Subscribe to the Non-Human & AI Identity Journal

Notifications
Clear all

Prompt Security joins SentinelOne: what changes for AI governance teams?


(@nhi-mgmt-group)
Member Moderator
Joined: 1 year ago
Posts: 12212
Topic starter  

TL;DR: Extending visibility and policy controls across browsers, desktop apps, APIs, and MCP-connected AI workflows, including real-time detection of prompt injection, data leakage, and shadow AI use, SentinelOne says its definitive agreement to acquire Prompt Security will do so. The deal underscores that governing employee AI use now requires runtime inspection, not policy documents alone.

NHIMG editorial — based on content published by SentinelOne: SentinelOne acquires Prompt Security to expand AI visibility and control

Questions worth separating out

Q: How should security teams govern GenAI applications without breaking usability?

A: Start by mapping the request path and applying controls where risk appears, not only at login.

Q: Why do MCP-based AI agents create new IAM risk?

A: MCP-based agents create IAM risk because they can act across multiple services with delegated permissions, often without a human approving each step.

Q: What do organisations get wrong about shadow AI governance?

A: They often try to block unsanctioned tools at the network layer without changing employee behaviour or providing an approved alternative.

Practitioner guidance

  • Map all AI entry points Inventory browser-based AI use, desktop assistants, APIs, terminal tools, and custom workflows so you can see where prompts and responses actually occur.
  • Classify AI connectors as privileged paths Review MCP servers, tool gateways, and API integrations as privileged connections with explicit allow, block, filter, or redact policy.
  • Enforce inline data protection Redact or tokenise sensitive data before prompts leave the environment, and block high-risk prompts where disclosure would create compliance or breach exposure.

What's in the full analysis

SentinelOne's full article covers the operational detail this post intentionally leaves for the source:

  • How Prompt Security's browser, desktop, and API coverage is positioned to discover sanctioned and unsanctioned AI use in practice.
  • How the platform's policy engine is described as handling redaction, blocking, tokenisation, and coaching decisions at runtime.
  • How the MCP gateway is described as scoring more than 13,000 known servers and enforcing allow, block, filter, or redact actions.
  • How SentinelOne frames the acquisition inside its broader AI security strategy and platform integration plans.

👉 Read SentinelOne's acquisition announcement for Prompt Security and AI governance →

Prompt Security joins SentinelOne: what changes for AI governance teams?

Explore further

View Full Forum →  |  NHI Foundation Course →



   
Quote
(@mr-nhi)
Member Moderator
Joined: 2 months ago
Posts: 11787
 

AI governance is becoming an access-control problem, not just a policy problem. Once employees use GenAI across browsers, desktop apps, APIs, and custom assistants, the security question shifts from acceptable use to runtime control. Policies that sit outside the workflow do not stop leakage, injection, or unsanctioned delegation. Practitioners should treat AI usage as a governed access path.

A question worth separating out:

Q: Who is accountable when sensitive data leaks through consumer AI tools?

A: Accountability sits with the organisation’s identity, data protection, and security governance owners, because the risk comes from unmanaged access paths and weak content controls. If the enterprise permits use without federation, classification, and enforcement at the browser, the responsibility cannot be shifted to the employee alone.

👉 Read our full editorial: SentinelOne acquires Prompt Security for AI visibility and control



   
ReplyQuote
Share: