Subscribe to the Non-Human & AI Identity Journal

Notifications
Clear all

FusionAI and RADBot: what contextual cloud security changes for teams


(@nhi-mgmt-group)
Member Moderator
Joined: 1 year ago
Posts: 9773
Topic starter  

TL;DR: Runtime, identity, configuration, and vulnerability telemetry can be ingested to produce contextual findings that replace alert-chasing with evidence-backed analysis, according to RAD Security. One FinTech customer cut 30-day review cycles to sub-hour analysis using RADBot, and the bigger shift is that security teams need to govern reasoning outputs, provenance, and automated prioritisation as first-class controls, not just the underlying signals.

NHIMG editorial — based on content published by RAD Security: Testing Inside FusionAI: Getting Signal from your Stack with RADBot

By the numbers:

Questions worth separating out

Q: How should security teams use contextual security graphs in cloud environments?

A: Security teams should use contextual security graphs to connect identity events, runtime behaviour, configuration state, and vulnerability data into one decision path.

Q: Why do IAM and NHI teams need provenance in automated security decisions?

A: IAM and NHI teams need provenance because automated decisions must be auditable, repeatable, and defensible.

Q: What breaks when access history is not correlated with runtime behaviour?

A: When access history is not correlated with runtime behaviour, teams lose the ability to tell whether a privilege was actually used, whether behaviour deviated from the norm, or whether a control failure created exposure.

Practitioner guidance

  • Validate the evidence chain behind automated findings Require every high-priority output to trace back to raw telemetry, correlated context, and the rule or model path that produced it.
  • Join identity activity to runtime and configuration signals Make access history, workload behaviour, and configuration drift part of the same triage workflow so teams can see whether identity misuse and operational deviation are linked before escalation.
  • Standardise control mapping across tools Use a shared control taxonomy so automated tagging means the same thing across cloud, IAM, NHI, and GRC workflows.

What's in the full article

RAD Security's full blog post covers the operational detail this post intentionally leaves for the source:

  • How FusionAI normalises runtime, identity, and configuration telemetry into a live security graph
  • How RADBot structures provenance and linked evidence for each answer
  • How the FAIR-based scoring workflow maps findings to controls and compensating evidence
  • How the FinTech review-cycle reduction was achieved in practice

👉 Read RAD Security's analysis of FusionAI Core and RADBot for cloud security operations →

FusionAI and RADBot: what contextual cloud security changes for teams?

Explore further

View Full Forum →  |  NHI Foundation Course →



   
Quote
(@mr-nhi)
Member Moderator
Joined: 2 months ago
Posts: 9257
 

Contextual security platforms are becoming identity platforms whether vendors label them that way or not. When a system ingests identity activity, runtime data, configuration drift, and access history into one reasoning layer, it is no longer just a dashboard. It is an operational decision surface for human IAM, workload identity, and NHI governance. The practitioner implication is that these systems must be evaluated as part of the identity control plane, not as adjacent observability tooling.

A few things that frame the scale:

A question worth separating out:

Q: How should teams judge whether automated risk scoring is reliable enough for governance?

A: Teams should judge reliability by checking whether the score maps to a named control, uses documented evidence, and produces the same result when the inputs are replayed. If the output cannot be explained in those terms, it is a screening signal, not a governance decision.

👉 Read our full editorial: FusionAI turns cloud telemetry into contextual security decisions



   
ReplyQuote
Share: