TL;DR: Frost & Sullivan named Pillar Security the 2025 Competitive Strategy Leader in the global generative AI security market, citing AI asset discovery, adversarial red teaming, runtime guardrails, and enterprise deployment support across hybrid, cloud, and on-premise environments. The real takeaway is that AI security is moving from point controls to lifecycle governance across discovery, testing, policy, and runtime enforcement.
NHIMG editorial — based on content published by Pillar Security: A Milestone for Pillar, honored as Frost & Sullivan's 2025 Competitive Strategy Leader for AI Security
By the numbers:
- 96% of technology professionals identify AI agents as a growing security threat, and 66% believe this risk is immediate.
- When AWS credentials are exposed publicly, attackers attempt access within an average of 17 minutes.
Questions worth separating out
Q: How should security teams govern AI systems that can invoke tools and access data?
A: Security teams should govern AI systems with the same discipline used for high-risk non-human identities: inventory the asset, define ownership, constrain tool access, and monitor runtime actions.
Q: Why do AI agents create a different security problem from standard automation?
A: AI agents create a different problem because they can choose actions at runtime, combine tools dynamically, and change behavior based on context.
Q: How can organisations tell whether their AI controls are actually working?
A: They should look for evidence that inventories are complete, tool access is bounded, and runtime events are being logged and reviewed.
Practitioner guidance
- Map every AI asset to an accountable owner Build an inventory that includes models, prompts, datasets, connected tools, and local environments, then assign explicit ownership for each entry.
- Test AI systems with adversarial scenarios end to end Move beyond prompt-only checks and simulate multi-step abuse across data retrieval, tool invocation, and delegated actions.
- Place enforcement at the runtime layer Use guardrails that evaluate actions as they happen, not only during design review or deployment approval.
What's in the full article
Pillar Security's full blog post covers the operational detail this post intentionally leaves for the source:
- Specific evidence behind Frost & Sullivan’s market assessment of AI security strategy
- Details on the platform’s discovery, red teaming, and runtime guardrail approach
- Architecture notes on hybrid, cloud, and on-premise deployment support
- The report language Pillar used to position AI-native security across the lifecycle
👉 Read Pillar Security's announcement on Frost & Sullivan's AI security recognition →
Pillar and Frost & Sullivan: what this AI security ranking means?
Explore further
AI security is becoming lifecycle governance, not point-product protection. The announcement reflects a market that is moving beyond narrow model screening toward discovery, testing, runtime enforcement, and compliance alignment across the AI stack. That is the right direction because AI risk is distributed across assets, identities, policies, and execution paths. Practitioners should read this as a signal to govern the whole AI lifecycle, not a single control plane.
A few things that frame the scale:
- 98% of companies plan to deploy even more AI agents within the next 12 months, despite documented rogue behaviour in 80% of current deployments, according to AI Agents: The New Attack Surface report.
- 52% of companies can track and audit the data their AI agents access, which means 48% still operate with a compliance and investigation blind spot, according to AI Agents: The New Attack Surface report.
A question worth separating out:
Q: What should IAM teams do when AI security and NHI governance overlap?
A: IAM teams should unify the control model rather than create separate oversight tracks. If an AI system holds credentials, reaches data, or invokes tools, it should be subject to entitlement review, ownership, and lifecycle controls just like other non-human identities. Separate models create blind spots in accountability and revocation.
👉 Read our full editorial: Pillar named Frost & Sullivan leader for AI security strategy