Identity threat detection and response startup Permiso Security Inc. today announced an expansion of its platform to include protection for artificial intelligence identities, including users, builders and agents, to give enterprises a single platform to protect all digital identities against cybersecurity threats.

Permiso is pitching the expanded solution as being unique in the market in that it treats AI security as an extension of identity security and offers the same coverage for AI that the company offers for human, nonhuman and vendor identity protection.

The updated solution applies runtime intelligence to discover actual AI usage patterns as opposed to the more common tracking of static information, such as licensing, which Permiso says captures only a fraction of actual AI activity that occurs in enterprise environments and, in falling short, leaves enterprises more vulnerable.

Permiso categorizes AI identities into three groups. AI users cover employees and stakeholders that use generative AI services such as ChatGPT. AI builders are developers and teams creating, modifying, or deploying AI models and applications and AI agents are autonomous AI systems operating within organizational environments.

The new AI features provide granular visibility into all usage patterns across all AI identities. The idea is to give security teams the ability to understand not just who has AI access, but precisely how they’re using it. That allows organizations to discover vulnerabilities, protect against them and defend against potential attacks, the company says.

“AI isn’t a new silo, it’s an identity problem,” said Chief Technology Officer Ian Ahl. “Permiso finds every AI identity, human and nonhuman. We map exposures and use runtime detection on live activity so you can adopt AI without widening the attack surface.”

Permiso’s AI identity security features, which work with existing Permiso deployments and require no additional infrastructure, include the ability to discover, analyze and defend against threats.

Threats covered by the expanded offering include tracking of shadow AI usage by employees using personal accounts, as well as notification of unauthorized AI service access through federated authentication. They also discover AI agents operating with excessive permissions. And they can find sensitive data-sharing with external AI models.

“Soon, enterprises will run hundreds or thousands of AI agents, making it vital to inventory them, assess identity risks and track real-time activity to spot suspicious behavior,” said co-founder and co-Chief Executive Jason Martin. “Companies don’t want separate systems for each identity type — they need a single platform that provides full coverage and eliminates blind spots against identity-driven threats.”

Image: SiliconANGLE/Reve