Continuous discovery, runtime control, adversarial testing, and audit-ready evidence for every AI surface a regulated enterprise runs in production: LLM applications, AI agents, MCP servers, RAG pipelines, vector databases, model endpoints, and runtime gateways.
Penaxtra is the enterprise AI Security Posture Management (AI-SPM) platform from Seccops Cyber Security Technologies. It implements the four AI-SPM functions (discover, assess, secure, audit) for organisations running LLM applications and AI agents under regulatory obligations such as the EU AI Act, ISO/IEC 42001, and NIST AI 600-1.
AI Security Posture Management (AI-SPM) is the continuous process of discovering, assessing, securing, and proving the compliance posture of AI systems, including LLM applications, agents, MCP servers, RAG pipelines, vector databases, model endpoints, and runtime gateways.
AI-SPM extends established posture management disciplines (CSPM for cloud, DSPM for data, ASPM for applications) into the AI control surface, where attack vectors include prompt injection, tool poisoning, agentic-loop exploits, RAG corpus tainting, vector-database isolation breaks, and model supply-chain risk.
Traditional SIEM ingests network and host telemetry. Prompt injection, tool poisoning, and RAG corpus tainting happen at the application layer above the wire. The signal is in JSON request bodies that ordinary detection cannot parse semantically.
Cloud posture tools score IAM, network, and storage configuration. They do not enumerate agent tools, score MCP server permissions, or test prompt flows against OWASP LLM Top 10.
EU AI Act high-risk provider obligations apply from August 2026. ISO/IEC 42001 is moving from pilot to procurement gate. Regulated teams need control-mapped evidence the moment auditors arrive, not a backlog of unmapped findings.
Foundation models update weekly. A snapshot report from January is stale by March. AI-SPM scans on a schedule (daily or weekly) so the evidence pack tracks the model.
Teams ship LLM features faster than security can catalogue them. AI-SPM starts with discovery so the inventory matches what the company actually runs, not what the CMDB says it runs.
Enterprise buyers now request AI security questionnaires alongside the standard SIG / CAIQ. AI-SPM produces the evidence package: framework mappings, subprocessor list, residency map, audit log.
LLM Security is a focused layer within the broader AI-SPM programme. AI-SPM expands the scope from a single model to the full AI control surface.
AI-SPM does not replace cloud, data, or application posture management. It complements them with AI-specific control coverage.
Cloud Security Posture Management. Scores IAM, network, storage, and service configuration across the major cloud providers. AI-SPM extends this with auto-discovery of managed foundation-model and ML platform services, plus tenant-isolation checks for AI workloads.
Data Security Posture Management. Maps data stores, classifies sensitive data, scores access. AI-SPM extends this with RAG corpus integrity testing, vector-database isolation, and prompt-level data egress detection.
Application Security Posture Management. Consolidates SAST, SCA, secrets, and SBOM across the SDLC. AI-SPM adds AI-BOM (model + prompt + tool inventory), adversarial-prompt testing, and runtime gateway policy distribution.
Internal and external chat-completion APIs. HTTP API plus bearer-token auth covered today; SDK auto-discovery on the roadmap.
Agent registrations with their declared tool functions and authorisation scopes. Tool-permission risk scored against the OWASP Agentic Top 10.
Model Context Protocol servers, their tool surface, and the agents that consume them. Cross-domain tool exposure surfaced as findings.
Retrieval-augmented generation systems with the embedding model + vector database + data sources they bind. Thirteen automated RAG security tests available.
Managed and self-hosted vector stores, plus relational-engine vector extensions. Tenant isolation, embedding-model linkage, and corpus-integrity tests.
Three separate catalogues. Fine-tune lineage tracking; self-hosted model endpoint posture; embedding model linkage to the RAG systems that consume it.
Auto-discovery of managed foundation-model and ML platform accounts via read-only role across the major cloud providers. Continuous posture scoring + drift detection.
Logical AI applications that bundle endpoints, agents, RAG, and tools into a single risk-owned unit. Plus prompt gateway routing tables and rules.
An optional self-hosted agent that proxies LLM API calls and applies DLP rules on the wire. Prompts never leave the customer VPC in this deployment mode.
Policy bundles are cryptographically signed at the control plane. The agent verifies the signature before applying. A rotated key or revoked policy lands fleet-wide in under a minute.
Forty-eight built-in patterns covering credentials, API keys, secrets, PII, payment-card numbers, and seed phrases. Custom patterns supported.
Per-asset scoped tool allowlist. Reject calls to tools the agent is not authorised to invoke, even when the model attempts to call them.
Unicode, leet-speak, zero-width, base64, homoglyph, and HTML-entity decoding before pattern matching. Catches injection variants regex-only filters miss.
Daily and monthly caps per upstream LLM provider. Rate limit per agent per minute. Stops runaway cost amplification under reflected-loop attack.
P99 filter latency under 0.8 ms in normal traffic. Pipeline runs in-process; no round-trip to the control plane during request handling.
across OWASP LLM Top 10 + OWASP Agentic Top 10. YAML-extensible.
three independent judges (Anthropic, OpenAI, Google) + a meta-judge to resolve disagreement.
at the control-ID level across every finding.
Every finding ships with the control identifier. PDF plus JSON export. Twenty-two cross-framework overlaps pre-computed so one finding satisfies multiple audit cells.
LLM Security focuses on testing and governing large language model applications and prompt flows. AI-SPM is the broader programme that covers asset discovery, runtime controls, compliance evidence, and audit posture across every AI surface. LLM Security Posture Management is a focused layer within AI-SPM. See the dedicated LLM Security Posture Management page.
CSPM secures cloud configuration. DSPM secures data stores. ASPM secures application security posture. AI-SPM is purpose-built for the AI control surface: LLM endpoints, agent tool permissions, MCP server inventory, RAG corpus integrity, vector database isolation, prompt-injection testing, and AI-framework compliance evidence.
Only when you deploy the optional self-hosted runtime gateway. The scan engine tests endpoints from the outside on a schedule and never sits inline.
The control plane is managed in the EU region. The runtime gateway is downloaded and self-hosted inside the customer VPC. Customers retain full data residency for prompt content.
Six at control-ID level: OWASP LLM Top 10, OWASP Agentic Top 10, NIST AI 600-1 plus NIST 800-218A, MITRE ATLAS, EU AI Act high-risk provider obligations, and ISO/IEC 42001 Annex A.
11 AI asset kinds today: LLM endpoints, tools and functions, AI applications, vector databases, embedding models, fine-tuned models, self-hosted models, model providers, RAG systems, data sources, and prompt gateways. Cloud AI service auto-discovery available as a separate module.
Auditors verify our control mapping against the same documents we read. Each item below points to the canonical publication.
Last reviewed:
Capability deep-dives, explainer checklists, public methodology, framework-level mappings, industry use cases, and category comparisons.
A scoped walkthrough of your AI control surface against Penaxtra's 11 AI asset kinds today, runtime gateway capabilities, and six-framework compliance mapping.