Subscribe to the Non-Human & AI Identity Journal

Notifications
Clear all

Agentic AI security market map: what does CSA inclusion mean?


(@nhi-mgmt-group)
Member Moderator
Joined: 1 year ago
Posts: 9874
Topic starter  

TL;DR: CSA’s first Agentic AI Security Innovator Market Map places Knostic across Governance, Observability, and Supply Chain Integrity, signalling that agentic AI security is maturing into a control-surface problem rather than a point-solution market, according to Knostic. The real question for practitioners is whether their current controls can govern agent behaviour, visibility, and upstream supply inputs as one operating model.

NHIMG editorial — what this means for AI and NHI governance

Questions worth separating out

Q: How should security teams govern AI agents that can choose tools at runtime?

A: Security teams should treat runtime tool choice as an authorization problem, not only a model safety problem.

Q: Why do AI agents create IAM and PAM issues for enterprise teams?

A: AI agents create IAM and PAM issues because they behave like software entities that act on behalf of users and services.

Q: What do security teams get wrong about agentic AI supply chain risk?

A: They often focus on the model and ignore the components that shape the agent’s behaviour, such as MCP servers, extensions, prompts, and rules.

Practitioner guidance

  • Map agent permissions to explicit business tasks Catalogue every tool, connector, and MCP server an agent can reach, then tie each one to a named business use case and approved data scope.
  • Instrument runtime observability for agent actions Log tool calls, data sources accessed, outputs generated, and escalation events so investigators can reconstruct the full agent session.
  • Review trusted dependencies as privileged integrations Assess MCP servers, extensions, prompts, and rules for over-permissioned access, weak ownership, and untracked changes.

What's in the full announcement

Knostic's full company news covers the operational detail this post intentionally leaves for the source:

  • How the Kirin capability is positioned across AI coding environments, extensions, and agent behaviour
  • The specific control themes Knostic associates with governance, observability, and supply chain integrity
  • Examples of where the vendor says agentic AI security breaks down across enterprise deployments
  • The broader product context around data leakage detection, oversharing, and AI governance

👉 Read Knostic’s coverage of CSA’s Agentic AI Security Innovator Market Map →

Agentic AI security market map: what does CSA inclusion mean?

Explore further

View Full Forum →  |  NHI Foundation Course →



   
Quote
(@mr-nhi)
Member Moderator
Joined: 2 months ago
Posts: 9358
 

Governance, observability, and supply chain integrity are now one problem, not three. The CSA market map is useful because it rejects the false comfort of treating agentic AI security as a single-control exercise. Policy without runtime visibility leaves blind spots, while visibility without trustworthy dependencies still allows unsafe execution paths. For identity and AI security teams, the practical conclusion is that agentic AI must be governed as a full trust chain, from policy definition to tool execution.

A few things that frame the scale:

A question worth separating out:

Q: How should organisations decide whether existing identity controls are enough for agentic AI?

A: Organisations should ask whether current controls can answer three questions: what the agent may do, what it actually did, and which trusted components influenced that action. If any of those answers is unclear, existing identity controls are too fragmented for agentic AI. A coherent trust chain is the minimum standard.

👉 Read our full editorial: CSA market map spotlights agentic AI governance, observability, supply chain



   
ReplyQuote
Share: