TL;DR: Enterprise AI governance now has to cover prompts, outputs, tool calls, access permissions, and third-party integrations because shadow AI, prompt injection, and autonomous agents create runtime risk that policy documents alone cannot control, according to Lasso Security. The decisive shift is from documenting AI usage to enforcing traceable controls at the interaction layer.
NHIMG editorial — based on content published by Lasso Security: Enterprise AI Governance for Modern Enterprises Seeking Visibility, Control & Compliance
Questions worth separating out
Q: How should security teams govern AI tools that employees adopt outside approval paths?
A: Start with continuous discovery, then bind each tool to the identity using it, the data it can reach, and the controls applied at runtime.
Q: Why do AI agents create governance problems for IAM teams?
A: AI agents can cross application boundaries, invoke tools, and influence business workflows in ways that traditional access reviews do not capture well.
Q: What do organisations get wrong about prompt and output controls?
A: They often treat prompt hygiene as a training issue instead of a runtime control issue.
Practitioner guidance
- Build continuous AI discovery into identity inventory Inventory sanctioned and shadow AI tools across endpoints, browsers, and developer workflows, then map each system to the user or service identity that can reach it.
- Extend least privilege to prompts, outputs, and tool invocation Apply role, session, and data-sensitivity controls to AI interactions so high-risk models, datasets, and actions are constrained by context rather than by blanket approval.
- Log policy decisions as audit evidence Capture which prompts were blocked, which outputs were redacted, which tool calls were denied, and which identities were involved so audit and incident review can reconstruct decisions.
What's in the full article
Lasso Security's full blog post covers the operational detail this post intentionally leaves for the source:
- Continuous discovery workflows for sanctioned and shadow AI across endpoints, copilots, and agent frameworks
- Runtime inspection and enforcement examples for prompts, outputs, and tool calls
- Operational patterns for logging, audit evidence, and policy exceptions across third-party AI integrations
- Governance use cases for regulated environments such as healthcare, finance, and enterprise legal review
👉 Read Lasso Security's analysis of enterprise AI governance and runtime controls →
Enterprise AI governance at runtime: where are your controls failing?
Explore further
Runtime AI governance is now an access-control problem, not a policy problem. The article correctly shows that prompts, outputs, and tool invocation are where AI risk becomes real. That makes the control plane the decisive layer, because static policy cannot prevent a model from exposing data or calling a tool at runtime. For practitioners, the programme question is whether access decisions can be enforced at the moment of interaction.
A few things that frame the scale:
- 72% of organisations have experienced or suspect they have experienced a breach of non-human identities, according to The 2024 ESG Report: Managing Non-Human Identities.
- Two-thirds of enterprises have endured a successful cyberattack resulting from compromised non-human identities, with a quarter encountering multiple attacks.
A question worth separating out:
Q: Who is accountable when third-party AI systems process sensitive data?
A: The enterprise remains accountable, even when the model or agent is provided by a third party. That means contracts, logging, access restrictions, and audit evidence must show how the system was governed in practice. Delegated processing does not delegate responsibility.
👉 Read our full editorial: Enterprise AI governance is becoming a runtime control problem
Runtime AI governance is now an access-control problem, not a policy problem. The article correctly shows that prompts, outputs, and tool invocation are where AI risk becomes real. That makes the control plane the decisive layer, because static policy cannot prevent a model from exposing data or calling a tool at runtime. For practitioners, the programme question is whether access decisions can be enforced at the moment of interaction.
A few things that frame the scale:
- 72% of organisations have experienced or suspect they have experienced a breach of non-human identities, according to The 2024 ESG Report: Managing Non-Human Identities.
- Two-thirds of enterprises have endured a successful cyberattack resulting from compromised non-human identities, with a quarter encountering multiple attacks.
A question worth separating out:
Q: Who is accountable when third-party AI systems process sensitive data?
A: The enterprise remains accountable, even when the model or agent is provided by a third party. That means contracts, logging, access restrictions, and audit evidence must show how the system was governed in practice. Delegated processing does not delegate responsibility.
👉 Read our full editorial: Enterprise AI governance is becoming a runtime control problem