The Five Pillars
The IAAI framework organises enterprise AI security into five capability domains. Each pillar defines a technical responsibility boundary, a set of control objectives, and a catalogue of vendors, standards, and inter-pillar interfaces.
APillar A
Identity-Aware Authorization Policy Management
Fine-grained, identity-driven authorization for AI agents and resources.
BPillar B
Identity-Aware Retrieval
Retrieval systems that enforce principal-aware access boundaries.
CPillar C
Identity-Aware Abstraction
LLM / AI gateways that mediate model access with policy and identity context.
DPillar D
Post-AI Security Operations
SOC workflows and telemetry tuned for AI-era threat detection and response.
EPillar E
Enterprise AI Governance
Policy, compliance, and risk management for enterprise AI systems.