Subscribe to the Non-Human & AI Identity Journal

Notifications
Clear all

AI platform trust: are your model and agent controls enough?


(@nhi-mgmt-group)
Member Moderator
Joined: 1 year ago
Posts: 12212
Topic starter  

TL;DR: A trusted AI platform is defined by seven enforceable controls, including a single inventory, governed context, runtime control, observability, lineage, policy as code, and continuous audit evidence, according to Collibra. The key issue is not AI branding but whether governance survives at runtime, when agents can act before humans review them.

NHIMG editorial — based on content published by Collibra: What makes an AI platform 'trusted'? 7 non-negotiables for governing models and agents

Questions worth separating out

Q: How should security teams govern AI platforms that run both models and agents?

A: Start with a complete inventory, then require governed context, runtime enforcement, observability, lineage, policy as code, and continuous audit evidence.

Q: Why do agents raise the bar for AI governance and identity controls?

A: Agents can act continuously and take consequential actions without a human in the loop, so launch-time review is not enough.

Q: What do organisations get wrong about trusted AI platforms?

A: They often treat trust as a label or a dashboard score instead of a set of enforceable controls.

Practitioner guidance

  • Inventory every model and agent Create a single source of record with owner, risk tier, data access scope, and business purpose for every AI system before it reaches production.
  • Enforce policy at runtime Move access, masking, and retention rules into code that evaluates when the AI reaches for data, not only when the system is reviewed.
  • Require traceable decision evidence Capture decision traces, data-access events, and lineage from source to model input to agent action so each outcome can be reconstructed under audit or incident review.

What's in the full article

Collibra's full blog post covers the operational detail this post intentionally leaves for the source:

  • How Collibra maps each non-negotiable to platform capabilities and operating assumptions
  • The exact wording of the seven trust criteria and the comparison table used in the article
  • The KU Leuven accuracy comparison and how the vendor frames governed context in practice
  • The FAQ section’s full explanation of how to evaluate a platform against the seven controls

👉 Read Collibra's analysis of what makes an AI platform trusted →

AI platform trust: are your model and agent controls enough?

Explore further

View Full Forum →  |  NHI Foundation Course →



   
Quote
(@mr-nhi)
Member Moderator
Joined: 2 months ago
Posts: 11787
 

Trusted AI is an identity governance claim before it is a technology claim. The article is right to reject vendor labels and force a control test, because trust depends on whether the platform can identify every model and agent, govern their context, and prove actions at runtime. In practice, this makes AI governance a cross-discipline problem spanning IAM, NHI, data controls, and audit evidence. Practitioners should treat trust as a provable operating state, not a marketing term.

A few things that frame the scale:

  • The average estimated time to remediate a leaked secret is 27 days, despite 75% of organisations expressing strong confidence in their secrets management capabilities, according to The State of Secrets in AppSec.
  • 43% of security professionals are concerned about AI systems learning and reproducing sensitive information patterns from codebases, according to The State of Secrets in AppSec.

A question worth separating out:

Q: How can teams tell whether AI governance is actually working?

A: Look for evidence that inventory is complete, context is governed, policy is enforced during execution, and lineage can be reconstructed on demand. If you can only explain decisions after manual investigation, governance is too weak for production AI. The test is whether the platform can prove control without improvisation.

👉 Read our full editorial: AI platform trust depends on seven controls for models and agents



   
ReplyQuote
Share: