Cloud security firm Zscaler has acquired AI security specialist SPLX, a pairing that offers a zero-trust take on AI protection.

Financial details were not disclosed, but the timing looks good. Companies are forecast to spend $375 billion in 2025 on AI infrastructure alone, a 67 percent leap from last year. At the same time, AI infrastructure investments are projected to exceed $250 billion by the end of 2025.

“AI is creating enormous value, but its full potential can only be realized when it can be secured. By combining SPLX’s technology with the intelligence of the Zscaler Zero Trust Exchange and its native data protection that classifies, governs, and prevents loss of sensitive data across prompts, models, and outputs, Zscaler will secure the entire AI lifecycle on one platform,” said Jay Chaudhry, CEO, Chairman, and Founder of Zscaler, in the announcement.

Shadow AI nightmares

SPLX, founded in 2023, raised roughly $9 million from LAUNCHub Ventures and Rain Capital, and sprinted into the spotlight.

Their pitch is simple. The startup developed a platform specifically designed to help organizations identify and secure AI models, workflows, and infrastructure across the lifecycle. SPLX launched AI Asset Management earlier this year to shine a light on AI models, autonomous workflows, and infrastructure many enterprises did not even know existed.

And then there is shadow AI. Employees spin up unauthorized apps and tools, often to move faster, often without telling IT. Blind spots follow. Attackers see open doors. Innovation turns into a liability, fast.

The integration introduces something new inside a familiar perimeter, a dedicated AI protection layer within Zscaler’s Zero Trust Exchange platform. Think asset discovery that does not stop at public apps, it reaches into private models, code repositories, and sprawling autonomous workflows.

The standout, though, is SPLX’s automated red-teaming. It ships with over 5,000 purpose-built attack simulations to probe AI systems and recommend real-time fixes. That flips the script from patch-and-pray to test-and-harden. The more autonomous and interconnected these systems get, the more that mindset matters.

Quirks and quests

Enterprises cannot bolt old playbooks onto AI. Traditional tools struggle with AI’s quirks, protecting sensitive data inside prompts, defending machine learning models from targeted attacks, governing who can use what, and when.

The acquisition addresses growing concerns about AI governance and compliance. The shift is toward proactive controls that move at the pace of adoption. SPLX CEO Kristian Kamber reckons that joining forces will secure “AI innovation at the speed organizations are adopting it.”

Before you say goodbye, here’s another good buy. AI-powered threat intelligence company Dataminr will acquire cybersecurity firm ThreatConnect in a deal valued at $290 million.