Evolving Zero Trust Architectures for AI-Driven Cyber Threats in Healthcare and Other High-Risk Data Environments: A Systematic Review

Abstract

The rapid adoption of artificial intelligence (AI) in healthcare and other high-risk environments has introduced sophisticated cyber threats that challenge traditional security models. Zero Trust Architecture (ZTA), with its principle of "never trust, always verify," has emerged as a promising framework to counter these evolving risks. This systematic review examines the current state of ZTA implementations in mitigating AI-driven cyber threats, focusing on healthcare systems, and identifies gaps between theoretical principles and real-world applications. Following the Preferred Reporting Items for Systematic Reviews and Meta-Analyses (PRISMA) 2020 guidelines, we conducted a comprehensive search across five databases (IEEE Xplore, PubMed, Scopus, Web of Science, and ACM Digital Library), identifying 299 records. After removing duplicates and screening for relevance, 15 studies met the inclusion criteria. These studies were analyzed for themes related to ZTA components, AI threat mitigation, implementation challenges, and ethical considerations. The Mixed Methods Appraisal Tool (MMAT) was used to assess methodological quality and risk of bias. The review revealed that while ZTA principles are well-suited to address AI-driven threats, particularly through explainable AI (XAI) and continuous monitoring, significant gaps persist in standardization, empirical validation, and stakeholder trust. Key findings include (1) a lack of metrics to evaluate ZTA efficacy against adversarial AI; (2) ethical and regulatory hurdles, such as algorithmic bias and data privacy concerns; and (3) operational barriers like interoperability issues and clinician resistance. Only four of the 15 studies provided real-world evidence of ZTA implementations, highlighting a critical research-practice divide. ZTA represents a transformative approach to cybersecurity in AI-augmented environments, but its potential remains underutilized due to theoretical dominance and implementation challenges. Future efforts must prioritize interdisciplinary collaboration, standardized frameworks, and pilot studies to bridge these gaps. Without actionable advancements, ZTA risks being outpaced by the very AI threats it seeks to mitigate. This review underscores the urgent need for adaptive, evidence-based ZTA models tailored to high-risk sectors, such as healthcare.

Keywords: ai-driven cyber threats; explainable ai; healthcare cybersecurity; systematic review; zero trust architecture.

Figure 1. PRISMA Flowchart Showing the Study Selection Process

PRISMA: Preferred Reporting Items for Systematic Reviews and Meta-Analyses