trust zones. Stop treating “inside the network” as a security boundary at all.
- Verify continuously, not once. A login check at the start of a session is not enough; requests need checking throughout.
- Combine with least privilege. Verifying identity matters less if the identity, once verified, is handed broad access anyway.
- Log and review denials. A pattern of blocked requests is often the earliest visible sign that something has gone wrong.
7 · A simple test you can run this week
1. Pick one system that currently trusts requests just because they come from “inside the network.”
2. Ask what actually gets verified on each request today — identity, device, and the specific action.
3. Identify anything that is assumed rather than checked.
4. Add a real check for each gap you find.
If “it's coming from inside the network” is doing any of the trusting for you, that is exactly the gap zero trust exists to close.
8 · Glossary — every short-form term, spelled out
- Zero trust
- Verifying every request on its own merits, every time, rather than assuming safety based on where the request came from.
- Perimeter model
- An older security approach that trusted anything already inside a network's outer boundary, checked once at the gate.
- Identity verification
- Confirming who, or what, is actually making a request using real proof, not just an unverified claim.
- AI agent
- Software that decides, on its own, which tools to call and which actions to take in order to complete a task.
Zero trust verifies every request on its own merits, every time; the old model trusted location instead.
Perimeter-only security fails the moment one attacker gets past the single gate.
Three things get checked on every request: identity, device and context, and the specific scope requested.
AI agents need this more than people ever did, because being “inside the network” used to grant automatic trust for whatever they were doing.
References
- NIST Special Publication 800-207, Zero Trust Architecture, National Institute of Standards and Technology. csrc.nist.gov