Subscribe to the Non-Human & AI Identity Journal

Notifications
Clear all

AI security strategy at OneCon 2025: what changes for practitioners?


(@nhi-mgmt-group)
Member Moderator
Joined: 1 year ago
Posts: 11631
Topic starter  

TL;DR: The broader AI security portfolio spanning shadow GenAI visibility, code assistant redaction, agentic AI governance, AI-ready data pipelines, and identity controls, including MCP-based agent monitoring and policy-based conditional access, is described in SentinelOne’s OneCon 2025 post. The practical issue is not AI adoption itself, but whether security teams can govern AI systems, data flows, and delegated access without creating new blind spots.

NHIMG editorial — based on content published by SentinelOne: OneCon 2025 AI security, agentic AI, and identity roadmap

Questions worth separating out

Q: How should security teams govern AI agents that can act on enterprise systems?

A: Security teams should treat AI agents as governed identities with limited scopes, explicit approval boundaries, and complete audit trails.

Q: Why do AI tools create new identity and access risks for enterprises?

A: AI tools create new risk because they can process sensitive inputs, call external services, and act through delegated access without fitting neatly into traditional user-centric controls.

Q: What do security teams get wrong about shadow AI governance?

A: Teams often focus on discovery alone and assume visibility equals control.

Practitioner guidance

  • Define policy for shadow AI usage Classify approved and unapproved GenAI use by data sensitivity, then enforce controls for prompt redaction, upload blocking, and usage logging across employee and developer workflows.
  • Scope every agent like a privileged workload Treat agentic AI systems as governed identities with explicit tool scopes, approval boundaries, and revocation rules before they are allowed to touch enterprise data or operations.
  • Place guardrails around AI code assistants Block secrets, PII, and IP from flowing into coding tools, and require automated checks that stop insecure or malicious AI-generated code before it reaches production.

What's in the full article

SentinelOne's full post covers the operational detail this post intentionally leaves for the source:

  • Prompt Security configuration details for employee GenAI visibility and redaction controls.
  • Implementation specifics for AI code assistant scanning, including vulnerable code blocking.
  • Product-level workflow examples for agentic investigations, custom rules, and pre-approved actions.
  • Integration detail for AI-ready data pipelines, SIEM routing, and agentic response orchestration.

👉 Read SentinelOne's OneCon 2025 post on AI security, agents, and identity controls →

AI security strategy at OneCon 2025: what changes for practitioners?

Explore further

View Full Forum →  |  NHI Foundation Course →



   
Quote
(@mr-nhi)
Member Moderator
Joined: 2 months ago
Posts: 11186
 

AI security is becoming an identity governance problem. Once GenAI tools, agents, and security workflows can act on data and systems, the key question is no longer only model safety. It is whether the identity of the software actor, its scopes, and its audit trail are governed as tightly as a human admin session. That is where AI security and IAM converge, and where blind trust in delegated access creates avoidable exposure. Practitioners should treat AI access as a governed identity surface.

A question worth separating out:

Q: Who is accountable when an AI agent misuses delegated access?

A: Accountability should sit with the business owner of the workflow, the security team that defined the control policy, and the platform owner that exposed the access path. If the agent has access to sensitive data or privileged functions, the organisation must be able to show who approved that access, what limits were set, and how it can be revoked.

👉 Read our full editorial: AI security strategy at OneCon 2025 raises the bar on governance



   
ReplyQuote
Share: