Traditional security models fail to protect educational and public cultural institutions (e.g., schools, libraries) against AI-enhanced advanced persistent threats. Method: This paper proposes the first zero-trust security framework tailored to this high-information-flow, low-security-baseline context. It systematically adapts zero-trust’s three core principles—continuous verification, least privilege, and “never trust, always verify”—by designing a layered checkpoint deployment paradigm. The framework integrates identity-aware authentication, dynamic access control, micro-segmentation, user behavior analytics, and policy-as-code (PaC) to enable fine-grained, programmable network governance. Contribution/Results: It represents the first structured, operational zero-trust implementation for such resource-constrained, highly dynamic environments, yielding an extensible deployment guideline. Empirical evaluation demonstrates significant suppression of lateral movement, providing a scenario-validated security hardening pathway for vulnerable organizations.

In response to the increasing complexity and sophistication of cyber threats, particularly those enhanced by advancements in artificial intelligence, traditional security methods are proving insufficient. This paper provides an overview of the zero-trust cybersecurity framework, which operates on the principle of “never trust, always verify” to mitigate vulnerabilities within organizations. Specifically, this paper examines the applicability of zero-trust principles in environments where large volumes of information are exchanged, such as schools and libraries, highlighting the importance of continuous authentication (proving who users are within the network), least privilege access (providing only access to what users specifically need), and breach assumption (assuming a breach has or will occur and thus operating to limit the spread through the use of multiple checkpoints throughout the network). The analysis highlights avenues for future research that may help preserve the security of vulnerable organizations.