TL;DR: Gartner recognised an AI software security approach while the company framed SAIL 2.0 around discovery, red teaming, and runtime guardrails for AI agents, according to Pillar Security. The broader signal is that AI agent security is moving from point controls to continuous governance over identities, tools, and execution paths.
NHIMG editorial — based on content published by Pillar Security: Introducing SAIL 2.0 Framework: A Practical Guide to Secure AI Agents
By the numbers:
- Gartner forecasts worldwide AI cybersecurity spending to nearly double in 2026, from $25.9 billion to $51.3 billion.
- Just 14% of software engineering teams surveyed have advanced skills in AI security or platform engineering.
- Pillar says Gartner expects AI cybersecurity spending to reach $86 billion by 2027.
Questions worth separating out
Q: How should security teams govern AI agents that can use tools autonomously?
A: Start by treating each agent as a governed identity with specific permissions, owners, and approved tools.
Q: Why do AI agents complicate access reviews and IAM controls?
A: AI agents complicate IAM because their permissions are often distributed across tools, prompts, data sources, and execution environments.
Q: What breaks when AI agent guardrails exist only in policy documents?
A: Policy-only guardrails fail when an agent can act at machine speed and the control cannot interrupt the action.
Practitioner guidance
- Build an AI agent inventory tied to access paths Map every production agent to credentials, tools, prompts, datasets, and environments so the security team can see what each agent can reach and who owns it.
- Test agents with multi-step adversarial scenarios Run red-team scenarios that chain tool calls, probe reachable systems, and attempt privilege expansion so you can see where the agent breaks containment.
- Enforce runtime policy before actions execute Place control checks at the moment of tool use or data access so unsafe actions can be blocked before the agent completes them in production.
What's in the full article
Pillar Security's full post covers the operational detail this analysis intentionally leaves for the source:
- The specific RedGraph testing flow used to graph agent attack paths and replay adversarial scenarios.
- The AI-BOM inventory fields that tie agents, prompts, models, tools, and datasets into one live asset map.
- The runtime guardrail behaviour used to enforce policy on agent actions before they complete.
- The audit-evidence format the vendor uses to show findings, retests, and compliance output.
👉 Read Pillar Security's analysis of SAIL 2.0 and secure AI agents →
AI agent runtime security: what changes for IAM and governance teams?
Explore further
AI agents are becoming governed identities, not just software features. Once an agent can authenticate, call tools, and act across systems, the real control problem shifts to delegated authority, not model quality. That changes how security teams think about access reviews, least privilege, and privilege persistence for non-human actors. Practitioners should treat agent identity as a first-class governance object.
A question worth separating out:
Q: Should organisations re-evaluate IAM and PAM for agentic AI deployments?
A: Yes, because agentic systems can inherit credentials and exercise privileged tools in ways that traditional IAM and PAM reviews do not fully capture. Organisations should reassess whether their current models account for ephemeral tasks, delegated authority, and machine-speed execution. The key test is whether access can be constrained to the exact task and revoked immediately afterward.
👉 Read our full editorial: SAIL 2.0 signals a shift toward runtime AI agent security