Michael Bargury

Security research, hacking, AppSec, primarily focused on AI agents.

6 minute read

Connect with Noma Security at Black Hat USA 2025 Learn More

← Noma Blog

AI Security Requires Enterprise-Grade AI Discovery with Complete Coverage and Deep Context



Gali Malki

AI Researcher

Published: Jun 11, 2025 · 5 min. read

No doubt AI discovery is critical for security, but what does enterprise AI discovery actually encompass? Cybersecurity for any system starts with an understanding of what exists within your organization. This is especially true in AI with a critical need to identify deployed AI models, to catalog autonomous agents with their specific capabilities and permissions, and to track MCP components and integrations that extend AI functionality.

The expansiveness of AI creates a wide and complex attack surface that most organizations barely understand. To truly protect what matters, enterprise cybersecurity teams must begin with AI discovery that provides complete coverage and deep context, mapping all assets relevant to your AI ecosystem.

The reality facing most enterprises today is stark: AI adoption has exploded across teams and departments, often without oversight or guardrails. Data scientists experiment with models in isolated notebooks, developers integrate pre-trained models into applications, and business users deploy AI agents connected to sensitive enterprise data on 3rd-party AI development platforms. Each of these activities creates potential security vulnerabilities, yet many organizations lack basic visibility into how AI has been adopted.

AI Discovery is the Foundation of AI Security

The principle is simple but often overlooked: if you don’t know what you have, you can’t secure it. This age-old axiom becomes even more critical in the AI context, where assets can be created, modified, and deployed on a moment’s notice across diverse environments. This blind spot leaves organizations exposed to risks they can’t even identify, let alone mitigate.

A robust AI discovery process serves multiple essential functions that extend far beyond basic asset tracking:

  • Risk visibility is possible when you can identify exposure points across your AI landscape.
  • Risk prioritization emerges naturally when you understand which AI assets are most critical to business operations and which pose the greatest potential impact if compromised.
  • Governance and compliance is now possible with AI discovery integrated into AI systems that handle regulated data and make decisions affecting customers and business outcomes.

Without comprehensive AI discovery processes and tooling, your organization will face security posture blind spots. Rogue AI assets create exploitable attack vectors while security teams remain unaware of their existence.

Demand Breadth and Depth for Useful AI Inventory Proper AI discovery begins with the creation of a complete inventory of AI assets, but this inventory must extend far beyond a simple list of deployed models.

Useful AI discovery requires two things: 1. Comprehensive breadth across all AI environments. 2. Meaningful depth beyond basic asset lists. Confidence in your AI security posture requires both.

AI discovery and governance

Breadth: Complete coverage across five critical surfaces Missing any surface creates exploitable blind spots:

  • AI platforms (Databricks, Snowflake, Domino, etc.) Every day, data scientists create thousands of models, agents, AI pipelines, notebooks, and datasets for RAG or training. These platforms include a huge amount of AI assets, yet remain invisible to traditional security tools.
  • Cloud AI services (SageMaker, Bedrock, Azure Machine Learning, Vertex AI, etc.) Teams integrate cloud services throughout AI applications where models are trained, deployed, and served.
  • Source code (GitHub, GitLab, Bitbucket, etc.) Engineers embed AI models and agents directly in code through API calls, model imports, and SDK integrations.
  • Self-managed MLOps (MLflow, Airflow, Kubeflow, etc.) Organizations run their own MLOps frameworks used to orchestrate pipelines and manage experiments. The distributed nature makes discovery challenging but essential.
  • Third-party agents (Copilot, Salesforce, ServiceNow, etc.) AI agents don’t just process data—they take actions. They access SharePoint, modify CRM systems, execute code. Understanding their permissions and capabilities is critical for maintaining security boundaries.

With more than 80 native integrations across these AI environments, Noma Security ensures full and continuous asset discovery coverage for enterprise AI.

Depth: Deep context enables action Knowing that an asset exists is just the beginning. Useful AI discovery provides rich, actionable context and answers questions about these AI components:

  • Model lineage and data relationships

Do you know where a model came from, or how it was built? Do you know which models trained on customer data versus public datasets? What data does each model access during inference? AI discovery of model lineage will determine exposure risk and compliance implications.

  • Agent capabilities

What capabilities does each agent have? Can it access files, execute code, send emails, or alter databases? A typical agent includes system prompts that shape its behavior, tool integrations for downstream operations, API keys enabling backend connectivity, RAG datasets supplying contextual knowledge, user logs that may contain sensitive information, and MCP servers that coordinate the interactions and flow. Each of these elements introduces potential security exposure if left untracked or unmanaged.

  • AI risk context Context is crucial because it helps prioritize risks and incidents based on how critical a resource is, or its capabilities in case of an agent – not just whether a risk exists. Without context, security teams waste time chasing irrelevant alerts instead of focusing on what actually matters. In AI Security there is critical context such as: Was this model trained on sensitive data? Does this agent have capability to execute code? What is this blast radius of this agent?
  • Insights that facilitate action:

All AI assets have associated owners, statuses and policies. AI discovery should be able to collect and centralize this metadata to facilitate action and make effective governance possible.

Why Breadth AND Depth Matter in AI Discovery? Breadth without depth creates overwhelming lists of assets you can’t prioritize or protect effectively. Depth without breadth leaves dangerous blind spots where threats hide.

Organizations achieving both gain actionable security intelligence – they know what AI assets exist, understand associated risks, and can implement appropriate controls. This transforms AI discovery from inventory management into strategic security capability.

Using AI Discovery to Adapt to Diverse AI Implementations Whether your organization builds third-party agents using Copilot, embeds open-source models in production applications, or constructs RAG architectures on AI platforms, each implementation approach creates distinct security challenges that require tailored discovery strategies.

Open-source models introduce supply chain risks through malicious code embedded in model repositories, unsafe pickle serialization, and automatic execution of untrusted code during model loading. RAG systems present risks around data exposure through vector databases, prompt injection attacks, and uncontrolled access to knowledge sources. Autonomous agents create novel risks around data access permissions and decision-making authority over sensitive business systems.

The diversity of AI implementation approaches means that one-size-fits-all discovery solutions fall short of providing the comprehensive visibility that modern organizations require. Your discovery strategy must be sophisticated enough to handle the complexity of mixed AI environments while remaining practical enough to implement across diverse teams and technical environments.

The Path Forward Requires a Solid Foundation Build on Enterprise AI Discovery Organizations across industries are grappling with the challenge of securing AI systems that they don’t fully understand. The solution begins with acknowledging that traditional approaches are insufficient for the unique characteristics of AI systems. AI assets are dynamic, interconnected, and often created through experimental processes that bypass traditional governance controls.

At Noma Security, we’re building a new approach to AI discovery, one that sees across and deep into your AI stack, seamlessly adapting to any organization at any stage of their AI journey. Our approach recognizes that effective AI security starts with comprehensive visibility and contextual understanding of your AI ecosystem.

Schedule a demo for your team and see for yourself how Noma Security AI discovery can help your organization secure and govern AI.

Updated:

You May Also Enjoy

Someone Is Cleaning Up Evidence

1 minute read

AWS security blog confirms the attacker gained access to a write token and abused it to inject the malicious prompt. This confirms our earlier findings.