Notifications
Clear all
Topic starter
09/06/2026 11:17 pm
TL;DR: Detection, monitoring and protection for AI systems and AI agents are now in a federal procurement channel built for AI, ML, data and analytics capabilities after HiddenLayer says its AI security platform achieved Awardable status in the DoD CDAO’s Tradewinds Solutions Marketplace, and the shift matters because AI security is now being evaluated as an identity and lifecycle governance problem, not just a model-risk issue.
NHIMG editorial — based on content published by HiddenLayer: Awardable status for Department of Defense work in the CDAO’s Tradewinds Solutions Marketplace
Questions worth separating out
Q: How should security teams govern AI agents as non-human identities?
A: Security teams should classify AI agents as non-human identities with explicit ownership, scope, and retirement criteria.
Q: Why do AI agents change the way IAM programmes think about access control?
A: AI agents change access control because they can combine permissions dynamically while executing a task, which makes static provisioning assumptions weaker.
Q: What breaks when AI security is treated only as model security?
A: Model-only security misses the part of the system that actually touches tools, data, and workflows in production.
Practitioner guidance
- Classify AI agents in your identity inventory Record each agent as a non-human identity with an owner, scope, and retirement path.
- Review procurement criteria for runtime controls Require evidence of detection, monitoring, and containment before AI security tools are approved for production use.
- Map AI agent access to existing NHI governance Align agent permissions with the same review cadence used for other non-human identities.
What's in the full analysis
HiddenLayer's full news release covers the operational detail this post intentionally leaves for the source:
- How the Tradewinds Solutions Marketplace review path works for government buyers evaluating AI security.
- What HiddenLayer says its platform demonstrates about detection, monitoring, and protection across the AI lifecycle.
- How the company frames support for predictive, generative, and agentic AI workloads in public sector environments.
- Which government customers can access the pitch video through a Marketplace account and what that process involves.
👉 Read HiddenLayer's news release on Tradewinds Awardable status for AI security →
Tradewinds awardable status for AI security: what changes for IAM teams?
Explore further
10/06/2026 1:33 am
AI security procurement is becoming an identity governance decision. When a federal acquisition channel starts awarding status to AI security platforms, the category is no longer confined to experimentation or research. Procurement now encodes expectations about detection, monitoring, lifecycle support, and operational accountability. That means IAM, NHI, and security architecture teams need common language for who owns the AI identity surface from purchase through retirement.
A few things that frame the scale:
- 1 in 4 organisations are already investing in dedicated NHI security capabilities, with an additional 60% planning to do so within the next twelve months, according to The State of Non-Human Identity Security.
- Only 1.5 out of 10 organisations are highly confident in their ability to secure NHIs, compared to nearly 1 in 4 for securing human identities.
A question worth separating out:
Q: How should organisations decide whether to buy AI security tools through procurement channels?
A: Organisations should buy AI security tools only after mapping them to identity ownership, logging requirements, and lifecycle controls. Procurement should ask who will manage access, who will review agent behaviour, and how the tool fits with existing NHI and zero-trust governance. If those answers are unclear, the purchase creates more risk than clarity.
👉 Read our full editorial: AI security enters federal procurement through Tradewinds awardable status
