Post-AI Security Operations

Armilla focuses on AI regulatory compliance in Pillar E, with specialized tooling for EU AI Act compliance assessment, documentation, and ongoing monitoring of AI system adherence to regulatory requirements.

Astrix Security focuses on non-human identity security in Pillar B, with research and tooling for securing MCP server deployments, detecting ungoverned AI tool access, and replacing static credentials with OAuth-based authorization.

AutoGen (Microsoft Research) is a multi-agent orchestration framework in Pillar A, with integration points for policy engines to evaluate agent-to-agent delegation and enforce entitlement scoping in agentic workflows.

Cerbos is a lightweight, Git-native policy engine operating in Pillar A as a callable authorization service, with particularly strong fit for low-latency Pillar B RAG pipeline pre-retrieval checks and Pillar C output filtering. Cerbos emits authorization decision logs consumed by Pillar D SIEM for audit trails.

CNCF (Cloud Native Computing Foundation) is a vendor-neutral open source foundation under the Linux Foundation that stewards cloud native security infrastructure. CNCF projects span multiple IAAI pillars: Open Policy Agent (OPA) for Pillar A distributed policy-as-code decisions; SPIFFE and SPIRE for Pillar A workload identity attestation and SVID issuance; Istio and Linkerd service meshes for Pillar A/B identity-aware mTLS enforcement and traffic policy control.

CrowdStrike provides endpoint protection in Pillar D, with behavioral detection capabilities extended to monitor AI agent activity on endpoints and detect anomalous AI-initiated actions or lateral movement.

CyberArk operates in Pillar A as an identity‑centric authorization and privilege control layer for AI agents and tools. The Identity Security Platform defines and enforces identity‑aware access policies for human and non‑human identities, including AI agents, and brokers just‑in‑time privileged access so agents can call downstream systems without holding long‑lived secrets or standing privileges. Secure AI Agents capabilities add discovery, registration, and lifecycle audit of AI agents’ actions, feeding Pillar D logging and monitoring while keeping Pillar A authorization decisions aligned with Zero Trust and least‑privilege principles.

Datadog operates in Pillar D providing observability and monitoring for AI infrastructure, ingesting guardrail policy triggers, API gateway logs, and infrastructure metrics to enable correlation of AI activity with system behavior for anomaly detection.

Elasticsearch provides log aggregation and SIEM capabilities in Pillar D through Elastic SIEM, ingesting authorization decision logs from policy engines and RAG pipeline trace logs for audit and anomaly detection across the IAAI architecture.

Garak is an open-source LLM red-teaming tool operating in Pillar D, providing adversarial testing frameworks for detecting model vulnerabilities, prompt injection susceptibility, and jailbreak weaknesses in AI deployments.

Guardrails AI provides LLM output filtering in Pillars C and D, enforcing clearance-tier aware abstraction policies and detecting policy violations in AI outputs. Emits structured policy violation events to Pillar D SIEM for compliance monitoring.

HashiCorp Vault provides secrets management for AI agent credentials in Pillar A, with Enterprise v1.21+ natively issuing SPIFFE SVIDs to non-human identity workloads. This integrates cryptographic workload identity into existing secrets infrastructure, supporting distributed AI agent authentication in Pillar B.

HiddenLayer operates in Pillar D providing AI model security, detecting adversarial attacks, model theft attempts, and other ML-specific threats in production AI systems.

Holistic AI provides AI regulatory compliance and governance tooling in Pillar E, with focus on fairness assessment, bias detection, and compliance with emerging AI regulations including the EU AI Act.

IBM provides QRadar SIEM in Pillar D for AI activity logging and correlation, plus OpenScale in Pillar E for AI model governance, fairness monitoring, and explainability tracking across enterprise AI deployments.

Island Enterprise Browser operates in Pillars A and D, enforcing browser-based access policies from Pillar A for AI tool usage while monitoring and logging AI platform interactions in Pillar D for compliance and DLP enforcement.

Kong API Gateway operates in Pillar B as an API gateway enforcing policy-engine authorization for AI service calls, mediating access to AI tools and data sources with identity-aware routing and rate limiting.

Lacework provides cloud security and anomaly detection in Pillar D, with behavioral analysis capabilities for detecting unusual AI workload activity and privilege escalation in cloud environments hosting AI services.

Lakera operates in Pillar D providing AI-specific security testing and prompt injection detection, monitoring for adversarial inputs and jailbreak attempts in production AI systems.

LangChain is an AI orchestration framework operating across Pillars A, B, C, and D, integrating with policy engines (OPA, Cerbos) for pre-retrieval authorization in Pillar B, output filtering in Pillar C, and emitting structured trace logs to Pillar D SIEM for audit and anomaly detection.

LlamaIndex provides RAG pipeline orchestration in Pillars B and C, with integration hooks for policy engines to enforce identity-aware retrieval and output abstraction. Emits detailed trace logs to Pillar D for retrieval audit and compliance monitoring.

Looker operates in Pillar B providing semantic layer and data governance capabilities, with role-based access control enabling identity-aware retrieval for AI analytics queries against governed data models.

Microsoft spans all five IAAI pillars, with Entra ID Governance acting as an IGA and IdP backbone in Pillar A, M365 Copilot and Azure AI Search enforcing identity-aware retrieval in Pillar B, Purview sensitivity labels and AI Hub enforcing output and data classification in Pillars C and D, Sentinel providing AI activity logging and SIEM capabilities in Pillar D, and Purview Compliance Manager plus Responsible AI toolkits supporting enterprise AI governance in Pillar E. The portfolio offers the most comprehensive native IAAI stack for Microsoft-centric enterprises.

NVIDIA NeMo Guardrails operates in Pillars C and D, providing programmable guardrails for LLM output filtering and policy enforcement. Guardrail triggers are logged and forwarded to Pillar D observability platforms for disclosure compliance tracking.

OneTrust AI Governance operates in Pillar E as an AI governance and risk management platform, managing AI use case approvals, risk tiers, and regulatory compliance. OneTrust integrates with Pillar A IGA to trigger access provisioning for approved AI use cases and with Pillar D SIEM to ingest security findings into the AI risk register.

Opal Security Platform operates in Pillar A, providing identity governance and just-in-time access administration for cloud-native and SaaS data resources. It integrates with data platforms including Databricks via first-party integrations to govern standing entitlements, time-bound access workflows, and automated access reviews.

OPA (Open Policy Agent) is a CNCF policy-as-code engine serving as a core component of Pillar A's shared policy authority, called at runtime by Pillar B retrieval filters, Pillar C output orchestration, and Pillar D monitoring workflows. OPA evaluates identity context and policy rules to produce authorization decisions across AI pipelines, microservices, and API gateways.

Orca provides agentless cloud security and CIEM in Pillar A, with visibility into cloud infrastructure entitlements for AI workloads across multi-cloud environments, complementing IGA platforms with infrastructure-level permission discovery.

Pinecone operates as a vector database in Pillar B, with metadata filtering capabilities enabling identity-aware retrieval when integrated with policy engines. Query logs feed Pillar D SIEM for retrieval audit trails.

Prompt Security focuses on AI-specific threat detection in Pillar D, monitoring for prompt injection, jailbreaks, and other AI-targeted attacks in production deployments.

Protect AI provides model security and adversarial testing in Pillar D, with tools for detecting model vulnerabilities, adversarial inputs, and supply chain risks in AI deployments.

SPIRE is the production-grade implementation of the SPIFFE standard (CNCF), serving as workload identity infrastructure in Pillar A. SPIRE issues short-lived X.509 SVIDs to AI agent workloads, enabling mTLS authentication in Pillar B service meshes and eliminating long-lived secrets for distributed AI agents monitored in Pillar D.

SailPoint's Identity Security Cloud serves as an enterprise-wide IGA backbone for human, personal agent, and enterprise agent identities in Pillar A, feeding entitlements into Pillar B retrieval filters and Pillar C abstraction tiers via SCIM and API integrations, and serving as the system of record for access reviews triggered by Pillar D findings and governed by Pillar E oversight.

Securiti AI provides DSPM and AI-specific DLP in Pillar D, discovering and classifying data across environments while monitoring AI system access patterns and detecting sensitive data exposure in AI outputs.

SentinelOne operates in Pillar D providing autonomous endpoint protection, with AI-powered detection extended to identify unusual AI agent behaviors and potential compromises of AI workload identities.

ServiceNow GRC operates in Pillar E providing governance, risk, and compliance platform capabilities with AI governance modules. ServiceNow receives AI security incidents from Pillar D SIEM and documents E-AIG policy decisions that feed into Pillar A policy-as-code implementation.

Splunk provides AI activity logging and SIEM capabilities in Pillar D, ingesting logs from RAG pipelines, guardrail engines, and IdP systems to detect anomalies and policy violations. Splunk SOAR can trigger access reviews in Pillar A IGA based on AI security findings, and exports trend reports to Pillar E governance platforms.

Symantec DLP operates in Pillar D providing data loss prevention capabilities extended to AI prompts and outputs, detecting sensitive data exposure in AI interactions and integrating with Pillar A IGA for entitlement gap analysis.

Varonis provides data security posture management in Pillar D, with continuous monitoring and classification of data accessible to AI systems, feeding findings into Pillar A policy decisions and Pillar B retrieval scope configurations.

Weaviate serves as a vector database in Pillar B with native filtering and access control capabilities, supporting identity-aware RAG retrieval when integrated with upstream authorization layers. Logs retrieval activity for Pillar D monitoring.

Wiz provides cloud security posture management in Pillars A and D, with CIEM capabilities offering cross-cloud visibility into AI workload and service account entitlements. Wiz detects permission drift and excessive entitlements in Pillar D, feeding findings back to Pillar A IGA for access review triggers.