---
title: AI Security Posture Management (AI-SPM)
description: Protect the AI models running in your cloud. Detect prompt injection risks, overprivileged agents, training data exposure and model supply chain vulnerabilities on AWS, Azure and GCP.
url: https://www.getobok.com/ai-security-posture-management
status: Early Access
---

# AI Security Posture Management (AI-SPM)

> Protect the AI models running in your cloud. Detect prompt injection risks, overprivileged agents, training data exposure and model supply chain vulnerabilities on AWS, Azure and GCP.

**Currently in early access.** As AI models and agents become part of cloud infrastructure, they introduce a new class of security risks that traditional CSPM tools don't cover. Obok's AI-SPM product extends cloud security posture management to cover AI workloads running on AWS, Azure, and GCP.

## Risk types detected

### Prompt injection risk
- Public-facing endpoints with no input validation
- Agents with access to sensitive tools or data
- No rate limiting on inference endpoints
- System prompt exposure via API responses

### Training data exposure
- Training datasets in public S3 buckets
- Fine-tuning jobs with unencrypted data
- PII in datasets used for model training
- Missing data access logging on training stores

### Overprivileged models & agents
- IAM roles with more access than the model needs
- Agents with write access to production systems
- API keys embedded in model configurations
- Cross-account access from AI workloads

### Model supply chain
- Third-party models without provenance verification
- Unscanned model weights pulled from registries
- Dependency risks in ML pipelines
- Model versioning and rollback gaps

### Output & logging gaps
- Inference endpoints with no request logging
- No monitoring on model outputs in production
- Sensitive data in model response logs
- Lack of audit trail for agent actions

### Infrastructure misconfigurations
- AI endpoints exposed on public subnets
- GPU instances running without encryption
- Model artifacts stored without versioning
- No network isolation between AI workloads

## Cloud providers supported

- Amazon Web Services (AWS) — SageMaker, Bedrock, Lambda AI workloads
- Microsoft Azure — Azure OpenAI, Azure ML
- Google Cloud Platform (GCP) — Vertex AI, Gemini integrations

## Why AI-SPM matters now

Organizations deploying AI in the cloud face risks that didn't exist two years ago:

- AI agents with overly broad IAM permissions can cause catastrophic blast radius incidents
- Training data containing PII or trade secrets is often stored without proper access controls
- Prompt injection in customer-facing AI can bypass business logic and compliance controls
- Model supply chain attacks (compromised weights, poisoned dependencies) are an emerging threat vector

## Related products

- [Cloud Security](https://www.getobok.com/cloud-security) — Detect threats and misconfigurations across all cloud services
- [Compliance Assessment](https://www.getobok.com/compliance-assessment) — Score against 57 regulatory benchmarks

## Join early access

[Request early access](https://www.getobok.com/ai-security-posture-management) — available now for select customers on AWS, Azure and GCP.