[German]Another scandal in the field of AI training. US provider ZScaler has just come under scrutiny for using 500,000,000,000 daily logs from customer systems to train its AI systems. ZScaler sees no problem with this, but security researchers consider it a crazy idea. Addendum: They share this data also with third party provider (marketing etc.).
Zscaler is an American cloud security company headquartered in San Jose, California. They offer a zero-trust platform that helps organizations securely transform their networks and applications for a modern, cloud-based world. Zscaler aims to protect customers from cyberattacks and data loss.
I came across this issue through the above tweet from MalwareHunterTeam. They write, "So these clowns treat the URLs their customers visit as proprietary data? If we understand this correctly, it's just another reason for companies that are still using their crap to switch to something that isn't completely useless for protection purposes." Does anyone use ZScaler?
Addendum: ZScaler has since responded to the reports and published this article with explanations. There is an article here from August 20, 2025, which provides a more comprehensive overview of the situation. This gives Zero Trust a whole new meaning.
Just the tip of the iceberg?
Someone has since responded to the above tweet (thanks to the reader comment). It is probably just the tip of the iceberg that was mentioned above. The following tweet shows the abyss:
The customer data collected by ZScaler is shared with a network of "shadow providers" (marketing companies, etc.). In the event of a ZScaler takeover, customer data would be transferred to the buyer. No European company subject to the GDPR can really accept this.
