Platform
AI-SPM Platform
Cyscale AI-SPM brings AI assets into the same security graph as cloud infrastructure, identities, data, vulnerabilities, and ownership. Teams can discover shadow AI, understand agents and models, and prioritize the AI risks that can actually affect production environments.
- Find managed and unmanaged AI usage across cloud accounts, workloads, repositories, SaaS integrations, and model endpoints.
- Connect AI agents, models, tools, prompts, datasets, identities, secrets, and exposed endpoints to the cloud assets around them.
- Prioritize AI risk by sensitive data access, internet exposure, excessive permissions, unsafe settings, and ownership.
AI Security Posture Management
AI inventory, AI BOM, agents, data paths, and risk context
AI adoption now moves through cloud services, developer tooling, SaaS features, model endpoints, API keys, and agent workflows. Cyscale is extending cloud security visibility into that AI layer.
AI inventory
for provider-native AI services, custom model endpoints, AI SDKs, SaaS AI features, and unmanaged experiments
AI BOM
for models, frameworks, packages, libraries, datasets, pipelines, and runtime dependencies
Risk graph
that connects AI usage to identities, sensitive data, exposed services, vulnerabilities, and remediation owners
AI-SPM capabilities that belong in cloud security
The market is converging on the same requirement: AI security needs more than prompt guardrails. It needs full-stack visibility, AI bill-of-materials context, data exposure analysis, endpoint visibility, and attack-path prioritization.
AI Discovery & Inventory
Continuously identify AI services, model endpoints, AI SDKs, AI-enabled workloads, SaaS AI features, and experiments that were not explicitly approved.
AI Agents & Models
Track agents, models, tools, prompts, identities, and permissions so teams can understand what an AI system can access and what actions it can perform.
AI BOM and AI SBOM
Maintain component context for models, frameworks, libraries, datasets, pipelines, containers, repositories, and runtime dependencies.
Data and Exposure Context
Show whether AI systems touch sensitive data, expose public endpoints, rely on leaked keys, or inherit broad cloud permissions.
What the platform should answer
AI risk becomes clear when it is connected to cloud context
The same model can be low risk in a lab and urgent in production. The difference is data access, identity power, network exposure, ownership, and whether the system can take action through tools or APIs.
Inventory
Where is AI actually running?
See approved and unmanaged AI usage across cloud accounts, PaaS AI services, workloads, code, SaaS integrations, and exposed model endpoints.
Control
What can agents and models reach?
Understand connected data sources, tools, cloud identities, permissions, prompts, keys, and deployment paths before they become attack paths.
Priority
Which AI findings matter first?
Escalate combinations such as public AI endpoints, sensitive data access, leaked AI keys, overprivileged agents, and unsafe service settings.
Discovery
Find shadow AI across cloud, code, SaaS, and agent workflows
Shadow AI is not a single app category. It can appear as a developer adding an AI SDK, a team testing a managed model service, a SaaS feature turned on by default, an API key in automation, or an agent connected to internal tools.
Cyscale AI-SPM is designed to make that activity visible and place it in the security context teams already use for cloud posture, data, identity, vulnerabilities, and compliance.
- Discover AI services, SDKs, model endpoints, AI-enabled workloads, and SaaS integrations.
- Separate approved AI usage from unmanaged experiments and unknown AI dependencies.
- Map AI assets to owners, cloud accounts, environments, repositories, data sources, and identities.
AI inventory becomes operational when every model, endpoint, agent, key, and data path is connected to the environment around it.
Component and agent context
Move from AI asset lists to AI BOM and agent permissions
Security teams need to know what an AI system is made of and what it is allowed to do. A model name alone does not explain package risk, dataset exposure, tool access, or how an agent can affect production systems.
Cyscale organizes AI BOM context and agent permissions so AppSec, cloud, platform, and governance teams can discuss the same evidence.
- Track models, frameworks, libraries, packages, containers, datasets, prompts, and pipelines.
- Review tool access, inherited permissions, API integrations, and identity scope for agents.
- Connect AI BOM data to running workloads and cloud exposure instead of treating it as static documentation.
AI BOM needs runtime context
Model and dependency inventory is most valuable when teams can see where those components are deployed and which data or endpoints they touch.
Agents need permission review
Agents that call tools, write code, update tickets, or query databases should be reviewed like identities with delegated authority.
Prioritization
Prioritize AI risks by attack paths, not labels
AI-SPM should not create another queue of disconnected findings. The useful signal is the relationship between AI usage and exploitable exposure: sensitive data, public endpoints, leaked keys, broad permissions, vulnerable packages, and missing ownership.
Cyscale applies graph-based context so teams can route the highest-risk AI issues to the right owner with the evidence needed to fix them.
- Highlight exposed AI endpoints that can reach sensitive data or privileged services.
- Surface leaked AI keys, unsafe service settings, and overprivileged agent workflows.
- Use account, environment, owner, and data context to make remediation practical.
The AI-SPM workflow should help teams move from discovery to governance to prioritized remediation without losing cloud context.
How Cyscale AI-SPM supports secure AI adoption
The operating model is straightforward: discover AI usage, map its relationships, evaluate posture, and focus remediation on risk combinations that matter.
Step 1
Discover AI usage
Find provider-native AI services, custom model endpoints, AI SDKs, agents, SaaS AI features, and related cloud assets.
Step 2
Build AI context
Connect AI systems to data stores, identities, repositories, packages, prompts, tools, owners, accounts, and environments.
Step 3
Evaluate AI posture
Check exposed endpoints, leaked AI keys, unsafe settings, excessive permissions, logging gaps, and risky data paths.
Step 4
Prioritize remediation
Route the issues that combine AI, exposure, sensitive data, and identity risk to the teams that can fix them.
Try Cyscale AI-SPM
See which AI systems create real cloud risk
Cyscale helps teams move past AI inventory spreadsheets and into live risk context. Start with the AI systems already touching your cloud, data, identities, repositories, and exposed endpoints, then prioritize the combinations that need action first.
- Find shadow AI, custom LLMs, agents, model endpoints, and AI-enabled workloads.
- Understand exposure, sensitive data access, ownership, and remediation priority in one graph.
- Give security and engineering teams clear evidence instead of another disconnected AI dashboard.
Related playbooks and product flows
Use these pages to connect posture findings, CVE triage, AppSec signals, and remediation workflows across the broader Cyscale platform.
FAQ
What is AI-SPM?
AI-SPM, or AI Security Posture Management, helps teams discover AI systems, understand AI BOM and agent context, detect risky configurations, map model-to-data and model-to-identity relationships, and prioritize AI risk across cloud, Kubernetes, software, and data environments.
How is AI-SPM different from AI runtime protection?
Runtime protection focuses on live prompts, outputs, model behavior, and abuse. AI-SPM focuses on posture: inventory, ownership, AI BOM, data access, identity permissions, service settings, exposed endpoints, keys, and remediation priority.
Why does AI-SPM need cloud context?
Most AI risk depends on surrounding cloud relationships. Models, agents, keys, repositories, data stores, endpoints, identities, and workloads determine whether an AI asset is low risk or urgent.
What is the difference between AI BOM and AI SBOM?
AI BOM is the broader security bill of materials for an AI system: models, agents, datasets, vector stores, tools, endpoints, prompts, pipelines, guardrails, and owners. AI SBOM is the software-focused portion: packages, frameworks, libraries, containers, and dependency context.
Does AI-SPM replace governance policy?
No. AI-SPM gives governance teams live evidence: what AI exists, who owns it, what it can access, and which risks need review or remediation.
Which providers are covered by Cyscale AI-SPM?
Cyscale AI-SPM is designed for AWS, Azure, Google Cloud, and Kubernetes-hosted AI workloads. Coverage includes provider-native services such as Bedrock, SageMaker, Vertex AI, Azure Machine Learning, Azure OpenAI, Azure AI services, AI Search, and Kubernetes workloads that run model servers, AI frameworks, or agent services.
Why do existing connectors need updated permissions for AI-SPM?
AI services often have separate cloud APIs and IAM permissions. Cyscale asks users to update AWS IAM policies, Azure role or app registration access, and Google Cloud roles or custom permissions when the AI Security module needs read access to newly supported services.
Can Cyscale discover AI running in Kubernetes?
Yes. Kubernetes can host model servers, vector databases, AI agents, notebooks, inference APIs, and AI framework workloads. Cyscale uses Kubernetes agent context to classify AI-related pods, services, workloads, images, labels, annotations, packages, and exposed endpoints.
Can AI-SPM be enabled only for specific plans or accounts?
Yes. AI Security is designed as an enabled module controlled by account or plan. When disabled, AI-specific UI, sync behavior, connector permission notices, and billing module display should not appear for that account.
