<p>While adoption of AI tools has surged, security has not kept pace.</p>
<p>McKinsey’s “State of AI: Global Survey 2025” found that 88% of organizations now use AI in at least one business function. IBM’s “Cost of a Data Breach Report 2025,” meanwhile, found that 13% of organizations experienced breaches of AI models or applications, and that 97% of those breached lacked proper AI access controls.</p>
<p>For CISOs, the challenge is two-fold: build guardrails that protect the organization without blocking the innovation enabled by AI. Internal AI tools, such as LLMs, copilots, assistants and autonomous agents, introduce risks that traditional security programs were not designed to handle. Addressing these risks requires governance, technical controls and diligent monitoring.</p>
<section class=”section main-article-chapter” data-menu-title=”Establish governance first”>
<h2 class=”section-title”><i class=”icon” data-icon=”1″></i>Establish governance first</h2>
<p>Before designing technical controls, <a href=”https://www.techtarget.com/searchdatamanagement/feature/Why-AI-forces-securityfirst-governance”>establish governance</a>. Appoint a single role accountable for AI oversight across the organization. This person needs both the authority to enforce policy and the mandate to coordinate across security, privacy, legal and business teams.</p>
<p>Build a risk register that tracks both AI benefits and threats. Define AI-specific policies covering <a href=”https://www.techtarget.com/searchsecurity/tip/How-to-create-an-AI-acceptable-use-policy-plus-template”>acceptable use</a>, data handling and training requirements. Frameworks such as NIST’s AI Risk Management Framework and ISO/IEC 42001:2023 provide tested structures for this work. NIST Special Publication 800-221A offers a practical starting point organized around two core functions:</p>
<ul class=”default-list”>
<li>Govern — roles, context, benchmarking, policy and communication.</li>
<li>Manage — risk identification, analysis, prioritization, response and monitoring.</li>
</ul>
<p>Tie AI governance to enterprise strategy. When AI risks connect to business objectives, leadership pays attention and acts.</p>
</section>
<section class=”section main-article-chapter” data-menu-title=”Design AI security guardrails”>
<h2 class=”section-title”><i class=”icon” data-icon=”1″></i>Design AI security guardrails</h2>
<p>Technical guardrails must address several threat categories specific to internal AI deployments.</p>
<ul class=”default-list”>
<li><b>Data protection. </b>Prevent sensitive data from leaking into AI systems. Classify data before it enters any model or agent. Enforce data loss prevention (DLP) controls on AI interfaces and monitor for personally identifiable information in prompts and outputs.</li>
<li><b>Access and identity. </b>AI agents occupy a space between tools and users, creating an <a href=”https://www.techtarget.com/searchsecurity/opinion/Identity-security-for-AI-agents-The-proliferation-challenge”>identity gap</a> that traditional IAM models do not cover. Apply <a href=”https://www.techtarget.com/searchsecurity/tip/How-to-implement-zero-trust-for-AI”>zero-trust principles</a> to agent permissions. Grant only the minimum access needed for each task, with time-bounded authorizations that expire automatically. Require <a href=”https://www.techtarget.com/searchenterpriseai/feature/Humans-and-AI-The-role-of-people-in-the-new-AI-world”>human approval</a> for critical operations.</li>
<li><b>Prompt and interaction security. </b>Prompt injection remains a <a href=”https://www.techtarget.com/searchsecurity/post/Prompt-injection-attacks-From-pranks-to-security-threats”>primary attack vector for AI systems</a>. Validate and sanitize all inputs. Separate system prompts from user-provided content. Constrain agent actions through allowlists and deploy anomaly detection to flag unusual command sequences.</li>
<li><b>Monitoring and human oversight. </b>Log all agent actions and authentication attempts. Correlate agent activity across systems using a SIEM. Build escalation paths so anomalous behavior triggers human review before damage spreads.</li>
</ul>
</section>
<section class=”section main-article-chapter” data-menu-title=”Extend guardrails to SDLC and supply chain”>
<h2 class=”section-title”><i class=”icon” data-icon=”1″></i>Extend guardrails to SDLC and supply chain</h2>
<p>Security guardrails should reach into the software development lifecycle and supply chain. Vet third-party AI models, plugins and integra
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: