A security architecture that assumes no actor (user, service, network) is trusted by default, every request is authenticated and authorized.
Zero trust is a security architecture pattern that replaces the perimeter model ('inside the VPN is trusted, outside is not') with continuous authentication and authorization at every request. Every service-to-service call is authenticated (typically with mTLS or signed JWTs), every user request is authorized at the resource level (not just at the gateway), and policy decisions consider context, who, from where, on what device, accessing what. The architecture removes the 'soft chewy center' that historical perimeter security created.
Most enterprise breaches start with a credential phish that lands an attacker inside the perimeter, after which they pivot freely because everything behind the firewall trusts everything else. Zero trust collapses that lateral-movement attack surface by making every hop re-authenticate. For SRE teams, the operational cost is non-trivial (token rotation, mTLS cert lifecycle, policy evaluation latency), but the breach blast-radius reduction is significant.
See the part of the platform that handles zero trust in production.