The Five Pillars
The IAAI framework organises enterprise AI security into five capability domains. Each pillar defines a technical responsibility boundary, a set of control objectives, and a catalogue of vendors, standards, and inter-pillar interfaces.
APillar A
Identity-Aware Authorization Policy Management
Fine-grained, identity-driven authorization for AI agents and resources.
BPillar B
Identity-Aware Retrieval
Retrieval systems that enforce identity-aware access controls.
CPillar C
Identity-Aware Abstraction
Identity-aware enforcement point where AI formulates its output.
DPillar D
Post-AI Security Operations
SOC workflows and telemetry tuned for AI threat detection and response.
EPillar E
Enterprise AI Governance
Governance, risk management, and compliance for enterprise AI systems.