TL;DR: AI security platforms now have to address prompt injection, indirect injection, data poisoning, model extraction, and inference leaks, while also integrating with IAM, logging, CI/CD, and compliance controls, according to Knostic's analysis. The governance gap is no longer model-only risk but how AI assistants infer, recombine, and expose enterprise knowledge beyond static file permissions.
NHIMG editorial — based on content published by Knostic: Key findings on AI security solutions and knowledge-layer governance
By the numbers:
- A 2024 IBM report shows that when data spans environments, it takes on average nearly eight months to identify and contain a breach.
- The OWASP GenAI Security Project places LLM01: Prompt Injection at the top of its 2025 LLM risks.
- The EU Artificial Intelligence Act took effect in 2024 and is being implemented in stages.
Questions worth separating out
Q: How should security teams govern AI assistants that can infer sensitive information?
A: Security teams should govern AI assistants at the response boundary, not only at the data store.
Q: Why do AI assistants create new identity and access risks?
A: AI assistants create new identity and access risks because they act on behalf of users while also recombining data across systems.
Q: What breaks when organisations rely on static permissions for enterprise AI search?
A: Static permissions break when the assistant can infer and repackage sensitive content from multiple approved sources.
Practitioner guidance
- Define assistant-specific disclosure boundaries Classify the knowledge sets that copilots, search assistants, and embedded AI tools may surface for each role, then document where inference must be blocked or redacted.
- Enforce policy at the response layer Place controls where the assistant generates output, not only where data is stored.
- Extend audit logging to inferred access Record the requestor identity, prompt context, retrieved sources, policy decision, and final response for each sensitive assistant interaction.
What's in the full article
Knostic's full article covers the operational detail this post intentionally leaves for the source:
- Vendor-by-vendor feature comparisons across Knostic, Microsoft, Palo Alto Networks, CrowdStrike, SentinelOne, Fortinet, Darktrace, Vectra, Google, and IBM.
- The selection matrix used to rate threat coverage, integration, monitoring, compliance support, and scalability for enterprise AI security tools.
- Specific examples of how knowledge-layer enforcement works across Copilot, Glean, and Gemini environments.
- Practical product-level strengths and weaknesses that help teams compare deployment fit after the strategy stage.
👉 Read Knostic's analysis of AI security solutions and knowledge-layer controls →
Knowledge-layer controls for AI assistants: what practitioners need?
Explore further
Knowledge-layer governance is now the real control plane for enterprise AI assistants. Static permissions on documents do not stop an LLM from recombining data into an unauthorized answer. That means the effective security boundary has moved from storage to inference, and identity teams have to govern response-time access decisions, not just repository access. Practitioners should treat assistant outputs as governed disclosures.
A few things that frame the scale:
- Only 1.5 out of 10 organisations are highly confident in their ability to secure NHIs, compared to nearly 1 in 4 for securing human identities, according to The State of Non-Human Identity Security.
- 85% of organisations lack full visibility into third-party vendors connected via OAuth apps, according to The State of Non-Human Identity Security.
A question worth separating out:
Q: Who is accountable when an AI assistant overshares regulated data?
A: Accountability should sit with the organisation operating the assistant, because the disclosure results from its policies, identity integrations, and logging design. Security, privacy, and platform owners all need a shared evidence trail showing which identity asked, what sources were used, and why the response was allowed. That is essential for compliance review and incident response.
👉 Read our full editorial: AI security platforms now hinge on knowledge-layer governance