TL;DR: Half of organisations have already experienced a confirmed or suspected AI-related security incident, while 87% have deployed AI assistants beyond the pilot stage and more than half lack full confidence their controls would detect a compromised AI system, according to Proofpoint. The key issue is governance: security teams are adopting AI faster than they can prove visibility, abuse prevention, and control coverage.
NHIMG editorial — based on content published by Proofpoint: The AI Security Challenge Is Growing
By the numbers:
- 87% have deployed AI assistants beyond the pilot stage
Questions worth separating out
Q: How should security teams govern AI assistants that can act inside IAM systems?
A: Security teams should treat AI assistants as privileged automation, not as simple chat interfaces.
Q: Why do AI assistants create a new trust problem for identity governance?
A: AI assistants create a new trust problem because they can read data, choose tools, and act on external text in ways traditional review processes do not expect.
Q: What breaks when AI security is treated only as model security?
A: Model-only security misses the part of the system that actually touches tools, data, and workflows in production.
Practitioner guidance
- Define AI assistant identity boundaries Assign each security AI workflow a named identity, a fixed permission scope, and a revocation path so access can be removed without stopping the whole programme.
- Instrument the full AI action path Log prompts, tool calls, data retrieval, and downstream actions together so investigators can reconstruct what the AI system actually did across connected services.
- Apply least privilege to AI connectors Restrict each connector to the smallest data set and action set required, then review whether any connector can reach sensitive cases or response actions unnecessarily.
What's in the full analysis
Proofpoint's full post covers the operational detail this post intentionally leaves for the source:
- How Proofpoint positions Satori for analyst productivity, alert triage, and incident-response workflow automation.
- The specific defensive use cases Proofpoint says it will evaluate through the OpenAI Daybreak Cyber Partner Program.
- The governance, monitoring, safety-control, and abuse-prevention themes that the source article ties to production AI deployment.
- The press-release framing around Proofpoint's collaboration with OpenAI and the practical implications it claims for security operations.
👉 Read Proofpoint's analysis of AI security governance and the OpenAI Daybreak partnership →
AI security assistants and governance gaps: what changes for teams?
Explore further
AI security assistants are becoming privileged non-human identities by function, even when teams do not label them that way. Once an AI system can query alerts, enrich cases, or trigger response actions, it inherits the governance problem set of other NHI classes. That means lifecycle control, scoped delegation, and auditability matter as much as model selection. Practitioners should govern AI assistants as operational identities, not as generic software features.
A few things that frame the scale:
- Only 1.5 out of 10 organisations are highly confident in their ability to secure NHIs, compared to nearly 1 in 4 for securing human identities, according to The State of Non-Human Identity Security.
- 85% of organisations lack full visibility into third-party vendors connected via OAuth apps, according to The State of Non-Human Identity Security.
A question worth separating out:
Q: Which frameworks help teams operationalise AI risk governance?
A: The NIST AI Risk Management Framework is the clearest reference point because it emphasises govern, map, measure, and manage as ongoing functions. Teams should use it to connect policy, evidence, and monitoring rather than treating AI governance as a one-time compliance checkpoint.
👉 Read our full editorial: AI security assistants need governance, not just model access