AI cyber executive order: what it means for IAM and AI controls

TL;DR: The new US AI and Cyber Executive Order focuses on software supply chain security, AI-generated code, secure system design, and vulnerability management, according to Lasso Security. The policy signal is clear: AI adoption now has governance consequences for IAM, NHI, and security teams, not just application owners.

NHIMG editorial — based on content published by Lasso Security: Lasso's commitment to a secure AI-driven future and the new Cyber Executive Order

Questions worth separating out

Q: How should security teams govern AI-generated code in regulated environments?

A: Treat AI-generated code as a governance input, not a trusted output.

Q: Why do AI tools complicate software supply chain security?

A: AI tools complicate supply chain security because they add new dependencies, more generated artefacts, and additional identities that can move code or data.

Q: What do organisations get wrong about AI governance and identity controls?

A: They often separate AI governance from identity governance, even though AI systems can shape access, code, and security decisions.

Practitioner guidance

• Map AI-influenced decision paths Document where AI systems influence code generation, vulnerability triage, or defensive actions, and identify which human approvals still exist versus which are only assumed.
• Review secrets handling in AI-assisted development Inspect repositories and pipelines for hardcoded secrets, insecure examples, and generated code paths that bypass normal review.
• Extend supply chain controls to machine identities Include build agents, deployment jobs, and orchestration tooling in your supply chain model so that identity governance covers the actors moving code into production.

What's in the full article

Lasso Security's full post covers the operational detail this post intentionally leaves for the source:

• Practical examples of real-time LLM monitoring and detection workflows for AI interactions
• Policy customisation details for applying context-aware guardrails in regulated environments
• Training and education themes for teams adopting LLM-based technologies securely
• The vendor's own framing of how the Cyber Executive Order maps to its platform capabilities

👉 Read Lasso Security's analysis of the new AI and Cyber Executive Order →

AI cyber executive order: what it means for IAM and AI controls?

Explore further

View Full Forum →  |  NHI Foundation Course →