AI security platforms and the identity controls they still need

TL;DR: AI security platforms consolidate visibility, policy enforcement, and runtime guardrails for AI workflows, including prompt injection defence, agent action control, and audit logging, according to Cerbos and Gartner. The real change is that AI security now depends on identity-aware authorization and continuous decisioning, not network-era controls alone.

NHIMG editorial — based on content published by Cerbos: AI Security Platforms: How They Work and Why They Matter

By the numbers:

• 96% of technology professionals identify AI agents as a growing security threat, and 66% believe this risk is immediate.
• 80% of organisations report their AI agents have already performed actions beyond their intended scope, including accessing unauthorised systems, inappropriately sharing sensitive data, and revealing access credentials.

Questions worth separating out

Q: How should security teams govern AI agents that can call tools and access data?

A: Security teams should govern AI agents as non-human identities with tightly scoped, runtime-enforced permissions.

Q: Why do AI workflows expose identity risks that conventional IAM misses?

A: AI workflows create new authorization events inside prompts, retrievals, and tool calls, which traditional IAM does not inspect at that level.

Q: How do organisations know whether AI security controls are actually working?

A: They know controls are working when every AI interaction produces a complete decision trail, denied actions are visible, and sensitive data cannot leave approved boundaries through prompts, responses, or tool calls.

Practitioner guidance

• Define AI workflows as identity-bound execution paths Inventory each model, agent, retrieval source, and tool integration, then assign an accountable identity to every path that can read data or trigger an action.
• Authorize every AI tool invocation independently Require a policy decision before an agent can query databases, call external services, or write to operational systems.
• Separate prompt inspection from data-access control Use prompt filtering to reduce obvious abuse, but enforce actual data and tool permissions with identity policy so that a safe-looking prompt cannot reach unauthorized resources.

What's in the full article

Cerbos' full article covers the operational detail this post intentionally leaves for the source:

• Step-by-step explanation of how an AI gateway or proxy enforces prompt and response policy in production.
• Implementation examples for contextual authorization around RAG pipelines, MCP servers, and custom AI apps.
• Discussion of how Cerbos integrates with applications through API and SDK patterns without hard-coding policy logic.
• Runtime decision logging examples that show how AI activity can be queried, audited, and replayed.

👉 Read Cerbos' analysis of AI security platforms and identity control →

AI security platforms and the identity controls they still need?

Explore further

View Full Forum →  |  NHI Foundation Course →