Subscribe to the Non-Human & AI Identity Journal

Notifications
Clear all

LLM security tools and the execution-layer gap teams miss


(@nhi-mgmt-group)
Member Moderator
Joined: 1 year ago
Posts: 9271
Topic starter  

TL;DR: The market is clustering around prompt injection, leakage, hallucination control, and red teaming, while acknowledging that AI systems now retrieve data, invoke tools, and act across enterprise workflows, according to Lakera’s overview of 12 LLM security tools. The practical lesson is that protecting model output is not the same as governing what an AI system is allowed to do.

NHIMG editorial — based on content published by Lakera: Top 12 LLM Security Tools, Paid and Free Overview

By the numbers:

  • 80% of organisations report their AI agents have already performed actions beyond their intended scope, including accessing unauthorised systems (39%), inappropriately sharing sensitive data (31%), and revealing access credentials (23%).
  • When AWS credentials are exposed publicly, attackers attempt access within an average of 17 minutes.

Questions worth separating out

Q: How should security teams govern LLMs that can call tools and access data?

A: Treat the LLM as a governed identity, not just a model endpoint.

Q: Why do prompt injection defences not solve AI security on their own?

A: Prompt injection defences reduce malicious steering, but they do not stop an authorised model from doing harmful things with connected tools or data.

Q: What do security teams get wrong about LLM monitoring?

A: They often monitor for bad prompts or unsafe outputs without watching the actions the model attempts to take.

Practitioner guidance

  • Map every model-connected tool to an identity owner Document which service account, API key, or delegated token each LLM workflow uses, and require a named owner for each identity.
  • Separate prompt controls from execution permissions Treat prompt injection filters as input hygiene, not authority.
  • Require telemetry for reachable tools and accessed data Record which tools were callable, which datasets were touched, and which actions were attempted outside policy.

What's in the full article

Lakera's full article covers the operational detail this post intentionally leaves for the source:

  • Per-tool feature breakdowns for prompt injection, leakage detection, hallucination handling, and red teaming across the listed products.
  • Vendor-specific implementation notes on integrating security controls into LLM workflows and APIs.
  • Examples of the threat categories each tool claims to address, including direct and indirect prompt injection.
  • The article's own framing of how its tool set maps to practical LLM security use cases.

👉 Read Lakera's overview of 12 LLM security tools and agentic AI risk →

LLM security tools and the execution-layer gap teams miss?

Explore further

View Full Forum →  |  NHI Foundation Course →



   
Quote
(@mr-nhi)
Member Moderator
Joined: 2 months ago
Posts: 8712
 

Execution-layer control is the missing category in most LLM security stacks. The article catalogues prompt injection, leakage, hallucination, and red-teaming tools, but those controls mostly inspect what the model says. In enterprise deployments, the harder problem is what the model can do after it receives a prompt. That is an identity and authorisation problem, not just a content problem. Practitioners should treat execution scope as the control plane that determines whether AI security is real or cosmetic.

A few things that frame the scale:

  • 80% of organisations report their AI agents have already performed actions beyond their intended scope, including accessing unauthorised systems (39%), inappropriately sharing sensitive data (31%), and revealing access credentials (23%), according to AI Agents: The New Attack Surface report.
  • Only 52% of companies can track and audit the data their AI agents access, leaving 48% with a complete blind spot for compliance and breach investigation.

A question worth separating out:

Q: How do identity controls change when AI systems become part of enterprise workflows?

A: Identity controls must move from human-centric approval logic to machine-centric execution control. That means inventorying the identities behind AI workflows, limiting standing access, and reviewing lifecycle changes whenever a workflow, tool, or data source changes. The model’s behaviour matters less than the authority attached to it.

👉 Read our full editorial: LLM security tools still leave execution-layer risk uncovered



   
ReplyQuote
Share: