STARTMAKINGSENSE

Vendors

Profile pages for vendors implementing portions of the IAAI capability model. Every listing is tied to evidence and marked with a visible content-source label.

Vendor

Amazon Web Services

AWS provides Cedar policy engine and Verified Permissions in Pillar A for fine-grained authorization with formal verification, integrated with AWS Bedrock Agents and Knowledge Bases in Pillar B to enforce identity-aware retrieval at the AWS service boundary.

Agent-researched
Vendor

Apigee

Apigee (Google Cloud) operates in Pillar B as an API management platform, providing policy enforcement, identity propagation, and access control for AI service APIs with integration to upstream IdP and policy engines.

Agent-researched
Vendor

Armilla

Armilla focuses on AI regulatory compliance in Pillar E, with specialized tooling for EU AI Act compliance assessment, documentation, and ongoing monitoring of AI system adherence to regulatory requirements.

Agent-researched
Vendor

Astrix Security

Astrix Security focuses on non-human identity security in Pillar B, with research and tooling for securing MCP server deployments, detecting ungoverned AI tool access, and replacing static credentials with OAuth-based authorization.

Agent-researched
Vendor (OSS-backed)

Cerbos

Cerbos is a lightweight, Git-native policy engine operating in Pillar A as a callable authorization service, with particularly strong fit for low-latency Pillar B RAG pipeline pre-retrieval checks and Pillar C output filtering. Cerbos emits authorization decision logs consumed by Pillar D SIEM for audit trails.

Agent-researched
Vendor

CrowdStrike

CrowdStrike provides endpoint protection in Pillar D, with behavioral detection capabilities extended to monitor AI agent activity on endpoints and detect anomalous AI-initiated actions or lateral movement.

Agent-researched
Vendor

Databricks

Databricks Unity Catalog operates in Pillars B and C, providing data governance and semantic layer capabilities with fine-grained access control. Unity Catalog integrates with IGA platforms via SCIM for group membership, enforcing row/column-level security and clearance-tier aware output in AI analytics workflows.

Agent-researched
Vendor

Datadog

Datadog operates in Pillar D providing observability and monitoring for AI infrastructure, ingesting guardrail policy triggers, API gateway logs, and infrastructure metrics to enable correlation of AI activity with system behavior for anomaly detection.

Agent-researched
Vendor (OSS-backed)

Elasticsearch

Elasticsearch provides log aggregation and SIEM capabilities in Pillar D through Elastic SIEM, ingesting authorization decision logs from policy engines and RAG pipeline trace logs for audit and anomaly detection across the IAAI architecture.

Agent-researched
Vendor

Guardrails AI

Guardrails AI provides LLM output filtering in Pillars C and D, enforcing clearance-tier aware abstraction policies and detecting policy violations in AI outputs. Emits structured policy violation events to Pillar D SIEM for compliance monitoring.

Agent-researched
Vendor

HashiCorp

HashiCorp Vault provides secrets management for AI agent credentials in Pillar A, with Enterprise v1.21+ natively issuing SPIFFE SVIDs to non-human identity workloads. This integrates cryptographic workload identity into existing secrets infrastructure, supporting distributed AI agent authentication in Pillar B.

Agent-researched
Vendor

HiddenLayer

HiddenLayer operates in Pillar D providing AI model security, detecting adversarial attacks, model theft attempts, and other ML-specific threats in production AI systems.

Agent-researched
Vendor

Holistic AI

Holistic AI provides AI regulatory compliance and governance tooling in Pillar E, with focus on fairness assessment, bias detection, and compliance with emerging AI regulations including the EU AI Act.

Agent-researched
Vendor

IBM

IBM provides QRadar SIEM in Pillar D for AI activity logging and correlation, plus OpenScale in Pillar E for AI model governance, fairness monitoring, and explainability tracking across enterprise AI deployments.

Agent-researched
Vendor

Island

Island Enterprise Browser operates in Pillars A and D, enforcing browser-based access policies from Pillar A for AI tool usage while monitoring and logging AI platform interactions in Pillar D for compliance and DLP enforcement.

Agent-researched
Vendor (OSS-backed)

Kong

Kong API Gateway operates in Pillar B as an API gateway enforcing policy-engine authorization for AI service calls, mediating access to AI tools and data sources with identity-aware routing and rate limiting.

Agent-researched
Vendor

Lacework

Lacework provides cloud security and anomaly detection in Pillar D, with behavioral analysis capabilities for detecting unusual AI workload activity and privilege escalation in cloud environments hosting AI services.

Agent-researched
Vendor

Lakera

Lakera operates in Pillar D providing AI-specific security testing and prompt injection detection, monitoring for adversarial inputs and jailbreak attempts in production AI systems.

Agent-researched
Vendor

Looker

Looker operates in Pillar B providing semantic layer and data governance capabilities, with role-based access control enabling identity-aware retrieval for AI analytics queries against governed data models.

Agent-researched
Vendor

Microsoft

Microsoft spans all five IAAI pillars, with Entra ID Governance acting as an IGA and IdP backbone in Pillar A, M365 Copilot and Azure AI Search enforcing identity-aware retrieval in Pillar B, Purview sensitivity labels and AI Hub enforcing output and data classification in Pillars C and D, Sentinel providing AI activity logging and SIEM capabilities in Pillar D, and Purview Compliance Manager plus Responsible AI toolkits supporting enterprise AI governance in Pillar E. The portfolio offers the most comprehensive native IAAI stack for Microsoft-centric enterprises.

Agent-researched
Vendor

NVIDIA

NVIDIA NeMo Guardrails operates in Pillars C and D, providing programmable guardrails for LLM output filtering and policy enforcement. Guardrail triggers are logged and forwarded to Pillar D observability platforms for disclosure compliance tracking.

Agent-researched
Vendor

Okta

Okta serves as an enterprise IdP in Pillar A, issuing verifiable identity tokens consumed by Pillar B and C enforcement contexts. Okta's Cross-App Access (XAA) extension brings MCP server authorization under enterprise identity governance, enabling centralized policy enforcement for AI tool access in Pillar B.

Agent-researched
Vendor

OneTrust

OneTrust AI Governance operates in Pillar E as an AI governance and risk management platform, managing AI use case approvals, risk tiers, and regulatory compliance. OneTrust integrates with Pillar A IGA to trigger access provisioning for approved AI use cases and with Pillar D SIEM to ingest security findings into the AI risk register.

Agent-researched
Vendor

Orca Security

Orca provides agentless cloud security and CIEM in Pillar A, with visibility into cloud infrastructure entitlements for AI workloads across multi-cloud environments, complementing IGA platforms with infrastructure-level permission discovery.

Agent-researched
Vendor

Pinecone

Pinecone operates as a vector database in Pillar B, with metadata filtering capabilities enabling identity-aware retrieval when integrated with policy engines. Query logs feed Pillar D SIEM for retrieval audit trails.

Agent-researched
Vendor

Prompt Security

Prompt Security focuses on AI-specific threat detection in Pillar D, monitoring for prompt injection, jailbreaks, and other AI-targeted attacks in production deployments.

Agent-researched
Vendor

Protect AI

Protect AI provides model security and adversarial testing in Pillar D, with tools for detecting model vulnerabilities, adversarial inputs, and supply chain risks in AI deployments.

Agent-researched
Vendor

SailPoint

SailPoint's Identity Security Cloud serves as an enterprise-wide IGA backbone for human, personal agent, and enterprise agent identities in Pillar A, feeding entitlements into Pillar B retrieval filters and Pillar C abstraction tiers via SCIM and API integrations, and serving as the system of record for access reviews triggered by Pillar D findings and governed by Pillar E oversight.

Agent-researched
Vendor

Saviynt

Saviynt provides cloud-native IGA and CIEM capabilities in Pillar A, with strong non-human identity and PAM support for AI agent credentials. The platform offers cross-cloud entitlement visibility particularly suited for cloud-native AI workloads, feeding entitlements into Pillar B retrieval enforcement points.

Agent-researched
Vendor

Securiti

Securiti AI provides DSPM and AI-specific DLP in Pillar D, discovering and classifying data across environments while monitoring AI system access patterns and detecting sensitive data exposure in AI outputs.

Agent-researched
Vendor

SentinelOne

SentinelOne operates in Pillar D providing autonomous endpoint protection, with AI-powered detection extended to identify unusual AI agent behaviors and potential compromises of AI workload identities.

Agent-researched
Vendor

ServiceNow

ServiceNow GRC operates in Pillar E providing governance, risk, and compliance platform capabilities with AI governance modules. ServiceNow receives AI security incidents from Pillar D SIEM and documents E-AIG policy decisions that feed into Pillar A policy-as-code implementation.

Agent-researched
Vendor

Snowflake

Snowflake provides data platform governance in Pillars B and C through RBAC and data masking capabilities, enabling identity-aware retrieval and clearance-tier output filtering for AI analytics queries against enterprise data warehouses.

Agent-researched
Vendor

Splunk

Splunk provides AI activity logging and SIEM capabilities in Pillar D, ingesting logs from RAG pipelines, guardrail engines, and IdP systems to detect anomalies and policy violations. Splunk SOAR can trigger access reviews in Pillar A IGA based on AI security findings, and exports trend reports to Pillar E governance platforms.

Agent-researched
Vendor

Symantec

Symantec DLP operates in Pillar D providing data loss prevention capabilities extended to AI prompts and outputs, detecting sensitive data exposure in AI interactions and integrating with Pillar A IGA for entitlement gap analysis.

Agent-researched
Vendor

Tenable

Tenable offers CIEM capabilities in Pillar A for cloud infrastructure entitlement visibility and management, providing insights into AI workload permissions that complement IGA-managed entitlements.

Agent-researched
Vendor

Varonis

Varonis provides data security posture management in Pillar D, with continuous monitoring and classification of data accessible to AI systems, feeding findings into Pillar A policy decisions and Pillar B retrieval scope configurations.

Agent-researched
Vendor

Weaviate

Weaviate serves as a vector database in Pillar B with native filtering and access control capabilities, supporting identity-aware RAG retrieval when integrated with upstream authorization layers. Logs retrieval activity for Pillar D monitoring.

Agent-researched
Vendor

Wiz

Wiz provides cloud security posture management in Pillars A and D, with CIEM capabilities offering cross-cloud visibility into AI workload and service account entitlements. Wiz detects permission drift and excessive entitlements in Pillar D, feeding findings back to Pillar A IGA for access review triggers.

Agent-researched