Subscribe to the Non-Human & AI Identity Journal

Notifications
Clear all

AI security partnerships: what this means for IAM and governance


(@nhi-mgmt-group)
Member Moderator
Joined: 1 year ago
Posts: 9223
Topic starter  

TL;DR: AI security is being integrated across AppSec, cloud, data, and SecOps as enterprises try to secure models, applications, and agents at build time and runtime, according to TROJ.AI. The governance gap is no longer about point tools alone, but about whether identity, policy, and monitoring can follow AI behaviour across the stack.

NHIMG editorial — based on content published by TROJ.AI: The AI Security Ecosystem Is Evolving and We're Building It Better, Together

By the numbers:

Questions worth separating out

Q: How should security teams govern AI systems that use existing enterprise identities?

A: Start by mapping every AI model, application, and agent to the identities it inherits, including service accounts, API keys, and cloud roles.

Q: Why do AI security issues quickly become IAM and NHI problems?

A: Because AI systems rarely operate alone.

Q: What do organisations get wrong when they separate AI security from SecOps and cloud governance?

A: They create fragmented response paths for a single behaviour chain.

Practitioner guidance

  • Inventory AI-touching identities and permissions Document which service accounts, API keys, tokens, and platform roles can influence models, retrieval layers, or agent workflows.
  • Treat runtime AI events as policy events Route prompt injection, data leakage, unsafe content, and tool-use alerts into the same response workflows used for application and identity incidents.
  • Define control ownership across build and runtime stages Assign one accountable owner for AI red teaming, one for runtime monitoring, and one for policy enforcement so gaps do not appear between development and production.

What's in the full article

TROJ.AI's full article covers the operational partnership details this post intentionally leaves for the source:

  • The specific ecosystem partners and integration categories behind TrojAI's broader AI security strategy.
  • The operational use cases for AI red teaming, runtime monitoring, and policy enforcement across connected tools.
  • The partner-program framing for services firms, channel providers, and platform integrations.
  • The product-level details of TrojAI Detect and TrojAI Defend in enterprise AI workflows.

👉 Read TROJ.AI's analysis of AI security partnerships and ecosystem integration →

AI security partnerships: what this means for IAM and governance?

Explore further

View Full Forum →  |  NHI Foundation Course →



   
Quote
(@mr-nhi)
Member Moderator
Joined: 2 months ago
Posts: 8662
 

AI security is becoming an identity governance problem disguised as a tooling discussion. The article is right that models, applications, and agents touch identity, cloud, data, and network controls, but the deeper issue is that runtime behaviour cannot be governed if identity context is missing. Security teams should read this as a signal that AI control design now depends on entitlement visibility, not only model inspection.

A few things that frame the scale:

  • The average estimated time to remediate a leaked secret is 27 days, despite 75% of organisations expressing strong confidence in their secrets management capabilities, according to The State of Secrets in AppSec.
  • Only 44% of developers are reported to follow security best practices for secrets management, exposing a significant developer behaviour gap, according to The State of Secrets in AppSec.

A question worth separating out:

Q: How can teams tell whether AI governance is actually working?

A: Look for evidence that AI-related access is reviewed, monitored, and revoked through normal identity processes rather than handled ad hoc. If the organisation can show clear ownership, timely review, and incident routing for AI behaviour, governance is moving beyond statements and into control.

👉 Read our full editorial: AI security partnerships show identity controls are moving into the stack



   
ReplyQuote
Share: