In a recent development that has raised eyebrows in the cybersecurity community, Zscaler CEO Jay Chaudhry has confirmed that the company is using what they term “proprietary logs” from customer data to train their AI models. This revelation came during an online event, echoing similar statements made in a 2024 earnings call where Chaudhry disclosed that Zscaler processes over three trillion logs from customers’ IT estates weekly.

As a Houston cybersecurity company with years of expertise, NGNSYS understands the importance of data privacy in the evolving world of AI. This discussion not only underscores the challenges of trust in the industry but also highlights the role of reliable Houston computer security practices in protecting organizations combined with AI and Security.

What Exactly Is Happening?

According to Chaudhry, Zscaler’s cloud platform handles more than half a trillion transactions daily through its “Zero Trust Exchange” platform, which serves 47 million users across nearly 8,700 customers. These transactions generate vast quantities of data that Zscaler is calling “proprietary logs” that feed into their data lake. These logs include both structured and unstructured data, including full URLs, which the company leverages to train AI models that power their platform innovations.

The distinction between customer data and “proprietary logs” raises important questions. While Zscaler doesn’t store the actual payload data (like the contents of documents), they do store metadata about transactions, including potentially sensitive information like URLs visited, transaction details, and security event data. For businesses evaluating Houston cybersecurity services, this distinction is especially critical.

The Technical Perspective

As a proxy service, Zscaler has visibility into far more information than traditional firewalls. While a firewall typically captures basic connection details (source/destination IPs, ports, protocols), Zscaler’s position as a proxy means they intercept and analyze TLS traffic, validate certificates, and have access to complete URL/URI information.

For customers using Zscaler’s data protection features, the platform scans traffic for data loss prevention using CASB/API capabilities. While Zscaler states they don’t store customer payload data, they do retain metadata about these transactions, including hashes of files and comprehensive logs of all traffic passing through their system. This reinforces why organizations must rely on a trusted Houston cybersecurity partner to navigate these technical nuances.

The Ethical Questions

This practice raises several critical questions for organizations using cloud services:

• Should cloud vendors be able to use your data to train their AI models? While there’s potential benefit in using aggregated data to improve security or other systems, the line between improving services and exploiting customer data can become blurred. At NGNSYS, we believe that security vendors should be extremely cautious about how they utilize customer data, even when it’s “just logs.” What constitutes metadata to a vendor might represent sensitive business intelligence to a customer.

The security industry has traditionally operated on a basis of extreme trust. When an organization implements a security solution, they’re essentially giving that vendor visibility into their most sensitive operations. This privileged position should come with corresponding ethical responsibilities.

• Should AI Companies disclose what they are doing with your data, and/or request your approval before doing so? Transparency should be non-negotiable. We firmly believe that vendors must explicitly disclose how they use customer data and obtain informed consent before repurposing that data (even for seemingly beneficial purposes like AI training). Many organizations have regulatory requirements or internal policies that might prohibit their data being used in this manner, even in anonymized form.

Simply burying these terms in a lengthy service agreement isn’t sufficient. Organizations deserve clear communication about how their data might be used beyond the direct provision of security services. This is why Houston IT management and Houston managed IT services providers like NGNSYS emphasize transparency as a cornerstone of trust, and as a Houston AI company, NGNSYS is positioned well to help guide companies when they are looking for AI Solutions.

NGNSYS’s Perspective

At NGNSYS, we approach customer data with the utmost respect and transparency. We believe in a simple principle: your data belongs to you. While aggregated insights can benefit the broader security community, this should never come at the expense of customer privacy, or without explicit consent.

As cybersecurity professionals, we recognize the tremendous value in having visibility into threat patterns across organizations. However, we also understand that this visibility is a privilege that comes with significant responsibilities.

When selecting vendors and products, we both guide, and encourage our clients to ask pointed questions about data usage policies:

• How is my organization’s data being used beyond direct service provision?
• What specific data elements are retained and for how long?
• Is my data being used to train AI or machine learning systems?
• Can I opt out of having my data used for purposes beyond direct security services?
• How is my data segregated from that of other customers?

For organizations in Houston and beyond, working with a cybersecurity partner who understands these dynamics is key. Whether it’s Houston cybersecurity strategy, Houston computer security audits, or full-scale Houston managed IT services, NGNSYS provides clarity and accountability in every engagement.

Moving Forward

As AI becomes increasingly central to cybersecurity solutions, the industry needs to develop clearer standards around data usage. We believe that security vendors should:

• Provide explicit, clear disclosures about data usage
• Offer meaningful opt out mechanisms
• Implement robust data minimization practices
• Establish clear data retention policies
• Ensure appropriate anonymization of any data used for broader purposes

Ultimately, trust is the foundation of effective security partnerships. At NGNSYS, we remain committed to maintaining that trust through transparency, respect for customer data, and ethical business practices.

We’d love to hear your thoughts on this topic. Should security vendors be able to use customer data to train AI models? Under what conditions would you consider this acceptable? Share your perspective in the comments below.

About NGNSYS, LLC

NGNSYS is a cybersecurity focused IT provider headquartered in Houston, with additional offices in Charlottesville and Grenada. We specialize in providing comprehensive cybersecurity services, systems development, and systems management for organizations of all sizes. As a trusted Houston cybersecurity company, we deliver Houston IT management, Houston computer security, Houston AI services, and Houston managed IT services to clients across industries while maintaining a global reach. Learn more about our approach to security and our commitment to protecting what matters most at www.ngnsys.com.