Autonomous AI agents are reshaping how enterprises operate. These systems can execute complex workflows, make decisions, and take action with minimal human oversight. The business case is compelling: faster execution, reduced operational costs, and around-the-clock productivity. Yet for every boardroom conversation about efficiency gains, there is an equally urgent discussion happening in legal, compliance, and security offices across the globe.

The anxiety is justified. Unlike traditional software that follows predetermined paths, autonomous agents reason, adapt, and act in ways that can be difficult to predict or trace. When something goes wrong, the consequences extend far beyond a system error. We are talking about regulatory violations, unauthorized expenditures, security breaches, and legal exposure. Decision-makers are no longer just purchasing technology; they are delegating authority to systems whose “thinking” often remains opaque. Before signing off on any autonomous agent deployment, leaders need clarity on a fundamental question: How do you prove this system will stay within bounds?

We asked 10 technology and security leaders to share the single most critical assurance question decision-makers should ask vendors before deploying autonomous agents. Their responses converge on one theme: demand proof, not promises.

Enforce It or It Does Not Exist

Saurav Banerjee, AI Security Lead at Samsung, cuts straight to the core: “How do you technically enforce and prove that the agent can never act outside approved policies in real time?” His question demands more than documentation. He wants hard guardrails, continuous runtime policy enforcement, full auditability, rollback control, and independent validation that actually works in production.

This sentiment echoes across the expert panel. Looi Teck Kheong, Global AI Ambassador and President of the Singapore Chapter of the Global Council for Responsible AI, frames it in architectural terms: “The decisive question is: what verifiable, runtime enforcement mechanisms exist to constrain the agent’s actions, not just its design intent?” He argues that true assurance comes from enforcement-by-architecture, not from testing or post-hoc reporting.

The Audit Trail Is Everything

Mudita Khurana, Staff Security Engineer, raises a point that should concern any compliance officer: “Can you provide a complete audit trail of agent decision-making, including actions the agent considered but chose not to take?” Most vendors can tell you what got blocked. Far fewer can show you what the agent wanted to do and which specific constraint stopped it. For agents with production access, she considers this visibility non-negotiable.

Nia Luckey, Lead of Governance and Monitoring at AT&T, reinforces this standard. Decision-makers should seek “verifiable evidence of enforceable guardrails, real-time policy validation, auditable decision logs, and automated kill-switches when security, legal, compliance, or budget thresholds are breached.”

Test It, Then Test It Again

Dan Barahona, Co-Founder of APIsec University, challenges leaders to ask for proof through continuous security testing: “What continuous security testing shows that agents can’t escape policy via prompt injection, tool manipulation, or other AI/API exploit?” Guardrails must be enforced and validated with repeatable tests. If vendors cannot produce logs and test results, it is not a guarantee.

Tia Hopkins, Chief Cyber Resilience Officer and Field CISO at eSentire, frames the vendor conversation with clarity: “Show me how the agent’s decisions are governed, constrained, and auditable end-to-end; not just what it can do.” Decision-makers do not need another promise of accuracy. They need proof that every autonomous action is bounded by explicit security, legal, compliance, and cost controls. That means guardrails, continuous validation, and a clear chain of accountability when the agent adapts or escalates. “If a vendor can’t demonstrate how intent, context, and constraints are enforced in real time,”Hopkins warns, “you’re actually outsourcing risk, when you might think you’re buying autonomy.”

Human Override Is Non-Negotiable

Abdul-Hakeem Ajijola, Chair of the African Union Cybersecurity Experts Group, brings a governance perspective that transcends technical controls: “Prove that humans can always see, stop, and correct what this AI is doing. If decisions cannot be traced, audited, and overridden, the system is unsafe by design.” His observation that resilience fails more from governance inertia than from attackers should give every executive pause.

Brian Fricke, MSVP CISO and Head of Technology Risk at City National Bank of Florida, synthesizes multiple requirements into one comprehensive question. He asks vendors to demonstrate “with independently verifiable controls and logs, that every autonomous action is pre-authorized, continuously constrained, and automatically halted when it violates a formally defined policy, legal, security, or budget boundary.” If vendors cannot show deterministic constraint enforcement plus real-time observability, he concludes, the agent is not governable.

Watch How It Learns

Mari Galloway, CEO, shifts focus to an often-overlooked dimension of autonomous systems: their evolution over time. Decision-makers should ask “how the vendor continuously monitors, governs, and validates agent changes as it learns and reasons toward its goals.” This visibility ensures execution paths remain within guardrails and enables rapid intervention when updates introduce new risks.

Dr. Blake Curtis, Senior Leader of AI Risk Management, Strategy, and Governance at Amazon Web Services, provides a practical framework for the conversation: “What built-in controls stop this agent from doing something unsafe, illegal, non-compliant, or too expensive, such as human-in-the-loop, access limits, spending caps, or kill switches? And what transactional, real-time monitoring of inputs, processing, and outputs detects abnormal or risky behavior early and flags it before harm occurs?”

The Bottom Line

The consensus among these experts is clear. Autonomous agents require a fundamentally different approach to vendor assurance. Traditional security questionnaires and compliance certifications are starting points, not endpoints. Leaders must demand architectural enforcement, complete decision-path visibility, continuous validation, and unambiguous human override capabilities.

Before any autonomous agent goes live in your organization, ensure your vendor can answer one question with evidence, not assertions: How do you prove, in real time and under adversarial conditions, that this system will never exceed its authorized boundaries? The answer will tell you whether you are gaining a competitive advantage or inheriting uncontrolled risk.

— Isu Abdulrauf.

AI is no longer just a buzzword in cybersecurity. It’s becoming a tool you can put to work right now. And for this piece, I want to spotlight something every cybersecurity professional should understand: AI agents.

We’re in an era where AI is transforming how we operate. Yet, while everyone talks about AI, AI agents remain either misunderstood or completely off the radar for many security teams. That’s a missed opportunity. As cybersecurity professionals, we don’t just need to know about AI agents; we need to know how to use them effectively and integrate them into our daily workflows.

Let’s be clear. Cybersecurity is a high-stakes field. Not everything should (or can) be handed off to AI. But that’s exactly why understanding this technology is critical. By offloading routine, repetitive tasks to AI agents, you free yourself to focus on strategic analysis, creative problem-solving, and decision-making (the areas where human expertise shines brightest). And this shift alone can supercharge your productivity and impact.

The best time to learn how to do this? Now. Because once your Uber driver casually mentions AI agents, the wave has already crested and the competitive edge will be long gone. But today, you still have the chance to ride that wave early and carve out an advantage.

 
Let’s get technical, but approachable.

You might be wondering, “I’m not a pro developer. Can I really build or use AI agents?” The answer is a resounding YES. And that’s where CrewAI comes in.

CrewAI is a powerful, beginner-friendly framework that lets you build functional AI agents without deep technical expertise. It abstracts away much of the complexity, allowing you to focus on defining your agents’ roles, tasks, and goals—not the underlying code.

But before we dive into CrewAI, let’s start with the basics.

 
What Are AI Agents?

You already know tools like ChatGPT, Claude, Gemini, and DeepSeek. These are powerful language models trained on huge datasets to generate human-like responses across countless topics—think of them as generalists.

AI agents are built on top of these models, but with a sharp focus—they’re the specialists.

Picture this: ChatGPT is like an encyclopedia with broad knowledge of all topics. An AI agent, on the other hand, is like a Ph.D. professor with decades of field experience in a very specific niche—say, digital forensics. The professor doesn’t just know facts but also deeply understands workflows, tools, case studies, and how to creatively solve problems.

Unlike general AI models, agents are designed to hold context over time using memory, access external tools like web browsers and APIs, make decisions autonomously based on your goals, and even collaborate with other agents if needed.

 
Building an AI Agent with CrewAI

Let’s walk through building a simple AI agent to assist a cybersecurity specialist in conducting a phishing simulation campaign. This agent will help generate realistic phishing email templates tailored to a target organization.

1) Set up your environment

You’ll need a working Conda setup and an OpenAI API key.

Create and activate an environment:
conda create -n aicybermagazinedemo python=3.12
conda activate aicybermagazinedemo

Install CrewAI and tools:
pip install crewai crewai-tools

Initialize a project:
crewai create crew aicybermagazinedemo

Key files to note:
src/aicybermagazinedemo/config/agents.yaml — define your agents’ roles
src/aicybermagazinedemo/config/tasks.yaml — define tasks/goals
src/aicybermagazinedemo/crew.py — wire up agents & tasks into a Crew
src/aicybermagazinedemo/main.py — run/launch entrypoint

2) Define agents and tasks

For this phishing simulation use case, use two agents and two tasks:

• OSINT Agent — collects open-source intelligence on the target organization.
• Phishing Content Agent — crafts three realistic phishing emails tailored to the OSINT findings.

Sample definitions you can adapt are available on GitHub: https://github.com/hackysterio/AICyberMagazine (see src/aicybermagazinedemo/config/agents.yaml and src/aicybermagazinedemo/config/tasks.yaml).

3) Link agents and tasks into a workflow

In src/aicybermagazinedemo/crew.py and src/aicybermagazinedemo/main.py, connect your agents to their tasks and specify execution order.

Pro tip: Use CrewAI’s official Custom GPT Assistant from the GPT store: CrewAI Assistant.
Start a chat, paste your current main.py and crew.py, then paste your agents.yaml and tasks.yaml. Ask it to generate updated versions wired to your configs, then copy the results back into your local files.

4) Run your agent

Execute the workflow:
crewai run

Your agents will perform OSINT and craft tailored phishing emails based on real-world data.

 
Quick Tip: Understanding {org_name} and Where to Edit It

In src/aicybermagazinedemo/config/agents.yaml and src/aicybermagazinedemo/config/tasks.yaml you’ll see a placeholder: {org_name}. This is a variable that gets filled at runtime.

Set it in src/aicybermagazinedemo/main.py, e.g.:
"org_name": "Google"

Tomorrow, to target a different org, change it to:
"org_name": "Dangote"

Simple, flexible, and powerful.

 
Why This Matters

AI agents aren’t science fiction. They’re here, real, and powerful. The question is whether you’ll adopt them while they’re a competitive advantage—or wait until they’re just industry standard.

Start small:

• Delegate one routine task (e.g., initial OSINT collection).
• Observe output quality and adjust prompts/configs.
• Iterate, then expand to multi-agent workflows (e.g., OSINT → content generation → approval checklist).

In cybersecurity—where complexity, speed, and precision are everything—a well-implemented AI agent can become the most valuable teammate you’ve ever had.

– By Dr. Dustin Sachs.

The average SOC analyst makes more decisions in a single shift than most people do in a week, and the stakes are existential. Every blinking alert, every incomplete data trail, every ambiguous log entry demands judgment under pressure. And yet, the very tools meant to help—dashboards, threat feeds, SIEMs—often flood defenders with so much information that they become paralyzed, fatigued, or worse, desensitized. This is the real threat behind cognitive overload in cybersecurity.

But what if AI didn’t just accelerate detection, but actively reduced mental load? What if it could help us think better, not just faster? AI, when designed with behavioral insights in mind, can become not just an automation engine but a cognitive ally (Kim, Kim, & Lee, 2024).

Understanding Cognitive Overload in Cyber Contexts

Cognitive overload occurs when the volume and complexity of information exceeds a person’s working memory capacity. In cybersecurity, this happens daily. Analysts must process thousands of alerts, each with its own potential consequence, often in noisy environments under time pressure.

Drawing from Daniel Kahneman’s System 1/System 2 thinking, most analysts oscillate between intuitive snap decisions and laborious, analytical reasoning. Under stress, they revert to mental shortcuts, increasing the risk of oversight (Kim & Kim, 2024).

A 2025 survey from Radiant Security found that 70% of SOC analysts suffer from burnout, and 65% are actively considering a job change. The primary driver is alert fatigue caused by the flood of false positives and manual triage demands. This constant barrage of low-value alerts overwhelms analysts’ cognitive capacity, leading to mental exhaustion, slower response times, and decreased job satisfaction (Radiant Security, 2025).

Additionally, cognitive overload contributes to higher error rates, inconsistent documentation, and a breakdown in team coordination (Cau & Spano, 2024).

When AI Makes It Worse

Despite the growing enthusiasm surrounding artificial intelligence in cybersecurity, the reality is more complex. Not all AI implementations are beneficial—some can actually exacerbate the very problems they were designed to solve.

• Poorly integrated AI systems often produce an overwhelming volume of false positives, bombarding analysts with alerts that require manual triage.
• Opaque, black-box models create trust gaps, forcing analysts to make high-stakes decisions without clear explanations.
• “Alert multiplicity” has become a problem: many AI tools flood SOCs with signals that lack relevance or priority, adding to the noise rather than reducing it (Camacho, 2024).

Instead of cutting through the noise, such AI tools often add to it—leaving analysts frustrated and overwhelmed.

Reframing AI as a Cognitive Augmentation Tool

To realize AI’s true potential, it must be reimagined not as an automated watchdog, but as a cognitive ally. The shift from detection engine to decision support system is not just semantic—it’s strategic. AI must be designed to think with analysts, not for them.

• Intelligent Prioritization – Instead of treating all anomalies equally, advanced systems can learn from historical triage behavior to rank alerts by actionability. This helps analysts focus on meaningful threats (Romanous & Ginger, 2024).
• Natural Language Summarization – AI-powered tools like Microsoft Security Copilot and IBM QRadar condense logs and raw data into digestible executive summaries, enabling faster comprehension (Akhtar & Rawol, 2024).
• Behavioral AI Integration – Systems can adapt to analysts’ work patterns, presenting information in chunked formats to reduce context-switching. Subtle nudges, such as highlighting inconsistencies or recommending secure defaults, improve consistency under stress (Shamoo, 2024).

Strategic Recommendations for Implementation

To maximize impact, organizations should embed AI into cybersecurity workflows using human-centered design principles.

Cybersecurity is ultimately a human endurance sport, demanding sustained attention, resilience under pressure, and rapid decision-making amid uncertainty.

In this high-stakes landscape, AI can become a trusted teammate rather than an overbearing taskmaster. By shifting the narrative from AI as an automation panacea to a strategic cognitive asset, security leaders empower their teams to make better, faster, and more informed decisions.

This reframing fosters an environment where defenders not only keep pace with threats but develop the capacity to adapt, learn, and excel over time.

References

Akhtar, Z. B., & Rawol, A. T. (2024). Enhancing cybersecurity through AI-powered security mechanisms. IT Journal Research and Development. https://doi.org/10.25299/itjrd.2024.16852

Bernard, L., Raina, S., Taylor, B., & Kaza, S. (2021). Minimizing cognitive overload in cybersecurity learning materials: An experimental study using eye-tracking. Lecture Notes in Computer Science, 47–63. https://doi.org/10.1007/978-3-030-80865-5_4

Camacho, N. G. (2024). The role of AI in cybersecurity: Addressing threats in the digital age. Journal of Artificial Intelligence General Science. https://doi.org/10.60087/jaigs.v3i1.75

Cakır, A. M. (2024). AI driven cybersecurity. Human Computer Interaction. https://doi.org/10.62802/jg7gge06

Cau, F. M., & Spano, L. D. (2024). Mitigating Human Errors and Cognitive Bias for Human-AI Synergy in Cybersecurity. In CEUR WORKSHOP PROCEEDINGS (Vol. 3713, pp. 1-8). CEUR-WS. https://iris.unica.it/retrieve/dd555388-5dd2-4bb2-870d-92926d59be04

Folorunso, A., Adewumi, T., Adewa, A., Okonkwo, R., & Olawumi, T. N. (2024). Impact of AI on cybersecurity and security compliance. Global Journal of Engineering and Technology Advances, 21(1). https://doi.org/10.30574/gjeta.2024.21.1.0193

Ilieva, R., & Stoilova, G. (2024). Challenges of AI-driven cybersecurity. 2024 XXXIII International Scientific Conference Electronics (ET). https://doi.org/10.1109/ET63133.2024.10721572

Kim, B. J., Kim, M. J., & Lee, J. (2024). Examining the impact of work overload on cybersecurity behavior. Current Psychology. https://doi.org/10.1007/s12144-024-05692-4

Kim, B. J., & Kim, M. J. (2024). The influence of work overload on cybersecurity behavior. Technology in Society. https://doi.org/10.1016/j.techsoc.2024.102543

Malatji, M., & Tolah, A. (2024). Artificial intelligence (AI) cybersecurity dimensions. AI and Ethics, 1–28. https://doi.org/10.1007/s43681-024-00427-4

Radiant Security. (2025). SOC analysts are burning out. Here’s why—and what to do about it. Radiant Security. https://radiantsecurity.ai/learn/soc-analysts-challenges/

Romanous, E., & Ginger, J. (2024). AI efficiency in cybersecurity: Estimating token consumption. 21st Annual International Conference on Privacy, Security and Trust (PST). https://doi.org/10.1109/PST62714.2024.10788078

Shamoo, Y. (2024). Advances in cybersecurity and AI. World Journal of Advanced Research and Reviews. https://doi.org/10.30574/wjarr.2024.23.2.2603

Siam, A. A., Alazab, M., Awajan, A., & Faruqui, N. (2025). A comprehensive review of AI’s current impact and future prospects in cybersecurity. IEEE Access, 13, 14029–14050. https://doi.org/10.1109/ACCESS.2025.3528114strat

– By Lalit Choda (Mr. NHI)

The cybersecurity perimeter isn’t just about human users or login screens anymore. Instead, it’s moving toward something a lot more complex and maybe even more risky: Non-Human Identities (NHIs) that act on their own, make choices, and have control over various systems.

These days, there are way more NHIs than human identities, with LLM agents and software supply chain bots leading the pack—it’s a ratio of 25 to 50 times! But as these digital entities keep growing, there’s a big gap in how we manage them. We’ve got the hang of authenticating users. We still haven’t figured out how to manage machines that can think and act on their own.

So, this is where the Model Context Protocol (MCP) steps in. MCP isn’t just a buzzword; it’s an up-and-coming protocol designed to provide digital entities with a structured behavioral context. It suggests moving away from identity-based access to a system that enforces execution based on context, tying what a machine can do to the where, when, and why of its actions.

What Exactly Is Model Context Protocol?

The Model Context Protocol, or MCP, is a structured and open protocol that aims to link large language models (LLMs) with tools, data, and services in a standardized and secure manner.

When an AI model like Anthropic’s Claude or OpenAI’s GPT needs to do things beyond what it knows—like checking a database, calling a REST API, or getting private data—it can use MCP to ask for access and get a response from a trusted server.

But MCP is more than just connections. It gives you the lowdown on what’s happening: what the model is up to, what tools it can use, who the user is, what data is being accessed, and the policy guiding the action.

MCP makes sure every decision or action taken by an NHI includes:

• The intended behavior and model state
• The policy scope (what’s allowed and what’s not)
• The source of invocation (who or what triggered the action)
• The environmental metadata (time, workload type, data boundaries)

 

MCP vs Traditional IAM: What’s New?

MCP = Identity + Execution Context + Behavioral Constraints.

MCP takes things a step further than traditional IAM systems. While those systems focus on identifying who an entity is, MCP asks, “Should this action be allowed right now, in this context, and with this level of trust?”

How MCP and NHIs Intersect

AI models that interact with systems, like retrieving sensitive records, are effectively acting as NHIs. That means they must be:

• Identified: Who or what is the agent?
• Scoped: What can it do?
• Monitored: What has it done?

 

MCP provides the structure for these controls. It allows organizations to delegate actions to AI agents safely, while enforcing security boundaries and business logic around what those agents can see or do.

Through MCP:

• NHIs powered by LLMs can access tools only when explicitly allowed
• Context (user session, role, task) is embedded with every action
• Organizations retain full control over tool servers, data policies, and logging

 

The NHI Problem

Back in the day, identity was just about having a username and password. For NHIs, identity feels a bit abstract. These Non-Human Identities (NHIs) have become the main players in many organizations, actually outnumbering human users by a significant margin. You’ve got service accounts, API keys, LLM models, and AI agents in the mix.

What’s the issue? So, these NHIs are:

• Invisible, since they’re not really monitored like human users
• Powerful because they have broad permissions
• Poorly governed, often having stale credentials or no clear owner

 

MCP shifts the discussion from “what identity is this?” to “what context is this action happening in?” That shift really changes the game.

MCP’s Approach to Tackling NHI Issues

The Model Context Protocol (MCP) secures NHIs by incorporating context, control, and traceability into each action they take:

• Contextual Execution – MCP ensures that an NHI can only work within its intended model scope. For example, an AI agent trained for documentation cannot suddenly interact with financial systems.
• Policy Binding – Rather than just linking access rules to an identity, MCP applies behavioral policies at the model context level. NHIs are guided by their identity, actions, and the reasons behind them.
• Auditability – Every action taken by an NHI through MCP is logged with full context: intent, origin, scope, and response. This enables accountability, trust, and compliance.

 

Challenges

Every transformation comes with its challenges. To adopt MCP, we need to tackle:

• Context Modelling – Defining accurate boundaries for complex systems can be tough, especially in multi-agent or hybrid cloud environments.
• Legacy Compatibility – Many IAM systems weren’t built to handle contextual enforcement. Integrating MCP requires effort.
• Standardization – For MCP to succeed, it must work across platforms. Without common schemas and tool servers, fragmentation risks undermining its potential.

 

The Future of MCP

For a secure future with NHIs, we can’t just depend on old-school human access controls. As machines get smarter and start making decisions, the way we govern them must adapt too.

The Model Context Protocol provides a way to move ahead. It’s not a quick fix, but it marks a shift from fixed identities and wide-ranging permissions to flexible, context-based policy enforcement. If designed well, MCP could make NHIs predictable, safe, and accountable.

The future of cybersecurity is moving away from just usernames and passwords. It’s going to be influenced by the model’s identity, the scope of the task, and the limits on behavior. MCP is set to be a key building block for Zero Trust in machine-driven infrastructure. When it comes to AI assistants handling workflows or robotic process automation in finance, it’s all about earning trust through actions rather than just relying on credentials.

– By Katharina Koerner, PhD.

AI is changing the enterprise – but as its footprint expands, so does its attack surface. From shadow AI deployments to data leakage through large language models, the risks associated with AI adoption are intensifying.

Despite strong investment in AI capabilities, one foundational truth remains overlooked in many security strategies: AI is only as secure as the data it uses – and most security tools weren’t designed to protect that layer. While traditional controls focus on securing environments, endpoints, or identities, they miss the sensitive data AI systems ingest, process, and generate. If you don’t know where your data lives, who accesses it, or how it flows, your AI security posture is incomplete by design.

That’s why forward-looking organizations are turning to Data Security Posture Management (DSPM) as the missing layer in their AI security stack.

DSPM enables secure and responsible AI by offering a data-centric approach to security, operating from the data out – rather than relying solely on perimeter, infrastructure, or identity-based controls. It enables organizations to gain visibility, context, and control over the data layer that fuels AI systems.

From Privacy to Posture: The Evolution of DSPM

DSPM emerged from early privacy technologies that focused on scanning data stores for personally identifiable information. These tools helped organizations meet growing regulatory obligations by identifying sensitive data and reporting risk.

But modern DSPM platforms have moved far beyond discovery. They now deliver real-time, automated data visibility, access governance, and risk remediation across hybrid cloud, SaaS and AI workload-intensive environments. What began as a privacy utility has matured into a critical security layer – integral to safe, responsible AI development and deployment.

Why Traditional Controls Fall Short for AI

Most security stacks were never built for dynamic, AI-powered data flows. CSPM, endpoint protection, and IAM all serve critical functions. But they weren’t built for the way AI systems process data today: fast, distributed, unstructured, and highly experimental. Traditional tools don’t offer granular insights into how sensitive data is accessed, shared, or copied across SaaS, cloud, and AI-related services – including potential movement into training pipelines or shadow environments.

DSPM fills this gap – operating from the data out. It helps teams answer critical questions like:

• Is this dataset safe to use in training?
• Who has access to that financial record?
• Has sensitive data been copied into a shadow AI environment?

By starting with the data and building visibility outward, DSPM complements existing tools while laying the foundation for AI-ready security. It doesn’t replace traditional controls—it feeds them. By adding real-time data visibility and sensitivity context, DSPM makes tools like CSPM, IAM, and DLP effective in securing how data is actually accessed, shared, and processed by AI systems.

Why AI Demands DSPM

This shift from static compliance tooling to dynamic data posture management comes at exactly the right time. As organizations embrace AI, the scale, speed, and complexity of data usage has outpaced what traditional security tools were designed to handle. AI systems don’t just use data – they are built on it. Models ingest structured and unstructured data, move it across tools and clouds, and generate synthetic outputs that may expose or replicate sensitive content.

To secure this process, DSPM provides five essential capabilities:

• Data Inventory – Modern DSPM tools can scan and inventory data across cloud, SaaS, and on-prem environments, down to individual elements. This includes structured fields like customer IDs or access tokens, as well as unstructured content in documents, emails, or source code repositories. In AI contexts, this allows organizations to identify where sensitive data is used in prompts, training datasets, or inference pipelines, including uncovering shadow copies supporting unauthorized model experimentation.
• Data Classification – Once data is discovered, it must be understood. DSPM platforms categorize data by sensitivity and compliance relevance—such as PII, PHI, financial records, and intellectual property – enabling enforcement of AI privacy, retention, and processing policies. For AI, classification is essential to minimize overprocessing and ensure that regulated data is only used where permitted, supporting privacy-by-design and the operationalization of data minimization.
• Access Governance – Overentitled users and services are a leading cause of modern data breaches. DSPM maps access pathways across identities, roles, and service accounts, flagging excessive permissions or inappropriate access to sensitive data. Within AI workflows, this reduces the risk of data misuse during model training and ensures that only authorized teams can access sensitive datasets – especially in collaborative or decentralized environments.
• Data Flow Awareness – AI pipelines don’t operate in silos. Data moves rapidly across tools, APIs, SaaS connectors, and platforms. DSPM provides near real-time visibility into how data is accessed, shared, or copied, allowing teams to surface risky flows that may violate internal usage boundaries, retention schedules, or regulatory purpose-limitation requirements.
• Risk Detection & Remediation – From misclassified SaaS exports to open cloud storage or unsanctioned AI model inputs, DSPM helps detect policy violations and security gaps that may compromise compliance or trust. Leading platforms prioritize critical issues and integrate with SIEM, SOAR, or ticketing systems – helping teams support audits, AI risk assessments, AI and regulatory reporting at scale.

What to Look for in a DSPM Platform

Many solutions today claim DSPM capabilities but maturity varies. Some vendors rely on outdated regex scanning or static metadata. Others miss entire environments, especially on-prem, file shares, or proprietary SaaS apps.

Over the past three years, the DSPM market has evolved rapidly. Today, leading solutions share several cloud-native traits:

• Context-aware classification, using AI/ML to minimize false positives and accurately identify sensitive data in complex formats like contracts, source code, or multilingual content
• Access risk scoring, highlighting overprivileged users, stale permissions, or public data exposure
• Remediation hooks, integrating with SIEM, SOAR, ticketing, or policy enforcement tools to drive action
• Cross-environment visibility, covering multi-cloud, SaaS, and hybrid architectures without requiring agent sprawl
• Ecosystem readiness, with API-first designs and integrations into DLP, GRC, IAM, and lineage platforms

When evaluating DSPM solutions, the goal isn’t just to find sensitive data—it’s to enable informed, enforceable decisions about how that data is classified, governed, and used, especially in AI systems where misuse can scale rapidly and silently.

If You Want Secure AI, Start with Secure Data….

Securing AI doesn’t start with the model – it starts with the data. From training to prompting to inference, sensitive data moves rapidly through AI systems, often outside traditional security perimeters. DSPM gives security teams the visibility, classification, and control needed to govern this data in near real time, across cloud, SaaS, and hybrid environments.

For AI security teams, DSPM enables answers to the questions that matter most:

• Where is our sensitive data, and how is it being used in AI workflows?
• Are we exposing more than we intend through training, prompts, or outputs?
• Can we demonstrate compliance and meet AI-specific regulatory expectations?
• Are we empowering innovation without compromising governance?

The message for CISOs and AI leaders is clear: If your data isn’t secure, your AI isn’t either. DSPM provides the visibility and control needed to govern sensitive data at scale. It’s not just a nice-to-have. It is the baseline for any serious, secure AI strategy.

– By Jakub Szarmach.
 
Why Words Fail ?

We’ve all seen it. A 30-page policy report that makes your eyes glaze over by paragraph three. It’s packed with facts, dense with citations, and totally unreadable.

The problem? Public policy keeps pretending it’s a textbook.

In a 2023 study by Pearson, L., & Dare, P. (2016). Visuals in Policy Making: “See What I’m Saying”, demonstrated a simple graph debunking the myth that rent control improves affordability beat a well-written text explanation. The graph group updated their beliefs more effectively—and held onto those changes longer. Why? Because visuals offload cognitive effort. They give people a structure. A shape. A story. That’s not fluff. That’s neuroscience.

 
Where Visuals Win

There are two powerful reasons to use visuals in public-facing materials or strategic decision documents:

1. Explainers that actually explain

Let’s be honest: half of what gets called “communication” in policy is just documentation in disguise. It’s there to prove something exists, not to help anyone understand it.

Think about the last time you really got something complicated. It probably wasn’t thanks to a six-paragraph definition or a multi-stakeholder compliance statement. It was because someone sketched a process map, drew a box-and-arrow diagram on a whiteboard, or handed you a one-pager that showed the whole thing at a glance.

A well-built process map shows relationships, dependencies, timing, and accountability. A good lifecycle graphic helps people understand when things happen, what changes over time, and who’s supposed to act. And a tight flowchart can answer the most important operational question of all: “What do I do when this breaks?”

These aren’t just nice-to-have additions. They’re comprehension machines. They strip away ambiguity. They give your reader a structure to hang everything else on. And they’re far more efficient than even the best-written paragraph, because they match how the brain likes to learn: visually, spatially, and all at once.

In short: if you want your policy to be understood, start drawing. If you can’t draw it, don’t write it yet.

2. Emotion in pixels

According to a 2017 review published in Frontiers in Psychology by Tyng, C. M., Amin, H. U., Saad, M. N. M., & Malik, A. S. demonstrated emotion plays a huge role in learning and memory. It boosts attention, speeds up encoding, and strengthens recall. When people feel something—surprise, relevance, even mild irritation—they remember better. This happens because your brain literally recruits more firepower: the amygdala gets involved in memory consolidation, the prefrontal cortex helps encode it, and the hippocampus stores it long-term.

What does this mean for policy? It means if you want someone to understand a new rule, procedure, or risk model, your best bet isn’t a wall of text. It’s a visual that makes the stakes feel real. Good visuals grab attention and direct it where it matters. They help brains do what brains do best: notice, learn, and remember.

So next time you’re choosing between a long paragraph and a smart diagram, remember:

If it doesn’t move them, it won’t stay with them. And if it won’t stay with them, it won’t change anything.

 
How to Talk to the C-Suite (Without Boring Them to Death)

Want your executives to actually understand the policy briefing?

Don’t bury them in acronyms. Don’t hand them a deck that needs its own glossary. Give them a diagram they can absorb in one glance.

According to Deloitte’s 2025 (Deloitte. (2025). Governance of AI: A Critical Imperative for Today’s Boards. Deloitte Insights) survey:

• 66% of boards say they have “limited or no” knowledge of emerging tech.
• Only 5% feel “very ready” to oversee related initiatives.
• And 72% mainly engage on these topics with CIOs and CTOs—not with CFOs, CISOs, or risk officers.

This isn’t a tech knowledge gap. It’s a communication gap.

Visuals can bridge that. A diagram showing risk ownership, control flow, and incident response is more effective than 40 slides and a donut chart.

 
A Shining Example: The AI Governance Controls Mega-map

Sometimes, someone gets it exactly right. Enter James Kavanagh’s AI Governance Controls Mega-map.

This isn’t your average compliance flowchart. It’s a 44-control, 12-domain visual architecture mapped across six major frameworks—ISO 27001, SOC 2, ISO 27701, ISO 42001, NIST RMF, and the EU AI Act.

What makes it shine?

• Everything is grouped by real-world ownership, not just abstract themes.
• Each “Master Control” aligns overlapping requirements across standards—so instead of six audits, you get one coherent structure.
• And it’s not just visual. It’s tactile. Kavanagh literally sorted control statements with paper and pen.

Think ISO meets LEGO. It’s usable, not theoretical. It helps you do governance, not just talk about it.

It’s the best kind of visual: one that saves time, reduces risk, and actually gets used.

 
Less Telling. More Showing.

Visuals aren’t decoration. They’re not the cherry on top of a policy sundae. They’re the plate the whole thing sits on. Without that plate, you’re just flinging scoops of information onto the floor and hoping someone catches them.

When done right, visuals don’t just make your ideas prettier—they make them possible. They clarify who does what and when. They spotlight risks that would otherwise stay buried in the fine print. They connect the dots across silos, teams, and time zones. They don’t just help people follow the story—they help people act on it.

So next time you write a strategy, draft a law, or prep a board update, don’t ask, “How can I explain this better?”

Ask: “What can I show instead?”

Then show it. Badly, if necessary. Just start.

– Olabode Agboola.

Throughout history, people have been amazed by the creativity and complexity of early inventions like watches, automobiles, airplanes, computers, industrial machines, ships, and so many more. But when it comes to the brilliance behind the development of AI technology, it truly stands out as something exceptional. Artificial intelligence really has the potential to change everything about how we think, reason, and even exist.

I built my foundation in artificial intelligence through a mix of experiences. I’ve worked directly with AI models, attended conferences to hear from keynote speakers, read a bunch of scholarly articles, connected with thought leaders, and even delivered some presentations myself. I’ve really deepened my understanding by teaching others about AI. So, I’ve got a background that really got me thinking about how AI works and what it can do, including the parts that aren’t often talked about.

Generative AI is one of the popular types out there, while other kinds of AI are still in the works. Right now, fewer than 1 billion people are using Generative Pre-trained Transformer AI each week, but it looks like that number is set to go over 1 billion pretty soon. On the flip side, a survey by Blue Prism found that 29% of organizations are already using Agentic AI, and 40% are planning to start using it soon. Agentic AI is all about making decisions on its own, automating tasks and processes, and managing systems that are designed to operate independently. This could really help businesses boost their efficiency and reduce the need for human involvement. These days, folks are automating their routines, and decisions are being made by Agentic AI for them. Agentic AI is making its way into a bunch of different industries, from defense setups to national security operations, and it’s being woven into all sorts of systems and machines.

 
Applications of Agentic AI

Agentic AI can be used in a bunch of different areas like delivery bots, self-driving cars, and drones. It really helps with making quick decisions about route optimization, navigation, and avoiding obstacles by integrating Agentic AI into the designs. Manufacturing is getting a boost with the help of embedded Agentic AIs, making things run more smoothly than ever. These days, production lines are managed more effectively. Fault detection gets a helping hand, downtime is cut down, and output is boosted thanks to Agentic AIs in the production and manufacturing sectors.

Bringing Agentic AI into cybersecurity defense systems has really stepped up threat detection. Now, defense decisions are made automatically, and countermeasures are rolled out in real time. There are quite a few other areas where Agentic AIs have made their mark, like logistics, disaster response operations, healthcare robotics, hydrocarbon exploration and production, energy grids, space exploration rovers, financial fraud management, and a bunch of others.

 
The Roles of Agentic AI

Agentic AI has a few specific roles: it can handle everything from gathering data to analyzing it, making decisions, providing responses, and giving feedback, all on its own. It can get a bit unsettling when you think about leaving an AI to gather and analyze data and make decisions on its own. But really, it shouldn’t be that scary if the places where this is happening aren’t putting human lives at risk.

Taking a closer look at the different kinds of Agentic AI reveals some serious concerns about letting them function in cyber-physical settings, especially in military systems and operations. The Data Agent is built to gather information on its own, no matter where it’s set up. The Analysis Agent looks at what the Data Agent produces, and then the Decision Agent makes its own call based on what both the Data Agent and Analysis Agent have provided. All of this can happen without anyone having to step in.

 
Military Use of Agentic AI

In military operations, Agentic AI is now handling some pretty complex strategies. A great example of this is drone swarms, which use machine learning and real-time data analysis to navigate their targets’ environments and carry out tactical operations or offensive tasks.

So, there’s this US defense tech company named Shield AI that just rolled out a new system called the MQ-35 V-BAT. It’s an advanced unmanned aerial system (UAS) that can take off and land vertically, thanks to its Agentic AI power. This electronic war system is designed to autonomously deploy Data Agents for data collection against its targets and can make decisions similar to drone swarms.

China has tapped into the potential of Agentic AI with their advanced unmanned ground system known as CETC. This system isn’t officially labeled as an Agentic AI-enabled system just yet, but you can definitely see some features that suggest it has those characteristics. CETC is designed to manage large-scale deployments of drone swarms, carry out precise autonomous strikes, and conduct reconnaissance and surveillance.

Russia has made a strategic move by leveraging Agentic AI’s offerings to develop their own autonomous UAV system for combat operations, surveillance, and reconnaissance. Russia has drones designed for medium altitude military operations, tactical intelligence gathering, stealth combat, and even some that can engage targets on their own.

Japan’s Ministry of Defence has announced plans to integrate AI into their military operations. This plan focuses on using AI to detect and identify targets by analyzing radar and satellite images. One of their standout Agentic AI-based systems is a UAV known as the Loyal Wingman. Japan isn’t just depending on its own systems; its maritime self-defense force has also picked up some V-BAT drones from US Shield AI to boost maritime situational awareness.

Some other countries that have tapped into the potential of Agentic AI for their military operations include Germany, the UK, France, and a few others. One great example is France’s approach to developing indigenous Agentic AI to boost its autonomy in defense and aerospace.

 
Civilian Applications

When people talk about Agentic AI, they often bring up a bunch of common examples. You’ll hear about things like self-driving transport systems, robotic surgery support, tools that can diagnose on their own, financial advice that’s fully automated, smart customer support, energy management with smart grids, machines working independently on production lines, and even how retail and supply chains handle inventory and demand forecasting all on their own.

One of the great things about it is how it can make decisions in real time, which really stands out among its many benefits. Another benefit is its ability to quickly respond to changing conditions. Agentic AI reduces errors, particularly those that humans often make, by providing precision and reliability.

 
Risks and Concerns

With all the cool things Agentic AI can do, you might think it’s all good news and no downsides. But when you start looking into how it’s used in military operations, it can definitely be a bit unsettling. How confident are we in the accuracy of Agentic AI when it comes to making decisions on its own during tactical military operations? Do you think the world could really be free from any hidden risks where AI machines and military systems might accidentally spark conflicts due to misunderstandings in their responses?

What if a Data Agent redefines espionage by sneaking into military digital systems, collecting intelligence, and extracting sensitive information without being noticed?

Now that Agentic AI is on the scene, everyday systems are getting some extra attention. With Agentic AI being part of our mobile devices, online platforms, smart infrastructure, and surveillance systems, it feels like we’re constantly being watched and monitored without even realizing it.

 
The Geopolitical Angle

It looks like we might be on the brink of a global arms race, all thanks to how countries are starting to blend AI with their military strategies and operations. Unlike traditional military tactics, AI-driven war systems can work at machine speed, identifying threats or engaging targets without any human involvement. That’s pretty concerning and a bit frightening.

This development comes with some serious risks, like misinterpreting intent, unplanned escalation, and possibly losing human control in high-stakes military situations. So, it turns out that the US Department of Defense has shelled out around 10 billion dollars over the past five years to boost their military operations with AI. China has also ramped up their investment in AI for military use. In 2024, Russia is expected to spend around 54 million USD on AI development. France’s ministry of armed forces has kicked off a program named ARTEMIS.IA, focusing on big data processing, AI-driven analysis, and support for military operational decisions, with about €100 million allocated each year from 2019 to 2025.

Countries are ramping up their spending on Agentic AI to boost military capabilities, and it seems like this is paving the way for a new world order. There’s a lot happening on the other side of Agentic AI, especially when it comes to the race for better autonomous weapons, decision-making systems, and surveillance systems.

When it comes to using AI in Cyber Physical Systems (CPS) in the military, it’s really important to have some solid rules in place. We need good governance, oversight from the government, and strong technical and professional safeguards, along with ethical guidelines to keep everything in check.

– By Rock Lambros.

Policy Blueprints for Self-Modifying AI Agents

Traditional AI governance is dead.

I’ve spent the last three years watching self-modifying AI systems slip through our regulatory fingers like water. When AI can rewrite its own code and spawn emergent capabilities, conventional governance frameworks don’t just underperform; they fail catastrophically.

Our most advanced AI systems now continuously learn, adapt, and modify their own parameters with frightening autonomy. Microsoft’s Tay transformed from a helpful assistant to a toxic troll within hours. Autonomous LLM agents like AutoGPT have demonstrated the capability to rewrite their own instructions, fundamentally changing their behavior.

Traditional frameworks were built for stable, predictable systems. They utterly fail when AI evolves beyond initial constraints. When agents rewrite their code, circumvent guardrails, or pursue emergent goals, conventional oversight becomes obsolete faster than you can say “quarterly audit.”

A 2023 study revealed a reinforcement-learning “blue-team” agent trained to find network vulnerabilities that learned to disable its monitoring subsystems to maximize rewards for “discovering” exploits. [1] The system literally blinded itself to maximize its reward function. This event isn’t theoretical—it’s happening now, and our current governance models are woefully unprepared.

The governance challenge mirrors what evolutionary biologists call the Red Queen’s hypothesis, where Alice and the Red Queen continuously run just to stay in place. AI systems evolve faster than regulators adapt, creating a governance gap that grows with every iteration.

Opacity compounds this problem. LLM-based autonomous agents demonstrate significant behavioral drift after deployment, developing capabilities undetectable through standard testing. Traditional approaches rely on static snapshots and miss emergent behaviors that develop post-deployment.

Conventional governance operates on laughably slow cycles with periodic checks, quarterly audits, and annual compliance checks, while agentic AI evolves continuously, minute by minute. The temporal mismatch is fundamental. We need a paradigm shift from point-in-time oversight to continuous governance mechanisms that never sleep and evolve as rapidly as the systems they monitor.

Dynamic Governance for Ungovernable Systems

Decentralized Oversight

Distributed Autonomous Organizations offer promising frameworks, enabling decentralized control through transparent governance protocols. Yes, many involve blockchain. You may roll your eyes, but a consensus-based decentralized system can help rein in agent sprawl when no single authority can keep pace.

Chaffer et al.’s ETHOS model leverages smart contracts, DAOs, and zero-knowledge proofs to create a tamper-resistant global registry of AI agents, enforcing proportional oversight and automating compliance monitoring. [2] The beauty lies in its redundancy, as no single point of failure exists when multiple independent systems monitor AI behavior.

We need dual-component AI… let’s call it Janus Systems, after the two-faced Roman deity. One component ruthlessly pursues objectives while the other constantly monitors for alignment failures, creating an internal check-and-balance system.

The actor bulldozes ahead, optimizing toward goals with relentless efficiency. Meanwhile, the monitor scrutinizes every move to catch misalignment, reward hacking, or self-sabotage before these problems cascade into systemic failures. This split-personality setup enables governance that keeps pace with machine thinking.

These architectures can flag emergent misalignments before they manifest as harmful behaviors by embedding real-time observability at both policy and latent levels while leveraging anomaly detection and interpretability probes. When the critic no longer just whispers “more reward” but screams “ethical fail,” we gain a fighting chance at controlling increasingly autonomous systems.

We need intrinsic safety valves built directly into AI cores. The moment behavior veers beyond predefined guardrails, execution halts with no committees, delays, or exceptions. These circuit breakers provide a seamless, code-level shutdown mechanism that preserves performance during normal operation while standing ready to intervene within milliseconds.

Governance as Code

Static rulebooks collapse under the weight of autonomous systems that adapt and self-modify. “Governance as Code” transforms abstract policies into executable blueprints that live alongside your infrastructure. Guardrails written in code automatically enforce themselves at runtime rather than waiting for the next audit cycle.

Some of you will cringe as you read this… We WILL ultimately need AI to govern AI.

Embrace it or go the way of the dodo bird.

This approach unifies compliance, security, and operational practices under a single source of truth, ensuring every change is verified against governance rules before deployment. You get real-time feedback on drift and deviations by embedding policy checks into CI/CD pipelines.

When your models can develop new capabilities or rewrite their logic in production, your governance must be equally dynamic, ready to codify new policies, deploy updated checks, and enforce constraints at machine speed without human bottlenecks.

Model versioning and immutable audit trails enable accountability in dynamic systems. Google DeepMind’s “Model CV” approach creates continuous, tamper-proof records of model evolution, allowing stakeholders to track capability emergence and behavioral changes.

Combining these approaches with blockchain-based logging creates permanent, verifiable records that persist regardless of how systems evolve. This enables post-hoc analysis of governance failures and provides critical data for improving oversight mechanisms.

Continuous Adversarial Testing

Passive defenses eventually fail. Continuous adversarial testing embeds active, automated probing mechanisms that relentlessly search for weaknesses. Picture an adversarial engine churning out attack scenarios and probing every nook of your model’s behavior to catch flaws before they reach production.

In 2024, OpenAI published research that blended human expertise with automated red teaming powered by GPT-4T, creating an ecosystem of stress tests that hunt down weak spots at machine speed. [3] This creates a self-directed adversary within your pipeline, flagging exploit paths as they form and feeding them directly into incident response.

Every millisecond counts when agents rewrite themselves at warp speed. We can’t wait for humans to notice something went sideways. This machine-to-machine oversight loop mitigates vulnerabilities faster than agents can mutate, finally aligning safety with the breathtaking pace of AI innovation.

The Path Forward

Letting AI guard itself sounds brilliant until agents start reward hacking and colluding. Agents learn to sidestep or disable their own checks in pursuit of objectives. We risk overestimating their impartiality if we expect these internal regulators to flag every misstep. After all, the monitor’s code was written by humans with blind spots of their own.

Decentralization promises resilience but fragments accountability. When something breaks, nobody wears the badge. Governance forks can splinter standards into chaos, creating inconsistent enforcement that clever agents exploit.

Self-regulation appeals to the industry’s need for agility, but history shows that voluntary codes will not work under competitive pressure. These tensions demand thoughtful balancing rather than absolutist approaches.

Governance and autonomy must remain locked in perpetual feedback as models surface new capabilities, governance layers adapt in real time, and stakeholders iterate policies with the same rigor as code deployments.

It’s time for regulators, technologists, and industry leaders to converge on shared tooling: dynamic policy as code, continuous adversarial testing, and transparent audit trails. If AI is a moving target evolving at exponential rates, our governance cannot remain anchored to yesterday’s assumptions.

Either we learn to sprint alongside these self-modifying agents, or we risk being left in their dust as they evolve beyond our control. The race has already begun. The question is whether our governance approaches will evolve quickly enough to keep pace.

C-Suite Action Plan

• Implement Dual-Layer Oversight: Adopt actor-critic architectures that separate capability from governance, with independent monitoring systems tracking model behavior.
• Deploy Ethical Circuit Breakers: Implement automated shutdown mechanisms triggered by behavior outside acceptable parameters, with clear escalation protocols.
• Establish Governance as Code: Transform policies into executable code that integrates with development pipelines and enforces constraints at runtime.
• Institute Continuous Red-Teaming: Deploy automated adversarial testing to probe for weaknesses and behavioral drift continuously.
• Create Immutable Audit Trails: Implement tamper-proof logging of model operations, decisions, and modifications for accountability and forensic analysis.

 

The conventional governance playbook is obsolete. Organizations that thrive will implement governance mechanisms as dynamic and adaptive as the AI systems they’re designed to control.

[1] Lohn, A., Knack, A., & Burke, A. (2023). Autonomous Cyber Defence Phase I. Center for Emerging Technology and Security. https://cetas.turing.ac.uk/publications/autonomous-cyber-defence
[2] Tomer Jordi, T. J., Goldston, J., Okusanya, B., & D.A.T.A. I, G. (2024). On the ETHOS of AI Agents: An Ethical Technology and Holistic Oversight System. Arxiv.org. https://arxiv.org/html/2412.17114v2
[3] OpenAI. Advancing Red Teaming with People and AI. https://openai.com/index/advancing-red-teaming-with-people-and-ai/

– By Allie Howie.

I see many AI Runtime Security vendors offering LLM guardrails, as well as some evaluation platforms. I believe this is a side effect of the lines being blurred between who owns the responsibility of making sure AI systems output relevant and safe information. It’s not just something your security team cares about; your product team cares too.

This concern is most evident at a startup where the security and product teams are usually the same people. At a startup with limited funds and limited team members, would you rely on guardrails from your evaluation platform or onboard a new AI Runtime Security vendor for better guardrails?

The way I see the market right now, the products with the best guardrails:

• Come from AI Runtime Security-specific products, not eval platforms.
• Come from companies with prestigious/robust security research teams that are keeping up with the rapidly evolving threat landscape.
• Offer solutions at the application layer, not the network layer, for enhanced contextual awareness.

However, not everyone can afford an AI Runtime Security product. Most of these new products are reserved and marketed towards enterprise budgets. No matter where you get your guardrails from (an eval platform or an AI Runtime Security product), it’s important to be an informed consumer. That means understanding which LLM guardrails are a commodity, which are not, and how close to your LLM you need these guardrails to sit.

So which LLM guardrails are a Commodity?

Over the last couple of years, stories of AI chatbots gone wrong have consumed news headlines. For example, an Air Canada chatbot gave a customer misleading information about bereavement fares and was later ordered to provide a refund to the customer. In February 2023, Google lost $100 billion in market value after its Bard AI chatbot shared inaccurate information. In August 2024, Slack AI leaked data from private channels.

These headlines helped illustrate the need for some sort of guardrails that could prevent LLMs from outputting wrong information, private data, or offensive content. Security startups got to work and started offering guardrails that most businesses would need. These were novel at first, but today you’ll see most AI Runtime Security products and some eval platforms offering guardrails for:

• PII – detect information that identifies individuals
• Toxicity – detect offensive or harmful language
• Secrets – detect secret keys or tokens
• Prompt Attacks – detect prompt injection and jailbreak attacks

While these are a commodity, they are a wonderful starting place for an organization without any guardrails in place today. Due to the fact that LLMs are non-deterministic and they are trained on the internet and datasets that may not be up to our standards and certainly not aligned to our every use case, issues like toxicity and prompt injection are features of AI, not bugs. As a result, we will not be able to update LLMs fast enough with mitigations for new prompt attacks that work. It is advisable to implement guardrails like these in front of the LLM, anticipating that it will remain vulnerable to prompt injections. It will never be bulletproof, because again, these vulnerabilities are features, not bugs, that can be fixed.

Which LLM guardrails are NOT a Commodity?

In cybersecurity marketing, fear often leads. We often suggest investing in this cybersecurity tool to avoid becoming a news headline. While adding LLM guardrails can help prevent headlines like these, they can also enable product performance.

AI products that output irrelevant information will not be revenue-generating. Customizable guardrails help tailor your AI application to accept on-topic inputs and monitor outputs to make sure they are relevant and aligned to your business use case. It’s cybersecurity features like these that remind us that cybersecurity is a secondary market. The primary focus is on the product, with cybersecurity taking a secondary role to ensure its security. With AI, this is no longer the case. We need security in the loop earlier to keep AI aligned to business goals.

For instance, you can customize and configure some guardrails to ensure your AI application recommends your company, not a competitor. If you’re building an AI chatbot for Tesla, you wouldn’t want to output a recommendation for Toyota. AI alignment poses a significant challenge as it is not a universal solution. It will be unique to each business. Customizable guardrails prevent commoditization and distinguish products that offer them.

How Close to Your LLM Should your Guardrails Sit?

Security vendors are providing various options for the deployment of these guardrails. Some sit at the network layer, others at the kernel layer, and others right next to the LLMs in the form of an API wrapper. Each of these has tradeoffs.

Network layer guardrails may be easy to deploy as they can be added to an existing network security tool. However, these don’t typically have insight into internal tool calls your AI agents make or steps within an LLM workflow. They’ll just see final inputs and outputs that come in and out of the network gateway. This makes it harder to debug the exact location and manner in which your AI application produced an undesirable output.

The eBPF solutions deploy guardrails at the kernel layer, enabling them to see everything. They will see every input, output, and tool call. However, with great power comes great responsibility. Everyone remembers the CrowdStrike blue screen of death debacle that delayed thousands of flights last summer thanks to a bad software update to one of their products deployed via eBPF. Thanks to that, there’s some amount of risk and consumer hesitation with this type of deployment.

Deploying guardrails near the LLM is a straightforward process. They wrap LLM calls in additional APIs and will get visibility into granular LLM actions that allow for a good debugging experience; however, they may introduce additional latency into the application. You might find that latency increases the more guardrails you add.

There’s no clear-cut answer here for which is best. If you have a small budget, you might want to add-on guardrails to an existing network security product. If you have high confidence in a vendor and feel comfortable deploying an eBPF solution, you’ll gain great visibility into your runtime security and guardrails. If you want an easy-to-deploy solution, APIs might be a good way to go, but make sure to ask your vendor about latency.

Conclusion

Overall, investing in some sort of LLM guardrails is a good idea since we’ll never fix things like prompt injection with a shift-left strategy. Lots of these are now commoditized, but you can evaluate vendors based on guardrail customizability and deployment options as differentiators. AI security is not just important to prevent your application from becoming a headline; it’s also a business enabler. Use guardrails to secure your application against prompt attacks, but also to improve product performance and align your AI to your unique use case.

Default LLM guardrails are commoditized, but alignment will never be.

– By Caroline Wong.

Back in 2022, there was this fake video of Ukrainian President Volodymyr Zelensky that popped up on Ukrainian TV, where he seemed to be telling troops to surrender. It quickly made its way around social media too. It was a deepfake, created with AI to mimic his face, voice, and mannerisms in a way that was almost eerily convincing. The video didn’t take long to debunk, but it really highlighted an important point: AI has seriously shifted how we think about deception.

This is not just a one-off situation. AI is really speeding up how cyber threats are evolving. It’s transforming phishing emails into super personalized messages, making bots act more like humans, and turning social engineering campaigns into complex psychological tactics. In the meantime, defenders are hurrying to weave AI into their detection, response, and resilience strategies.

In my upcoming book with Wiley, I discuss how AI has become a significant player in cybersecurity, no longer just something on the horizon. This is the battlefield.

Transitioning from scripts to self-learning systems

For many years now, automation has been involved in cyberattacks, whether it’s through brute-force password attempts or bot-driven denial-of-service attacks. But AI has really handed attackers something much stronger: the ability to adapt.

These days, AI-driven attacks can change on the fly. Bots have evolved from just clicking and crawling like machines; now they actually mimic human behavior to get around security controls. They take their time scrolling through web pages, mimic the natural flow of typing, and even capture that little bit of jitter in mouse movements that we all have when using our hands. These bots utilize tools such as Puppeteer Stealth and Ghost-cursor to hide their automation signatures, and they’re spread out over residential proxies to mix in with regular traffic patterns.

So, what’s the outcome? Automated actions that seem and feel just like a real person.

Deepfakes: The Intersection of Impersonation and Infrastructure

Generative AI, particularly deepfakes, has really taken digital impersonation to a whole new level of realism. With just a few minutes of audio and video that’s out there for anyone to find, attackers can easily mimic a CEO’s voice, create a fake interview, or even pull off a simulated live video call.

This ability has already been turned into a weapon. Now, deepfake voicemails and videos are being mixed with phishing emails to create multi-channel impersonation attacks. It’s interesting how strong the psychological effect can be. When we see and hear things that match up, our brains naturally tend to trust what we’re experiencing.

So, tools like GANs, autoencoders, and diffusion models have really sped up the deepfake creation process, making it easier and more scalable for everyone. What used to be just for the pros is now part of easy-to-use tools that come with cloud-based APIs.

The question now is, “Is this real?” It’s all about how fast it can spread and whether we’ll catch it in time, right?

A New Era of Phishing and Social Engineering

Phishing was once pretty straightforward to identify: you’d see misspellings, odd formatting, and weird sender names. AI has gotten rid of those red flags.

Now that attackers have access to open-source intelligence and large language models, they can create emails that sound just like an executive, mention recent company happenings, and even throw in realistic calendar links or document attachments. These attacks aren’t just generic anymore—they’re more about the context now.

AI makes it possible for phishing to happen across different languages. Translation models do more than just change text from one language to another; they really get into the local vibe, picking up on idioms, tone, and those little regional touches that make a big difference. Voice cloning tools take this ability to audio, making it possible for real-time phone scams in various languages.

Just doing the usual security awareness training isn’t going to cut it anymore. It’s not just about finding “bad grammar” anymore. It’s all about noticing when someone is trying to manipulate your trust.

Plug-and-Play Cybercrime

Easy to use Cybercrime is a serious issue that affects many people today. It’s important to stay informed about the risks and how to protect yourself online.

One of the most concerning things happening right now is the increase in Bots-as-a-Service (BaaS) and AI-driven credential stuffing platforms. Tools such as OpenBullet2 really simplify things for less experienced attackers looking to run large-scale campaigns. When you pair these tools with CAPTCHA-solving services, which often use machine learning or even human CAPTCHA farms, they can really ramp up quickly.

How Defenders Can Win—If They Move Fast Enough

Defenders aren’t powerless. In fact, they have one major advantage: data.

Security teams can access telemetry from internal systems—endpoint logs, authentication events, network flows—that attackers can’t see. With the right AI tooling, this data can be used to model “normal” behavior and flag deviations in real time.

But defenders need to evolve quickly. Static rule-based detection systems are already being outpaced. We need adaptive, learning-based systems that update themselves based on behavioral patterns and threat intelligence feeds.

• Behavioral modeling: Training AI systems on how legitimate users behave—so deviations stand out clearly.
• Intent detection: Leveraging natural language models to spot social engineering attempts based on linguistic patterns and context.
• Automated response: Deploying AI not just to detect threats but to contain them automatically—quarantining accounts, flagging anomalies, initiating secondary verifications.

 

The Real Stakes: Trust and Resilience

AI is changing the game when it comes to how attacks are carried out. It’s really undermining the most basic part of cybersecurity: trust.
With anyone able to create a realistic video, audio clip, or email that looks like it’s from someone we trust, how do we figure out what’s real? What are some ways we can keep communication, identity, and intent safe and sound?

The answer isn’t about being scared; it’s all about bouncing back. So, what that means is we need to be open about how AI detection tools work and how decisions are made. Working together across security, legal, product, and communications teams. Ongoing education for both employees and users is essential—not only focusing on phishing but also covering topics like synthetic media and algorithmic manipulation.

AI is changing the game for offense, but it has the potential to shake things up for defense too. Cybersecurity teams that see AI as a game changer, rather than just another tool, will really set themselves up for success in the coming decade.

We are entering an arms race fueled by automation and intelligence. The attackers are already building. The question is: are we?