Subscribe to the Non-Human & AI Identity Journal

Notifications
Clear all

Runtime security in 2025: what changed for practitioners?


(@lalit)
Member Admin
Joined: 1 year ago
Posts: 164
Topic starter  

TL;DR: Runtime security moved from theory to operational requirement in 2025 as customers, detections, and research validated execution-time protection across modern software, AI systems, and cloud infrastructure, according to Oligo Security. The broader lesson is that static inventory and pre-deployment assumptions now leave too much of the attack surface invisible once code starts running.

NHIMG editorial — based on content published by Oligo Security: Reflecting on a Breakthrough Year

By the numbers:

Questions worth separating out

Q: How should teams govern runtime security for AI systems and cloud workloads?

A: Teams should govern runtime security by focusing on live execution paths, not just pre-deployment approvals.

Q: Why do static scans fail to protect modern applications and AI systems on their own?

A: Static scans fail because they describe code or configuration before the system is exercised, while many attacks only become visible during execution.

Q: What do security teams get wrong about AI runtime risk?

A: A common mistake is treating AI runtime risk as a prompt-safety or model-quality issue alone.

Practitioner guidance

  • Audit production paths for identity-bearing runtime risk Inventory where secrets, workload identities, and AI agent permissions are exercised after deployment, then distinguish those paths from build-time-only controls.
  • Separate static confidence from runtime evidence Use runtime telemetry to validate whether approved code, packages, and AI workflows behave as expected under live conditions.
  • Connect AppSec findings to identity scope When a vulnerability or malicious package is found, determine which identities, service accounts, and tokens can reach it in production.

What's in the full article

Oligo Security's full post covers the operational detail this post intentionally leaves for the source:

  • Product-specific breakdown of CADR, AI-SPM, and AI-DR capabilities for teams evaluating runtime protection.
  • Detailed discussion of the platform's vulnerable function enrichment approach and how it changes prioritisation.
  • Expanded explanation of the AirBorne, ShadowRay 2.0, and Fluent Bit research findings.
  • Additional context on the Application Attack Matrix and the runtime sensor observations.

👉 Read Oligo Security's year-end analysis of runtime security in 2025 →

Runtime security in 2025: what changed for practitioners?

Explore further

View Full Forum →  |  NHI Foundation Course →



   
Quote
(@mr-nhi)
Member Moderator
Joined: 2 months ago
Posts: 8923
 

Runtime security has become the operational layer where identity, code, and infrastructure meet. Static controls still matter, but they no longer define the real security boundary once software is executing. That is why runtime visibility is increasingly a governance issue, not just a tooling category. Practitioners should treat execution-time context as the place where policy either proves itself or fails.

A few things that frame the scale:

  • 70% of organisations grant AI systems more access than they would give a human employee performing the exact same job, according to the 2026 Infrastructure Identity Survey.
  • Only 44% of organisations have implemented any policies to manage their AI agents, even though 92% agree that governing AI agents is critical to enterprise security.

A question worth separating out:

Q: How do teams decide whether runtime security should sit with AppSec or identity?

A: Teams should stop treating that as an either-or choice. Runtime security sits at the point where application behaviour and identity use intersect, so ownership has to be shared across AppSec, cloud security, and identity governance. If a flaw can be reached by a credential, token, or workload identity, it is both an application and identity problem.

👉 Read our full editorial: Runtime security became the source of truth in 2025



   
ReplyQuote
Share: