TL;DR: Enterprises are embedding AI into core workflows while security teams struggle to see prompts, tools, MCP-connected agents, and data flows, according to SentinelOne. The key issue is not just detection speed, but whether governance can keep pace with AI systems that reason, delegate, and act across multiple control planes.
NHIMG editorial — based on content published by SentinelOne: OneCon 2025 AI security strategy and platform updates
Questions worth separating out
Q: How should security teams govern AI agents that can access tools and data?
A: Security teams should govern AI agents as NHIs with scoped permissions, explicit owners, logging, and revocation paths.
Q: Why do AI tools create new identity and access risks?
A: AI tools often sit between users and sensitive systems, which means they can inherit broad access without the accountability that normal IAM processes expect.
Q: What breaks when organisations cannot see shadow AI usage?
A: When shadow AI is invisible, security teams lose control over where data is sent, which assistants are connected, and whether those systems can retain or expose sensitive information.
Practitioner guidance
- Inventory AI tools, assistants, and agents by data access path Create a living register of all approved and unsanctioned AI systems, including prompts, connectors, and the data domains they can touch.
- Treat MCP-connected agents as governed NHIs Assign scoped permissions, logging, and lifecycle ownership to any agent or service that uses Model Context Protocol to reach tools or data sources.
- Enforce prompt and output controls for sensitive data Block or redact secrets, regulated data, and internal identifiers before prompts reach third-party models, and inspect outputs for unsafe code, exposed credentials, or policy violations.
What's in the full article
SentinelOne's full post covers the operational detail this post intentionally leaves for the source:
- How SentinelOne's AI Security architecture maps endpoint, identity, cloud, and AI signals into a single operating model.
- Details of the Purple AI MCP Server and how it connects to OpenAI, Anthropic, Gemini, or internal models.
- Product-level information on Prompt Security capabilities such as shadow AI discovery, prompt DLP, and secret redaction.
- Operational specifics on the Observo AI pipeline, including sub-second telemetry handling and high-cardinality query support.
👉 Read SentinelOne's OneCon 2025 AI security strategy and product details →
AI security governance: are visibility and control keeping up?
Explore further
AI security is becoming an identity governance problem, not just a model security problem. The article correctly frames AI as both a business accelerant and an attack surface, but its deeper implication is that governance must now extend to AI systems that can call tools, move data, and trigger actions. That pushes AI agent identities, service credentials, and delegated access into the same control conversation as human IAM. Practitioners should treat AI usage as part of identity architecture, not a separate innovation track.
A question worth separating out:
Q: How can teams measure whether AI security controls are actually working?
A: Teams should look for measurable proof that AI activity is logged, prompts are filtered, connectors are approved, and response actions are attributable to a named owner. If investigations still require manual reconstruction across multiple tools, the control plane is not mature enough for autonomous defence. The right signal is reduced time to understand and contain AI-driven activity.
👉 Read our full editorial: AI security’s governance gap is visibility, context, and control