Pillar named Frost & Sullivan leader for AI security strategy

At a glance

What this is: Pillar Security’s announcement frames Frost & Sullivan’s 2025 recognition as evidence that AI security is shifting toward lifecycle coverage across discovery, red teaming, runtime controls, and governance.

Why it matters: For IAM and security teams, the signal is that AI governance now spans identities, assets, permissions, and policy enforcement across the full AI lifecycle, not just model access.

By the numbers:

• 96% of technology professionals identify AI agents as a growing security threat, and 66% believe this risk is immediate.
• 17 minutes.

👉 Read Pillar Security's announcement on Frost & Sullivan's AI security recognition

Context

Pillar Security’s announcement is really about a broader AI security market shift, not just a single award. The topic is how enterprises are trying to govern AI systems across discovery, red teaming, runtime guardrails, and compliance, while keeping pace with AI asset sprawl and shadow AI.

For IAM, NHI, and security architecture teams, that matters because AI security is increasingly an identity problem as much as a model problem. The control question is no longer only whether an AI system is protected, but whether the right identities, entitlements, and enforcement points exist across its lifecycle.

Key questions

Q: How should security teams govern AI systems that can invoke tools and access data?

A: Security teams should govern AI systems with the same discipline used for high-risk non-human identities: inventory the asset, define ownership, constrain tool access, and monitor runtime actions. The critical control is to link permissions to execution, because an AI system that can act independently can create impact before a periodic review ever happens.

Q: Why do AI agents create a different security problem from standard automation?

A: AI agents create a different problem because they can choose actions at runtime, combine tools dynamically, and change behavior based on context. Standard automation follows a known path, which makes access and monitoring easier to predict. Once decision-making becomes runtime-dependent, governance must account for intent, scope drift, and tool misuse.

Q: How can organisations tell whether their AI controls are actually working?

A: They should look for evidence that inventories are complete, tool access is bounded, and runtime events are being logged and reviewed. If teams can only describe policy in theory but cannot trace what an AI system accessed or did, the control set is not operational. Visibility and auditability are the practical signals.

Q: What should IAM teams do when AI security and NHI governance overlap?

A: IAM teams should unify the control model rather than create separate oversight tracks. If an AI system holds credentials, reaches data, or invokes tools, it should be subject to entitlement review, ownership, and lifecycle controls just like other non-human identities. Separate models create blind spots in accountability and revocation.

Technical breakdown

AI asset discovery across the AI lifecycle

AI asset discovery in practice means finding models, prompts, datasets, local tools, and connected services wherever they live, not just in the formal CI/CD path. In AI environments, shadow assets often exist outside the SDLC, so traditional inventory methods miss the systems that actually create exposure. Discovery becomes a governance prerequisite because you cannot secure, certify, or monitor what you have not enumerated. That is especially true when AI systems connect to IdPs, repositories, and data platforms through multiple execution paths. Practical implication: build a complete AI asset inventory before you rely on policy, compliance, or runtime controls.

Practical implication: inventory AI assets before you attempt policy or runtime enforcement.

Adversarial red teaming for agentic AI and tool use

Adversarial red teaming tests how an AI system behaves under coordinated attack, not just whether it can answer prompts safely. For agentic AI, that means simulating multi-step abuse across tool calls, retrieval, execution workflows, and delegated actions. This matters because a system can appear safe in isolation but fail when chained actions interact with permissions, memory, or external data sources. Basic fuzzing is not enough when the attack surface includes runtime decision-making and tool invocation. Practical implication: test AI systems with end-to-end scenarios that reflect how attackers actually chain access, prompts, and tools.

Practical implication: red team the full tool chain, not just individual prompts.

Runtime guardrails and policy enforcement

Runtime guardrails are the controls that constrain what an AI system can do while it is operating, rather than only checking it beforehand. In this context, model-agnostic and adaptive guardrails matter because AI risks change as prompts, usage patterns, and connected tools change. Security teams should treat runtime enforcement as a policy layer that can block misuse, detect drift, and align AI behaviour with governance requirements. The important point is that enforcement must sit close to execution, where tool access and data movement actually occur. Practical implication: place controls at the runtime layer where actions, not intentions, are executed.

Practical implication: enforce policy at runtime, where AI actions actually occur.

Threat narrative

Attacker objective: The attacker aims to turn unmanaged AI access into data exposure, unauthorized execution, or governance bypass through the system’s own connected tools.

1. Entry occurs when AI assets, prompts, datasets, or connected integrations are discovered outside formal governance, creating shadow AI exposure points.
2. Escalation occurs when an AI system with tool access, repository access, or data-platform connectivity is red teamed or abused through multi-step interactions that exceed intended scope.
3. Impact occurs when the AI system can be used to leak data, invoke unauthorised actions, or bypass governance boundaries across the AI lifecycle.

Breaches seen in the wild

• DeepSeek breach — DeepSeek breach exposed 1M+ log lines and sensitive secret keys.
• Schneider Electric credentials breach — exposed credentials gave attackers access to Schneider Electric Jira, exfiltrating 40GB.

Read our 52 NHI Breaches Analysis report for a comprehensive view of breaches impacting Non-Human Identities including AI Agents.

NHI Mgmt Group analysis

AI security is becoming lifecycle governance, not point-product protection. The announcement reflects a market that is moving beyond narrow model screening toward discovery, testing, runtime enforcement, and compliance alignment across the AI stack. That is the right direction because AI risk is distributed across assets, identities, policies, and execution paths. Practitioners should read this as a signal to govern the whole AI lifecycle, not a single control plane.

Shadow AI turns inventory into a security control, not an administrative task. Once AI assets, prompts, and data connections exist outside known pipelines, governance loses visibility before it loses control. That is why discovery is now an identity-adjacent discipline: the question is who or what can reach which AI resource, through which credential, under which policy. Practitioners should treat unlisted AI assets as unmanaged access.

Recursive defense is becoming the new expectation for AI governance. Static review models do not fit systems that change behavior as prompts, tools, and usage patterns evolve. The field is moving toward feedback loops that connect red teaming, runtime telemetry, and policy enforcement so controls adapt as the system changes. Practitioners should assume AI governance must now be continuously re-evaluated, not periodically certified.

The enterprise AI security market is converging on identity control points. The more an AI system can browse, invoke tools, or act across platforms, the more its risk profile resembles a governed non-human identity. That creates a structural overlap between AI security and NHI governance that IAM teams can no longer ignore. Practitioners should align AI controls with identity, privilege, and lifecycle governance models rather than treating them as separate domains.

From our research:

• 98% of companies plan to deploy even more AI agents within the next 12 months, despite documented rogue behaviour in 80% of current deployments, according to AI Agents: The New Attack Surface report.
• 52% of companies can track and audit the data their AI agents access, which means 48% still operate with a compliance and investigation blind spot, according to AI Agents: The New Attack Surface report.
• For a deeper control model, see OWASP Agentic AI Top 10 for how agent goals, tools, and execution paths create new governance requirements.

What this signals

AI asset discovery is becoming the front door to governance. As agentic systems spread across repositories, IdPs, data platforms, and local environments, organisations need one inventory that ties assets to owners, permissions, and policy. The practical shift is from periodic discovery to continuous visibility, because unmanaged AI behaves like unmanaged access.

Runtime policy only works if it is tied to identity and execution. The next control gap is not whether policies exist, but whether teams can trace which identity used which tool under which condition. That is why governance teams should align their operating model with the OWASP Agentic AI Top 10 and identity-centric review processes.

Shadow AI is the category-defining concept here. Once AI systems appear outside approved pipelines, security teams lose consistent ownership and revocation paths. The next phase of programme maturity will be proving that every AI asset has an accountable lifecycle, not just a security review.

For practitioners

• Map every AI asset to an accountable owner Build an inventory that includes models, prompts, datasets, connected tools, and local environments, then assign explicit ownership for each entry. Use the inventory to identify shadow AI and to determine which systems lack governance coverage.
• Test AI systems with adversarial scenarios end to end Move beyond prompt-only checks and simulate multi-step abuse across data retrieval, tool invocation, and delegated actions. Include repository, IdP, and data-platform integrations in testing so you can see where permissions chain into impact.
• Place enforcement at the runtime layer Use guardrails that evaluate actions as they happen, not only during design review or deployment approval. Focus on blocking unauthorised tool use, unsafe data movement, and policy drift at the point of execution.
• Treat AI governance as identity governance Align AI policy, access control, and lifecycle review with IAM and NHI processes so AI systems are governed through the same accountability model as other non-human identities. That makes ownership, review, and revocation operational instead of ad hoc.

Key takeaways

• AI security is shifting toward full-lifecycle governance because discovery, red teaming, and runtime controls now matter together.
• Shadow AI and tool-using systems create identity-like exposure, which means ownership, entitlement, and auditability must be part of the control model.
• Practitioners should treat AI governance as an identity and execution problem, not as a standalone model-safety exercise.

Key terms

• Shadow AI: AI systems, prompts, or integrations that exist outside approved inventory and governance. In practice, shadow AI creates the same problem as unmanaged credentials: no owner, no clear review path, and no reliable revocation or monitoring process when behaviour changes.
• Runtime guardrails: Controls that evaluate and constrain AI behaviour while the system is operating, rather than only at build or approval time. For agentic systems, runtime guardrails are the closest equivalent to enforcement at the moment of action, which is where misuse, drift, and unsafe tool calls actually happen.
• AI asset discovery: The process of identifying all AI models, prompts, datasets, tools, and connected services across sanctioned and unsanctioned environments. It is the foundation for governance because policy cannot be enforced consistently when teams do not know what AI assets exist or who controls them.
• Agentic AI: AI that can choose actions and invoke tools during runtime rather than only responding passively. In identity terms, agentic AI behaves like a high-risk non-human actor because its permissions, timing, and execution path can change inside a session, which complicates review and control.

Deepen your knowledge

NHI governance, agentic AI identity, and machine identity security are core topics in our NHI Foundation Level course, the industry's only accredited NHI security programme. If you are responsible for identity security strategy or governance in your organisation, it is worth exploring.

This post draws on content published by Pillar Security: A Milestone for Pillar, honored as Frost & Sullivan's 2025 Competitive Strategy Leader for AI Security. Read the original.