TL;DR: Runtime, identity, configuration, and vulnerability telemetry can be ingested to produce contextual findings that replace alert-chasing with evidence-backed analysis, according to RAD Security. One FinTech customer cut 30-day review cycles to sub-hour analysis using RADBot, and the bigger shift is that security teams need to govern reasoning outputs, provenance, and automated prioritisation as first-class controls, not just the underlying signals.
NHIMG editorial — based on content published by RAD Security: Testing Inside FusionAI: Getting Signal from your Stack with RADBot
By the numbers:
- One of our FinTech customers reduced 30 day review cycles to sub-hour analysis using RADBot.
Questions worth separating out
Q: How should security teams use contextual security graphs in cloud environments?
A: Security teams should use contextual security graphs to connect identity events, runtime behaviour, configuration state, and vulnerability data into one decision path.
Q: Why do IAM and NHI teams need provenance in automated security decisions?
A: IAM and NHI teams need provenance because automated decisions must be auditable, repeatable, and defensible.
Q: What breaks when access history is not correlated with runtime behaviour?
A: When access history is not correlated with runtime behaviour, teams lose the ability to tell whether a privilege was actually used, whether behaviour deviated from the norm, or whether a control failure created exposure.
Practitioner guidance
- Validate the evidence chain behind automated findings Require every high-priority output to trace back to raw telemetry, correlated context, and the rule or model path that produced it.
- Join identity activity to runtime and configuration signals Make access history, workload behaviour, and configuration drift part of the same triage workflow so teams can see whether identity misuse and operational deviation are linked before escalation.
- Standardise control mapping across tools Use a shared control taxonomy so automated tagging means the same thing across cloud, IAM, NHI, and GRC workflows.
What's in the full article
RAD Security's full blog post covers the operational detail this post intentionally leaves for the source:
- How FusionAI normalises runtime, identity, and configuration telemetry into a live security graph
- How RADBot structures provenance and linked evidence for each answer
- How the FAIR-based scoring workflow maps findings to controls and compensating evidence
- How the FinTech review-cycle reduction was achieved in practice
👉 Read RAD Security's analysis of FusionAI Core and RADBot for cloud security operations →
FusionAI and RADBot: what contextual cloud security changes for teams?
Explore further
Contextual security platforms are becoming identity platforms whether vendors label them that way or not. When a system ingests identity activity, runtime data, configuration drift, and access history into one reasoning layer, it is no longer just a dashboard. It is an operational decision surface for human IAM, workload identity, and NHI governance. The practitioner implication is that these systems must be evaluated as part of the identity control plane, not as adjacent observability tooling.
A few things that frame the scale:
- 70% of organisations grant AI systems more access than they would give a human employee performing the exact same job, according to the 2026 Infrastructure Identity Survey.
- Only 13% of organisations feel extremely prepared for the reality of agentic AI despite the majority racing toward autonomous adoption, according to the 2026 Infrastructure Identity Survey.
A question worth separating out:
Q: How should teams judge whether automated risk scoring is reliable enough for governance?
A: Teams should judge reliability by checking whether the score maps to a named control, uses documented evidence, and produces the same result when the inputs are replayed. If the output cannot be explained in those terms, it is a screening signal, not a governance decision.
👉 Read our full editorial: FusionAI turns cloud telemetry into contextual security decisions