Glossary / ai-security-posture-management

AI Security Posture Management (AI-SPM)

Continuous discipline that discovers, assesses, secures, and proves the compliance posture of AI systems including LLM apps, agents, MCP servers, RAG pipelines, and vector databases.

DisciplineCategory

← All terms

AI Security Posture Management (AI-SPM) is a continuous-assurance discipline for organisations running AI in production. It extends the established posture-management disciplines (CSPM for cloud, DSPM for data, ASPM for applications) into the AI control surface.

An AI-SPM platform performs four functions on a recurring basis: discover every AI surface in the environment, assess each asset against a defined risk model and adversarial test programme, secure the live request path through runtime controls such as a self-hosted gateway, and prove compliance against frameworks such as OWASP LLM Top 10, NIST AI 600-1, MITRE ATLAS, EU AI Act, and ISO/IEC 42001.

The distinguishing feature from prior posture-management categories is the AI-specific threat surface: prompt injection, tool poisoning, RAG corpus tainting, vector-database isolation breaks, agent confused-deputy exploits, and model supply-chain risk.

Related terms

Other entries in this neighbourhood.

LLM Security Posture Management (LLM-SPM) A focused layer within AI-SPM that covers prompt flows, model endpoints, and runtime controls for large language model applications. Runtime AI Gateway A proxy that sits between the application and the LLM provider, applying DLP, tool allowlisting, rate limiting, and signed policy rules in real time. Adversarial Scan A scheduled execution of probe templates against an LLM endpoint, agent, or RAG pipeline, scored to produce control-mapped findings. AI Bill of Materials (AI-BOM) A structured inventory of every AI component shipped with a product: models, embeddings, prompts, training datasets, agents, MCP servers, and tools.
Primary sources

Where to read the canonical definition.

  • NIST AI 600-1 (Generative AI Profile) open →
  • ISO/IEC 42001 (AI management system) open →

See AI Security Posture Management (AI-SPM) in production.

The Penaxtra platform implements the controls and assessments described above as part of its AI-SPM programme.

AI-SPM platform overview