TL;DR: AI security posture management secures models, prompts, outputs, and data paths with continuous monitoring, access controls, and policy enforcement to reduce prompt injection, oversharing, and model poisoning, according to Knostic. The governance gap is no longer theoretical, because AI adoption is outrunning the controls needed to trace, restrict, and explain what systems disclose.
NHIMG editorial — based on content published by Knostic: Key Findings on AI Security Posture Management
By the numbers:
- Only 13% of companies believe they are fully AI-ready, according to Cisco.
- A recent study showed that real agents could be made to leak personal data with a 15-50% success rate using prompt-inject attacks.
- In 2024, the global average cost of a breach was $4.88 million, and 63% of organizations raised their prices after breaches, making prevention measurable and urgent.
Questions worth separating out
Q: How should security teams govern AI systems that can reveal sensitive data from approved sources?
A: Security teams should govern AI systems at answer time, not only at repository access time.
Q: Why do AI assistants create new access risks for IAM and PAM programmes?
A: AI assistants can combine multiple permissions into one response, which means a user may see sensitive context without directly opening the source asset.
Q: How do organisations know whether AI guardrails are actually working?
A: They know by testing guardrails against real attack patterns and by measuring the policy decisions the system makes.
Practitioner guidance
- Inventory every AI interaction path Catalogue models, assistants, prompts, retrieval sources, connectors, and output channels so you can see where sensitive context can surface.
- Enforce answer-time access controls Apply persona-based and role-based controls to prompts, retrieved chunks, and outputs so a user only receives information appropriate to their context.
- Build lineage into audit evidence Retain prompt logs, model versions, retrieval metadata, and policy decisions so every disclosure can be traced from source to output.
What's in the full article
Knostic's full analysis covers the operational detail this post intentionally leaves for the source:
- A practical breakdown of real-time knowledge-boundary enforcement across Microsoft 365, Copilot, Glean, and custom LLM stacks.
- Implementation detail on tracing prompt-to-source lineage and preserving audit-ready evidence for each allow or deny decision.
- Red-team style simulation examples that show how oversharing, jailbreaks, and retrieval poisoning are identified and remediated.
- The specific integration points used to feed AI security evidence into SIEM and governance workflows.
👉 Read Knostic's analysis of AI security posture management and oversharing controls →
AI security posture management: are your controls keeping up?
Explore further
AI-SPM is emerging because traditional access control stops at the repository boundary, while AI risk starts at answer time. Enterprises can protect files and still leak sensitive context through prompts, retrieval, and generated output. That shifts governance from static permissioning to runtime authorization, which is a different control problem altogether. Practitioners should treat model interaction paths as governed assets, not just application features.
A few things that frame the scale:
- Only 1.5 out of 10 organisations are highly confident in their ability to secure NHIs, compared to nearly 1 in 4 for securing human identities, according to The State of Non-Human Identity Security.
- 85% of organisations lack full visibility into third-party vendors connected via OAuth apps, according to The State of Non-Human Identity Security.
A question worth separating out:
Q: What should organisations do first when building AI security posture management?
A: Start with discovery. Map every model, assistant, connector, retrieval path, and output channel, then classify the data they can reach. Once the full interaction surface is visible, teams can set access rules, logging requirements, and evaluation priorities that match actual AI usage rather than assumed usage.
👉 Read our full editorial: AI security posture management is becoming an operational control