TL;DR: AI is speeding up phishing, reconnaissance, and lateral movement, while defenders are being pushed toward concurrent, context-aware response models that can act in minutes rather than hours, according to Illumio. The security lesson is that observability, workflow timing, and control context now matter as much as detection volume.
At a glance
What this is: This is an analyst-style commentary on why AI security depends on context across data, models, and workflows, not on AI branding or automation alone.
Why it matters: It matters because IAM, NHI, and SOC teams need governance models that can account for AI agents, model inputs, and machine-speed response without assuming human-paced approval loops.
👉 Read Illumio's analysis of AI defence, context, and concurrent response
Context
AI has changed the pacing of attack and defence, but the governance gap is not speed alone. The harder problem is context: what data enters an AI system, what model processes it, who or what can use it, and how the resulting output is acted on inside the environment.
For identity and security teams, that makes AI a governance problem as much as a detection problem. When non-human identities, model workflows, and automated response are all interacting, traditional control models that assume a human operator in the loop start to lose precision.
Key questions
Q: How should security teams govern AI agents that can access enterprise systems?
A: Security teams should govern AI agents as non-human identities with explicit ownership, scoped privileges, and continuous monitoring. The control set should include inventory, task-bound credentials, audit trails, and revocation paths. If an agent can call tools or touch production systems, it belongs in the same governance model as service accounts and other machine identities.
Q: Why do AI-driven attacks change the way security teams should think about containment?
A: AI changes the speed and scale of attack steps, not the underlying tactics. That means organisations must assume a compromised asset can be turned into a broader incident before manual response catches up. Containment matters because it restricts the attacker’s next move, which is what converts an exposure into a breach.
Q: What do organisations get wrong about AI observability?
A: They often confuse technical telemetry with governance evidence. Dashboards can show latency, throughput, and error rates, but that does not prove the AI system stayed within approved data, policy, or accountability boundaries. Effective observability must capture the decision path, not just the system status.
Q: Who is accountable when an AI system makes a harmful decision?
A: Accountability should follow the identity chain that authorized, configured, or triggered the action, including the human owner, the platform team, and any delegated agent or tool account. If the organisation cannot name that chain, the governance model is too weak for regulated AI use.
Technical breakdown
Context as the control plane for AI security
Context is the decision layer that tells security tools what a model is seeing, what it can influence, and which downstream systems may act on its output. In practice, that means tying together data provenance, identity context, model behaviour, and workflow state. Without those relationships, security teams may detect activity but still not understand whether it is normal model use, prompt injection, or a compromised non-human identity driving the workflow. Graph-based observability is useful here because it models relationships, not just events.
Practical implication: Build controls around data lineage, model access, and workflow relationships before relying on AI-driven response.
Why concurrent defence matters more than sequential response
Sequential security operations assume there is time to investigate first, then contain later. AI compresses that timeline. If an attacker can move from entry to exploitation in minutes, the defence model has to observe, decide, and contain in parallel. That does not mean replacing analysts. It means automating the narrow, repeatable response steps while preserving human oversight for higher-risk decisions. The real change is operational tempo, not just tooling.
Practical implication: Redesign response playbooks so detection, containment, and validation can happen at the same time.
AI agents and non-human identities expand the control surface
AI systems are not just workloads. When they can ingest data, choose tools, and trigger downstream actions, they create identity and access questions that look a lot like NHI governance, even when the broader use case is AI defence. Access scope, provenance, and runtime behaviour all matter because the system is acting on behalf of the organisation. This is where boundaries blur between observability, policy enforcement, and identity lifecycle management.
Practical implication: Treat AI agents as governed identities and include them in your NHI inventory, review, and offboarding processes.
Threat narrative
Attacker objective: The attacker aims to outpace human defence by using AI to widen access, accelerate movement, and make containment too slow to stop spread.
- Entry occurs through faster AI-assisted phishing, reconnaissance, or manipulation of model inputs that create a foothold before human teams can respond.
- Escalation follows when attackers use AI to speed lateral movement, prompt manipulation, or AI-on-AI interference that expands the initial compromise.
- Impact is realised when containment lags behind machine-speed execution, allowing the threat to spread before response workflows complete.
Breaches seen in the wild
- MITRE ATT&CK Enterprise Matrix — MITRE ATT&CK Enterprise — adversary tactics and techniques, threat detection, attack chain mapping, credential access, lateral movement, privilege escalation.
- DeepSeek breach — DeepSeek breach exposed 1M+ log lines and sensitive secret keys.
Read our 52 NHI Breaches Analysis report for a comprehensive view of breaches impacting Non-Human Identities including AI Agents.
NHI Mgmt Group analysis
Context is now an identity control, not just an observability feature: AI defence fails when teams can see activity but cannot tie it to data provenance, model behaviour, and actor identity in one control plane. That is why context matters across NHI, human access, and automated workflows. Practitioners should treat context as the prerequisite for any meaningful policy decision.
Machine-speed attacks collapse the assumptions behind sequential response: Detection, triage, and containment were designed for human-paced operations. That assumption breaks when attackers use AI to compress multiple stages into minutes, because the window for manual handoff disappears. The implication is that response governance must be redesigned around concurrent action, not linear escalation.
AI agents extend NHI governance into runtime behaviour: The same governance discipline used for service accounts and workload identities now applies when AI systems can read data, choose actions, and trigger tools. Static permissioning is not enough if the identity can change what it does based on context. Practitioners need to classify AI agents as governed identities, not simply as applications.
Graph-based security exposes the relationships that conventional tools miss: Security graphs are valuable because they connect systems, identities, and behaviour instead of treating events as isolated alerts. That matters when the critical question is not just whether something happened, but what it could reach next. For teams managing AI-enabled defence, the practical lesson is to map relationships before assuming visibility equals control.
From our research:
- 43% of security professionals are concerned about AI systems learning and reproducing sensitive information patterns from codebases, according to The State of Secrets in AppSec.
- Only 44% of developers are reported to follow security best practices for secrets management, which leaves a behaviour gap that AI-assisted development can amplify.
- That same report also shows organisations maintain an average of 6 distinct secrets manager instances, a fragmentation pattern that weakens centralised control and lifecycle visibility.
What this signals
Context debt: the more AI systems influence decisions, the more security teams need relationship-level visibility across identities, data, and workflows. If that context is missing, response becomes guesswork and governance becomes reactive rather than operational.
The practical signal for practitioners is a shift from event-centric monitoring to actor-centric control. Teams that already manage NHI inventories and lifecycle reviews should extend those disciplines to AI systems now, because the control gaps emerge first in ownership, scope, and offboarding.
With AI systems increasingly touching sensitive code and data, the governance conversation should move from whether automation exists to whether the organisation can explain what the automation is allowed to touch. That is the threshold between experimentation and controlled deployment.
For practitioners
- Map AI data, model, and workflow context Inventory what data enters each model, who or what can access it, and which downstream actions the output can trigger. Build that into control reviews so security decisions reflect actual runtime relationships, not just deployed systems.
- Move response playbooks to concurrent execution Split containment, validation, and investigation into parallel steps where the risk allows it. If the first responder waits for a full human review before isolating a suspicious flow, the response model is already too slow.
- Classify AI agents as governed identities Add AI agents to identity inventories, assign ownership, and include them in lifecycle processes such as access review and offboarding. If an AI system can call tools or access data, it should not sit outside identity governance.
- Use relationship-based telemetry for containment Prefer controls that show how identities, models, and systems connect so you can contain spread quickly. The key question is not only what was accessed, but what the compromised path could reach next.
Key takeaways
- AI defence fails when security teams can observe activity but cannot connect it to data, models, identities, and workflows.
- Machine-speed attacks reduce the value of sequential response and increase the need for concurrent containment.
- AI agents should be governed as non-human identities because runtime behaviour, not branding, determines the access risk.
Standards & Framework Alignment
This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.
OWASP Agentic AI Top 10, OWASP Non-Human Identity Top 10 and MITRE ATLAS address the attack and risk surface, while NIST CSF 2.0 and NIST AI RMF set the governance and control requirements practitioners need to meet.
| Framework | Control / Reference | Relevance |
|---|---|---|
| OWASP Agentic AI Top 10 | The article discusses AI agents, tool use, and excessive agency in defensive workflows. | |
| OWASP Non-Human Identity Top 10 | NHI-03 | AI systems touching data and tools require governed NHI lifecycle controls. |
| MITRE ATLAS | TA0006 , Credential Access; TA0008 , Lateral Movement | The article describes AI-assisted attack speed, reconnaissance, and lateral movement patterns. |
| NIST CSF 2.0 | PR.AC-4 | The piece centres on access control, context, and containment decisions. |
| NIST AI RMF | MANAGE | AI response automation and agent governance fit risk management and operational oversight. |
Inventory AI identities, scope their access, and review offboarding with the same discipline as service accounts.
Key terms
- Context-aware security assistant: A context-aware security assistant is a system that answers operational questions by combining live telemetry, audit data, and configuration state. It is not a control by itself. Its value comes from preserving evidence provenance so practitioners can verify why a response was produced and whether the underlying data is current.
- Concurrent defence: An operating model where detection, containment, validation, and coordination happen in parallel rather than in sequence. It is designed for machine-speed threats and requires automation, clear ownership, and response paths that do not wait on one another.
- AI Agent Identity: The digital identity used by an autonomous AI agent to authenticate to external systems, APIs, and services. Managing AI agent identities is an emerging and rapidly evolving area of NHI security.
- Graph-based observability: A telemetry model that shows how systems, identities, data, and behaviours connect. It is useful when the security question is about reach, dependency, or blast radius, not just whether a single event occurred.
What's in the full article
Illumio's full article covers the operational detail this post intentionally leaves for the source:
- The IBM executive interview and the specific examples used to explain AI-assisted attack speed and defensive concurrency.
- The product and platform references behind graph-based observability and how those ideas are positioned in the original article.
- The full discussion of AI agents in SOC workflows, including the 30 to 40 percent operational capacity claim.
- The article's own examples of model testing, prompt injection, and containment strategy in context.
Deepen your knowledge
NHI governance, agentic AI identity, and machine identity security are core topics in our NHI Foundation Level course, the industry's only accredited NHI security programme. If you are building or maturing an identity security programme, it is worth exploring.
Published by the NHIMG editorial team on July 11, 2026.
NHI Mgmt Group — the independent authority on Non-Human Identity, IAM, and Agentic AI security. nhimg.org