TL;DR: AI security strategy is moving toward purpose-based access, retrieval-aware classification, and runtime observability across prompts, retrievals, tool calls, and outputs, according to Knostic. The governance gap is no longer just who can access data, but what an AI system can use, combine, and reveal at runtime.
NHIMG editorial — based on content published by Knostic: Key Findings on AI Security Strategy
Questions worth separating out
Q: How should security teams implement purpose-based access for AI systems?
A: Start with the highest-risk assistant or search workflow, then define who can use which data for what purpose.
Q: Why do traditional IAM controls fall short for AI assistants and agents?
A: Traditional IAM answers whether an account may reach a resource, but AI risk appears when the system combines, summarises, or reveals data at runtime.
Q: What do security teams get wrong about AI data classification?
A: They often classify storage locations but not the retrieval path.
Practitioner guidance
- Define purpose-bound policy for high-value AI use cases Start with the assistant, search, or agent workflow that handles the most sensitive business data.
- Synchronise sensitivity labels across every AI data source Align classification in data lakes, search indexes, and vector stores so retrieval-aware controls can make consistent decisions.
- Log the full prompt-to-output chain Capture prompts, retrieved sources, policy decisions, blocked outputs, and tool calls in a single trace.
What's in the full article
Knostic's full article covers the operational detail this post intentionally leaves for the source:
- PBAC implementation guidance for AI assistants, enterprise search, and agent workflows
- Pre-production simulation examples for oversharing and prompt injection scenarios
- Practical monitoring and observability patterns for audit-ready AI traces
- Stepwise 30/60/90-day implementation detail for classification, posture reviews, and SIEM/SOAR export
👉 Read Knostic's analysis of AI security strategy for enterprise assistants and agents →
AI security strategy: is purpose-based access the missing control?
Explore further
Purpose-based permissioning is the right control model for AI, but it only works when the declared purpose is enforceable at runtime. RBAC and even ABAC stop short because they answer who may access data, not why the model may reuse it. AI systems need policy decisions that follow the prompt, retrieval set, and output context, otherwise permission becomes too blunt to govern synthesis. Practitioners should treat purpose as the policy boundary, not an annotation.
A few things that frame the scale:
- 85% of organisations lack full visibility into third-party vendors connected via OAuth apps, according to The State of Non-Human Identity Security.
- A separate finding from the same research shows that 1 in 4 organisations are already investing in dedicated NHI security capabilities, with an additional 60% planning to do so within the next twelve months.
A question worth separating out:
Q: How can organisations prove that AI guardrails are actually working?
A: They need prompt-to-output traces that show the input, retrieved sources, policy decision, blocked content, and final response in one record. That evidence supports audits, incident response, and tuning. Without observability, teams cannot prove enforcement or explain why a response was allowed or denied.
👉 Read our full editorial: AI security strategy is shifting from roles to purpose-based controls