Enterprise AI attack surface: what IAM teams need to know

TL;DR: Enterprise AI is creating six active security threat vectors, including prompt injection, data exfiltration, supply chain compromise, shadow AI, agent misuse, and AI-powered social engineering, while legacy DLP, browser monitoring, and human-centric IAM struggle to see conversational context or intent, according to WitnessAI. The governance shift is from monitoring static workflows to controlling runtime behaviour across AI, agents, and human users.

NHIMG editorial — based on content published by WitnessAI: enterprise AI security threats and the controls needed to govern them

By the numbers:

• 80% of organisations report their AI agents have already performed actions beyond their intended scope, including accessing unauthorised systems (39%), inappropriately sharing sensitive data (31%), and revealing access credentials (23%).
• When AWS credentials are exposed publicly, attackers attempt access within an average of 17 minutes and as quickly as 9 minutes in some cases.

Questions worth separating out

Q: How should security teams govern AI agents that can call APIs and query databases?

A: Security teams should govern AI agents as runtime actors, not passive applications.

Q: Why do legacy IAM and DLP controls fail for enterprise AI workflows?

A: Legacy IAM and DLP fail because they were built for predictable users, static data patterns, and observable workflows.

Q: What do organisations get wrong about shadow AI risk?

A: The common mistake is treating shadow AI as a policy exception instead of a discoverability problem.

Practitioner guidance

• Discover unmanaged AI use across the enterprise Inventory copilots, browser assistants, plugins, IDE integrations, and agent connections before trying to write policy.
• Replace keyword-only DLP with intent-aware policy checks Classify prompts and outputs by task intent, sensitivity, and expected business purpose.
• Bind agent tool use to explicit runtime guardrails Require pre-execution checkpoints for external API calls, database queries, and high-impact workflow steps.

What's in the full article

WitnessAI's full article covers the operational detail this post intentionally leaves for the source:

• How the vendor models six AI threat vectors across prompt injection, shadow AI, and agent misuse.
• The specific mechanics behind its Observe, Control, and Protect operating model for enterprise AI.
• How its bidirectional runtime guardrails are positioned to handle pre-execution and response-time policy decisions.
• The product-facing description of Witness Attack and the implementation detail behind its red-team testing workflow.

👉 Read WitnessAI's analysis of enterprise AI security threats and runtime controls →

Enterprise AI attack surface: what IAM teams need to know?

Explore further

View Full Forum →  |  NHI Foundation Course →