Notifications
Clear all
Topic starter
09/06/2026 11:07 pm
TL;DR: Enterprises are already seeing prohibited genAI use, shadow AI, and agent activity that legacy DLP, CASB, SIEM, and firewall controls cannot fully inspect, according to WitnessAI and cited industry research. The governance gap is widening because security teams need prompt, response, data-flow, and agent-action visibility before AI adoption outpaces review cycles.
NHIMG editorial — based on content published by WitnessAI: AI observability is becoming the control plane for enterprise AI security
By the numbers:
- 69% of organizations already suspect or have confirmed evidence of employees using prohibited generative AI tools, according to a Gartner GenAI blind spots survey of 302 cybersecurity leaders.
- 63% of breached organizations either lack an AI governance policy or are still developing one, according to the Cost of Data Breach report.
Questions worth separating out
Q: How should security teams govern AI use that happens outside approved tools?
A: Start with discovery, not enforcement.
Q: Why do legacy DLP and CASB controls fall short for AI observability?
A: They were built for structured files, email, and application access, not conversational prompts or model outputs.
Q: How do organisations know if AI observability is actually working?
A: They should be able to answer three questions quickly: what AI tools are in use, what data entered those systems, and what actions or outputs followed.
Practitioner guidance
- Build a complete AI inventory Catalog sanctioned and unsanctioned AI tools, embedded copilots, IDE extensions, agent frameworks, and MCP-connected systems before you try to enforce policy.
- Inspect prompts, outputs, and tool calls Capture bidirectional content plus agent actions so security teams can reconstruct what entered the model, what it returned, and what it triggered next.
- Classify requests by intent and business context Use user role, purpose, and data sensitivity to distinguish low-risk productivity use from requests that need routing, tokenization, warning, or blocking.
What's in the full article
WitnessAI's full research covers the operational detail this post intentionally leaves for the source:
- Network-level discovery workflow for finding hidden AI apps, agents, and MCP-connected systems across the enterprise
- Policy action model examples for allow, warn, block, and route decisions in live AI conversations
- Runtime protection patterns for tokenization, response filtering, and pre-execution agent guardrails
- Implementation detail on how the platform ties agent actions back to a human identity for audit and investigation
👉 Read WitnessAI's analysis of enterprise AI observability and governance →
AI observability for enterprise security: are your controls keeping up?
Explore further
10/06/2026 1:20 am
AI observability is the missing governance layer between discovery and enforcement. Security teams cannot govern what they cannot see, and AI usage now spans browser chats, embedded copilots, IDE assistants, and autonomous agents. The control gap is not just visibility into the application layer. It is the absence of runtime context for prompts, outputs, and actions. Practitioners should treat observability as the control plane that makes policy enforceable across AI use cases.
A few things that frame the scale:
- 85% of organisations lack full visibility into third-party vendors connected via OAuth apps, according to The State of Non-Human Identity Security.
- That visibility gap is split between 38% with no or low visibility and 47% with only partial visibility, which is why runtime AI discovery matters for governance.
A question worth separating out:
Q: How should teams handle autonomous agents that can take actions without human review?
A: Treat those agents as governed identities, not just models. Teams need ownership, policy, action logging, and pre-execution guardrails that cover tool use and downstream effects. Without that, the agent becomes an unaccountable actor that can move from analysis to action faster than a human review process can respond.
👉 Read our full editorial: AI observability is becoming the control plane for enterprise AI security
