AI-assisted design systems need context-aware governance

At a glance

What this is: This is a practitioner analysis of using AI with Figma MCP to build design systems, with the key finding that real context makes AI more effective at normalization and refactoring.

Why it matters: It matters because IAM and security teams increasingly have to govern AI tools that read live design, code, and workflow context, which raises access, observability, and data exposure questions across NHI, autonomous, and human programmes.

By the numbers:

• When AWS credentials are exposed publicly, attackers attempt access within an average of 17 minutes and as quickly as 9 minutes in some cases.
• Only 44% of developers are reported to follow security best practices for secrets management, exposing a significant developer behaviour gap.

👉 Read Lasso Security's analysis of AI-assisted design systems with Figma MCP

Context

AI-assisted design systems are not just a productivity story. They change the security profile of the workflow because the model can inspect real structures, naming conventions, token values, and component relationships inside a live file. For IAM and security leaders, that means contextual access is now part of the control surface, not just the application surface.

The article argues for starting with tokens, then components, then usage patterns so that complexity does not outpace governance. That sequence is useful because it mirrors how identity programmes usually fail: structure is added before policy is stabilised, and the result is inconsistency that becomes hard to reverse. In this case, the starting point is an AI-supported design workflow, which is becoming increasingly normal in product teams.

Key questions

Q: How should teams govern AI tools that can inspect live design files?

A: Treat the integration like any other non-human identity with contextual access. Define the exact files, layers, and structures it may read, log every access path, and review whether the tool can infer more architectural detail than the task requires. The control objective is observability plus scope reduction, not blind trust in the prompt or the model.

Q: Why do design tokens matter so much when AI is helping build components?

A: Tokens are the stability layer that keeps visual and behavioural rules consistent across a growing system. If token values, naming, or semantics drift, AI will normalise the wrong pattern faster than a human team can catch it. Good token governance turns AI into a refactoring aid instead of an inconsistency multiplier.

Q: What is the main risk of giving AI access to component hierarchies and style mappings?

A: The risk is that the tool can expose design architecture, not just render assistance. Component trees, variant properties, and style mappings can reveal implementation patterns, internal naming logic, and product structure that may be sensitive in proprietary environments. Teams should classify that context as controlled data, not harmless metadata.

Q: When should security teams treat AI design tooling as an identity governance issue?

A: When the tool can read, extend, or refactor live production context without a human reviewing each access decision. At that point, you are governing a non-human access path with real entitlement scope, review requirements, and audit needs. The question becomes who can see what, for how long, and under which approval model.

Technical breakdown

How MCP changes AI from a prompt engine into a context reader

Model Context Protocol lets an AI tool read structured information from the environment it is operating in, rather than relying only on pasted prompts. In a Figma workflow, that can include component trees, token definitions, naming conventions, and style mappings. The technical shift is important: the model is no longer guessing from natural language, it is evaluating the file’s actual state and relationships. That makes inspection, normalization, and refactoring possible, but it also means the access boundary matters because the AI can infer more than the user intended to summarise.

Practical implication: treat MCP connections as contextual access pathways and define what file structures the AI may inspect.

Why token architecture becomes the stability layer for AI-assisted systems

Design tokens are the machine-readable contract that keeps color, spacing, type, and elevation consistent across components. When AI can see those values directly, it can flag drift such as near-duplicate colours, inconsistent spacing increments, and naming mismatches before they spread into the component layer. The technical value is less about generating UI and more about preserving a single source of truth. If token governance is weak, AI will simply accelerate inconsistency instead of correcting it.

Practical implication: normalise tokens first, because downstream AI refactoring only works when the foundation is coherent.

Why structural visibility improves variant management and documentation

Variant sprawl happens when components accumulate overlapping states, inconsistent disabled or loading behaviour, and unclear usage boundaries. With contextual access, AI can compare matrices across components and identify where different patterns are really the same pattern expressed differently. That gives teams a way to treat variants as governed contracts instead of ad hoc options. It also lets documentation reflect the actual implementation logic, which reduces ambiguity for designers and engineers who need to use the system consistently.

Practical implication: use AI to detect duplicated variant logic and to align usage guidance with the live component model.

Breaches seen in the wild

• Salesloft OAuth token breach — hackers stole OAuth tokens to access Salesforce data via Salesloft.
• Internet Archive breach — unsecured GitLab authentication tokens exposed 31M Internet Archive accounts.

Read our 52 NHI Breaches Analysis report for a comprehensive view of breaches impacting Non-Human Identities including AI Agents.

NHI Mgmt Group analysis

Context-aware AI is becoming a governance problem, not just a design-system convenience. Once an AI tool can inspect live file structures, the question changes from output quality to access scope. The control surface now includes component hierarchies, naming systems, and token relationships that can reveal product architecture. Practitioners should treat this as a contextual access design issue, not a content-generation feature.

Design-system integrity depends on stabilising tokens before allowing structural automation to scale. The article’s sequencing is sound because token drift spreads into every downstream component decision. In identity terms, this is the same failure pattern seen when provisioning policy is not settled before access sprawl begins: the system gains speed, but governance loses coherence. The practitioner conclusion is that structure must be normalised before automation is allowed to amplify it.

Least-knowledge access for AI tools is becoming the missing control in product workflows. The article shows why allowing AI to inspect real file context is operationally useful, but it also demonstrates how much architectural detail can be exposed through seemingly narrow integration points. That places the burden on access design, logging, and review rather than on the model itself. Teams should assume the tool will see more than the user intended unless scope is deliberately constrained.

Workflow AI now sits in the same governance conversation as service accounts and other non-human identities. Figma MCP is not an autonomous actor here, but it is a non-human identity path that can read, transform, and surface sensitive structure inside a product environment. That means lifecycle, entitlement scope, and observability all matter in the same way they do for other NHIs. The practitioner conclusion is that AI-assisted design needs identity governance, not just creative tooling oversight.

From our research:

• The average estimated time to remediate a leaked secret is 27 days, despite 75% of organisations expressing strong confidence in their secrets management capabilities, according to The State of Secrets in AppSec.
• GitGuardian & CyberArk also reported that organisations maintain an average of 6 distinct secrets manager instances, a fragmentation pattern that often weakens centralised control.
• For a wider AI and secrets context, review OWASP Agentic Applications Top 10 for the access and tool-use risks that emerge when context becomes executable.

What this signals

Context-aware AI is now a control-plane issue for product teams. Once a model can inspect live structures inside a design file, security teams need a way to govern what the tool can infer, not just what it can output. That shifts the conversation from content moderation to contextual entitlement management, which is why observability and scoped access matter as much as the model choice itself.

The practical pattern is familiar: the more reusable structure a workflow exposes, the more useful it becomes to automation and the more sensitive it becomes to abuse. If you want a broader lens on that tradeoff, the OWASP Agentic AI Top 10 is a useful external reference for tool-use and identity boundary risks. For product and security teams, the next step is to map AI integrations to existing non-human access reviews before they become invisible dependencies.

Design-system governance and NHI governance are converging. A tool that can inspect tokens, styles, and component logic behaves like a governed non-human access path, even when the use case is not security-facing. That means lifecycle, scope review, and auditability need to be applied to creative workflows too, especially when the same environment contains proprietary product architecture.

For practitioners

• Constrain file-context access for AI tools Define which Figma files, layers, and token sets an AI integration can inspect, and route access through an observable gateway so contextual access is logged and reviewable.
• Stabilise token governance before scaling automation Normalise color, spacing, radius, and semantic surface tokens first, then let AI compare and refactor against that baseline so it does not amplify existing drift.
• Treat variants as governed contracts Document the states that are valid, remove overlapping configurations, and use AI-assisted comparisons to identify duplicated loading, disabled, or interaction patterns.

Key takeaways

• AI-assisted design systems improve consistency only when the underlying file context is controlled and observable.
• Token governance is the prerequisite for any AI-driven refactoring because stable structure prevents automation from scaling drift.
• Product teams now need identity-style controls for non-human tooling that can inspect live design architecture.

Key terms

• Model Context Protocol: A protocol that lets an AI tool connect to external systems and inspect real context instead of relying only on pasted prompts. In practice, that makes the integration more useful and more sensitive, because the model can read structured file content, infer relationships, and surface information that must be governed like access to any other internal system.
• Design Tokens: Reusable values that define visual and behavioural consistency across a design system, such as colour, spacing, typography, and elevation. They act as the stable layer that components depend on, so drift in tokens spreads quickly into the entire system and becomes harder to correct once automation starts amplifying it.
• Contextual Access: Access that depends on the live state of the environment being read or used, not just on a static permission list. For AI-assisted workflows, contextual access can reveal file structures, naming logic, and implementation patterns, so it needs explicit scope, logging, and review like any other sensitive entitlement.
• Variant Sprawl: The accumulation of overlapping component states and configuration patterns that make a design system harder to maintain. It usually starts small, then expands as teams add exceptions. AI can help surface duplication, but only if the underlying component logic and token architecture are already coherent.

Deepen your knowledge

AI-assisted design system governance is covered in the NHI Foundation Level course, the industry's only accredited NHI security programme. If your team is starting to govern contextual access for design or product tooling, it is a relevant place to begin.

This post draws on content published by Lasso Security: Building a Scalable Design System with AI & Figma MCP. Read the original.