The Erosion of Cybersecurity Zero-Trust Principles Through Generative AI: A Survey on the Challenges and Future Directions

Xu DGondal IYi XSusnjak TWatters PMcIntosh TR2026-01-052025-12-01Xu D, Gondal I, Yi X, Susnjak T, Watters P, McIntosh TR. (2025). The Erosion of Cybersecurity Zero-Trust Principles Through Generative AI: A Survey on the Challenges and Future Directions. Journal of Cybersecurity and Privacy. 5. 4.https://mro.massey.ac.nz/handle/10179/73973Generative artificial intelligence (AI) and persistent empirical gaps are reshaping the cyber threat landscape faster than Zero-Trust Architecture (ZTA) research can respond. We reviewed 10 recent ZTA surveys and 136 primary studies (2022–2024) and found that 98% provided only partial or no real-world validation, leaving several core controls largely untested. Our critique, therefore, proceeds on two axes: first, mainstream ZTA research is empirically under-powered and operationally unproven; second, generative-AI attacks exploit these very weaknesses, accelerating policy bypass and detection failure. To expose this compounding risk, we contribute the Cyber Fraud Kill Chain (CFKC), a seven-stage attacker model (target identification, preparation, engagement, deception, execution, monetization, and cover-up) that maps specific generative techniques to NIST SP 800-207 components they erode. The CFKC highlights how synthetic identities, context manipulation and adversarial telemetry drive up false-negative rates, extend dwell time, and sidestep audit trails, thereby undermining the Zero-Trust principles of verify explicitly and assume breach. Existing guidance offers no systematic countermeasures for AI-scaled attacks, and that compliance regimes struggle to audit content that AI can mutate on demand. Finally, we outline research directions for adaptive, evidence-driven ZTA, and we argue that incremental extensions of current ZTA that are insufficient; only a generative-AI-aware redesign will sustain defensive parity in the coming threat cycle.CC BY(c) 2025 The Author/shttps://creativecommons.org/licenses/by/4.0/zero trustgenerative AIcybersecurityadversarial attackstrust mechanismsAI auditingThe Erosion of Cybersecurity Zero-Trust Principles Through Generative AI: A Survey on the Challenges and Future DirectionsJournal article10.3390/jcp50400872624-800Xjournal-article87