How enterprise AI Agents are changing the risk landscape  

Generative AI Agents are changing the way work gets done inside enterprises, and subsequently how security risks may emerge. Organizations have quickly realized that providing these agents with wider access to tooling, internal information, and granting permissions for the agent to perform autonomous actions can greatly increase the efficiency of employee workflows.

Early deployments of Generative AI systems led many organizations to scope individual components as self-contained applications: a chat interface, a model, and a prompt, with guardrails placed at the boundary. Research from Gartner has shown that while the volume and scope of Agentic AI deployments in enterprise environments is rapidly accelerating, many of the mechanisms required to manage risk, trust, and cost are still maturing.

The issue now resides on whether an agent can be influenced, misdirected, or manipulated in ways that leads to unsafe behavior across a broader system.

Why prompt security matters in enterprise AI

Prompt security matters in enterprise AI because prompts are the primary way users and systems interact with Agentic AI models, making them one of the earliest and most visible indicators of how these systems are being used and where risk may emerge.

For security teams, prompt monitoring is a logical starting point for understanding enterprise AI usage, providing insight into what types of questions are being asked and tasks are being given to AI Agents, how these systems are being guided, and whether interactions align with expected behavior. Complete prompt security takes this one step further, filtering out or blocking sensitive or dangerous content to prevent risks like prompt injection and data leakage.

However, visibility only at the prompt layer can create a false sense of security. Prompts show what was asked, but not always why it was asked, or what downstream actions were triggered by the agent across connected systems, data sources, or applications.

What prompt security reveals  

The primary function of prompt security is to minimize risks associated with generative and agentic AI use, but monitoring and analysis of prompts can also grant insight into use cases for particular agents and model. With comprehensive prompt security, security teams should be able to answer the following questions for each prompt:

• What task was the user attempting to complete?
• What data was included in the request, and was any of the data high-risk or confidential?
• Was the interaction high-risk, potentially malicious, or in violation of company policy?
• Was the prompt anomalous (in comparison to previous prompts sent to the agent / model)?

Improving visibility at this layer is a necessary first step, allowing organizations to establish a baseline for how AI systems are being used and where potential risks may exist.  

Prompt security alone does not provide a complete view of risk. Further data is needed to understand how the prompt is interpreted, how context is applied, what autonomous actions the agent takes (if any), or what downstream systems are affected. Understanding the outcome of a query is just as important for complete prompt security as understanding the input prompt itself – for example, a perfectly normal, low-risk prompt may inadvertently result in an agent taking a high-risk action.

Comprehensive AI security systems like Darktrace / SECURE AI can monitor and analyze both the prompt submitted to a Generative AI system, as well as the responses and chain-of-thought of the system, providing greater insight into the behavior of the system. Darktrace / SECURE AI builds on the core Darktrace methodology, learning the expected behaviors of your organization and identifying deviations from the expected pattern of life.

How organizations address prompt security today

As prompt-level visibility has become a focus, a range of approaches have emerged to make this activity more observable and controllable. Various monitoring and logging tools aim to capture prompt inputs to be analyzed after the fact.  

Input validation and filtering systems attempt to intervene earlier, inspecting prompts before they reach the model. These controls look for known jailbreak patterns, language indicative of adversarial attacks, or ambiguous instructions which could push the system off course.

Importantly, for a prompt security solution to be accurate and effective, prompts must be continually observed and governed, rather than treated as a point-in-time snapshot.  

Where prompt security breaks down in real environments

In more complex environments, especially those involving multiple agents or extensive tool use, AI security becomes harder to define and control.

Agent-to-Agent communications can be harder to monitor and trace as these happen without direct user interaction. Communication between agents can create routes for potential context leakage between agents, unintentional privilege escalation, or even data leakage from a higher privileged agent to a lower privileged one.

Risk is shaped not just by what is asked, but by the conditions in which that prompt operates and the actions an agent takes. Controls at the orchestration layer are starting to reflect this reality. Techniques such as context isolation, scoped memory, and role-based boundaries aim to limit how far a prompt’s influence can extend.  

Furthermore, Shadow AI usage can be difficult to monitor. AI systems that are deployed outside of formal governance structures and Generative AI systems hosted on unknown endpoints can fly under the radar and can go unseen by monitoring tools, leaving a critical opening where adversarial prompts may go undetected. Darktrace / SECURE AI features comprehensive detection of Shadow AI usage, helping organizations identify potential risk areas.

How prompt security fits in a broader AI risk model

Prompt security is an important starting point, but it is not a complete security strategy. As AI systems become more integrated into enterprise environments, the risks extend to what resources the system can access, how it interprets context, and what actions it is allowed to take across connected tools and workflows.

This creates a gap between visibility and control. Prompt security alone allows security teams to observe prompt activity but falls short of creating a clear understanding of how that activity translates into real-world impact across the organization.

Closing that gap requires a broader approach, one that connects signals across human and AI agent identities, SaaS, cloud, and endpoint environments. It means understanding not just how an AI system is being used, but how that usage interacts with the rest of the digital estate.

Prompt security, in that sense, is less of a standalone solution and more of an entry point into a larger problem: securing AI across the enterprise as a whole.

‍

Explore how Darktrace / SECURE AI brings prompt security to enterprises

Darktrace brings more than a decade of AI expertise, built on an enterprise‑wide platform designed to operate in and understand the behaviors of the complex, ambiguous environments where today’s AI now lives. With Darktrace / SECURE AI, enterprises can safely adopt, manage, monitor, and build AI within their business.  

Learn about Darktrace / SECURE AI here.

Sign up today to stay informed about innovations across securing AI.

‍

[related-resource]

What is data center cybersecurity?

Much of the conversation surrounding the data center boom has focused on power generation, cooling efficiency and water resources, construction, and compute capacity. In addition, cybersecurity has quietly become one of the most critical operational concerns as modern data centers are becoming some of the most operationally complex networked environments.

The more connected data center environments become, the larger and more dynamic their attack surface grows. What makes data center security particularly challenging is that they no longer resemble traditional enterprise IT environments alone. Instead, they operate like critical infrastructure facilities

Challenges of securing data centers

What makes these environments complicated is that the technologies responsible for keeping them operational: power distribution, cooling systems, airflow management, environmental controls, surveillance, and physical access management, all rely heavily on Operational Technology (OT), Industrial IoT (IIoT), and IoT systems alongside traditional IT infrastructure.

Programmable logic controllers (PLCs), building management systems (BMS), energy management systems (EMS), surveillance cameras, access control platforms, virtualization infrastructure, engineering workstations, contractor laptops, and cloud-connected orchestration systems now coexist within the same environment. Many are connected through routable networks, managed remotely, and accessed by 3^rd party OEMs or System Integrators.

Why modern data center infrastructure faces increasing cyber risk

The challenge is not simply that there are more devices. It is that these IT, OT and IOT systems and devices are now deeply interconnected in ways that blur the boundaries between operational and enterprise infrastructure.

OT systems responsible for cooling and power distribution communicate alongside enterprise IT infrastructure. IoT devices used for physical security sit adjacent to cloud-connected management platforms. Third-party vendors and contractors frequently require remote access to maintain operations and optimize performance. AI-driven automation platforms increasingly orchestrate workflows across multiple environments simultaneously.

Every additional connection improves efficiency and scalability, but every additional connection also creates new relationships between systems that adversaries may exploit.

How IT, OT, and IoT convergence expands the data center attack surface

Historically in critical infrastructure environments enterprise IT, and OT or industrial control systems ICS, have been often separated by a DMZ.

That separation has steadily disappeared in pursuit of efficiency and access to valuable data that lives within the OT networks such as how many widgets were produced today. This conceptually is commonly referred to as “IT OT convergence.”

Modern data centers increasingly depend on interconnected systems operating across multiple domains simultaneously and face a similar reality when it comes to IT OT convergence.  

This convergence creates efficiency and visibility benefits, but it also introduces structural security challenges that traditional approaches struggle to address.

Many of the OT systems were never originally designed with modern cybersecurity requirements in mind. OT devices often prioritize uptime and operational continuity over security controls. IoT and OT devices may have limited security hardening, are inconsistently patched, or insecure default configurations. Third-party connectivity introduces external dependencies that organizations do not fully control.

As environments converge the attack surface changes and grows, attackers may exploit weaker systems positioned adjacent to critical operations for initial access. For example, a compromised IoT device may provide access into broader infrastructure, or an exposed remote management interface may enable lateral movement into OT systems.  

For defenders, rather than forcing segmentation where it’s not possible, focus oversight and monitoring across interconnected systems and how this activity might create operational risk, gaining visibility across these systems will ensure better awareness of and protection across the cracks in your systems attackers look to exploit.

Why traditional data center security tools create visibility gaps

Many organizations still secure IT, OT, and IoT environments through separate tools, teams, and workflows. Historically, this made sense. The environments themselves were more isolated, and the operational priorities were different.

But convergence changes the nature of detection and response.

Modern attacks increasingly move across domains as lateral movement and discovery techniques are pervasive amongst all the most well-known attacks to have disrupted OT. Adversaries may gain access through phishing or credential compromise, establish persistence in IT systems, pivot into operational infrastructure, exploit unmanaged IoT devices, and move laterally across cloud-connected environments.

Viewed independently, many of these signals may appear low priority or disconnected.

An anomalous login attempt, unusual device communication, changes in network traffic patterns, or abnormal behavior from an industrial controller may not appear significant on their own. The problem emerges when these activities are part of a broader attack chain unfolding across multiple systems simultaneously.

Siloed security models struggle to correlate this activity effectively because they lack shared operational context. Security teams may see isolated indicators while missing the relationships between them.

This creates a fundamental visibility problem that has discursive effects across security teams, leading to analyst overload, tedious alert investigations, and slower response times.

The issue is not simply detecting threats faster. It is understanding how activity across IT, OT, IoT, cloud, and remote access systems relate to one another in real time before operational disruption occurs.

Security measures to safeguard modern data center infrastructure

Rule-based systems, predefined indicators, and signature-driven approaches remain useful for identifying known threats, but they are less effective at identifying subtle behavioral deviations, novel attack paths, insider activity, 3^rd party supply chain exploitation or attacks that move across operational domains.  

Darktrace’s Self-Learning AI approach is designed to operate across converged IT, OT, IoT, and cloud environments. Using multiple layers of AI models, Darktrace solutions come together to achieve behavioral prediction, real-time threat detection and response, and incident investigation, all while empowering your security team with visibility and control.

Because the models are environment-specific, they can adapt across highly diverse infrastructure including operational technology, physical security systems, enterprise IT, cloud workloads, and third-party connectivity.

This enables organizations to build a more unified understanding of activity across the data center.

Unified visibility across interconnected environments

Darktrace provides visibility across IT, OT, IoT, and cloud systems through a centralized platform. Security teams and data center operators can maintain live asset inventories, monitor data flows, identify vulnerable or end-of-life systems, and better understand how interconnected infrastructure communicates across the environment.

This becomes increasingly important in environments where unmanaged devices, transient contractor systems, and third-party connectivity continuously alter operational conditions.

Threat detection, investigation, and response

Darktrace applies multiple AI models to identify anomalous activity that may indicate known threats, novel attacks, insider activity, or cross-domain compromise.

By understanding how devices and systems normally behave within the environment, Darktrace can identify subtle deviations that may otherwise remain undetected in siloed environments.

Its autonomous response capabilities can also help contain threats during their early stages before they escalate into operational disruption. Meanwhile, Cyber AI Analyst provides explainable AI-driven investigations that help security teams understand the relationships between events, systems, and users involved in potential incidents.

Proactive risk identification

As data center environments continue to evolve, organizations increasingly need to understand not only active threats, but also where structural weaknesses may exist across interconnected systems.

Through capabilities such as attack path modeling and behavioral risk analysis, Darktrace helps organizations prioritize remediation efforts and identify areas where operational exposure may increase over time.

This supports a more proactive security posture in environments where operational continuity is critical.

Securing the future of interconnected infrastructure

As data centers continue to scale in size, complexity, and operational importance, their reliance on interconnected IT, OT, IoT, cloud, and AI-driven systems will only deepen.

The challenge organizations face is no longer simply protecting individual devices or isolated environments. It is understanding how risk emerges across interconnected systems operating together and detecting threats to these systems in real time.

This is ultimately what makes modern data center security different from traditional enterprise security models. The operational dependencies are broader, the environments are more heterogeneous, and the consequences of disruption and intent of adversaries are more like those in the critical infrastructure space.

Securing these environments therefore requires more than fragmented visibility across disconnected tools. Organizations increasingly need unified approaches capable of understanding relationships across systems, detecting threats early, and responding before operational disruption spreads across critical infrastructure.

As the infrastructure powering the digital economy continues to evolve, cybersecurity resilience will become increasingly inseparable from operational resilience itself.

‍

[related-resource]