How to Secure AI: A Breakdown of the TRiSM Framework

You cannot secure what you cannot see.

That principle has always been true in cybersecurity, but it has become especially relevant as AI becomes embedded in business processes. Between generative AI tools, AI-powered applications, and emerging agentic systems, many organizations are struggling to understand exactly what AI exists in their environment, what data it can access, and how it is being used.

As Ryan Spelman, Managing Director of Cyber Research at K logix, notes,"Many of our clients are being forced to implement, have implemented, or are considering implementing AI tools and processes across large swaths of the organization. That's a rapid change for a technology that has a lot of power and a lot of risk."

Without visibility into those systems and risks, security becomes reactive rather than intentional. This is where Gartner's TRiSM framework comes into play. Short for Trust, Risk, and Security Management, TRiSM provides a practical model for understanding AI risk and implementing the controls needed to manage it.

Why Traditional Security Is Not Enough for AI

Unlike traditional applications, AI systems behave in ways that are often difficult to predict. Their outputs are heavily influenced by data, context, and user interactions. In more advanced deployments, AI may operate across multiple systems, execute multi-step workflows, or act with broad permissions if controls are not carefully managed.

As a result, organizations face challenges that traditional security programs were not designed to address. Sensitive data can be exposed through prompts, AI hallucinations can lead to incorrect decisions, agents may take unintended actions, and security teams often struggle to maintain visibility into how these systems are behaving.

What Is the TRiSM Framework?

The TRiSM framework approaches AI security as a series of interconnected layers. It begins with understanding what AI systems exist and how they are governed. From there, it focuses on monitoring behavior in real time, protecting the data AI relies on, and securing the underlying infrastructure that makes everything possible.

Gartner organizes these responsibilities into four primary areas: AI Governance, AI Runtime Inspection and Enforcement, Information Governance, and Infrastructure and Technology Stack.

Layer 1: AI Governance

At its core, governance is about visibility, traceability, and accountability. Organizations need to understand what AI systems exist, what data they use, who owns them, and how they fit into broader business processes.

Brian Rosmus, Manager of Research and Technology for the K logix Cyber Research team, explains, "The process starts with the inventory. You need to catalog your models, your applications, your data sets, and agents." Once that inventory exists, organizations can begin mapping relationships between systems, identifying owners, and defining responsibility for ongoing management.

Layer 2: Runtime Inspection and Enforcement

Rosmus notes,"Once we know what AI we've got in our environment, we need to monitor AI interactions, make sure they're evaluated, inspected in real time, and compare them to policies that are put in place."

• For generative AI, runtime inspection focuses on evaluating prompts, inspecting outputs, and detecting potential exposure of sensitive information.

• For agentic AI, the scope expands to monitoring actions, identifying deviations from expected behavior, and understanding how agents interact with APIs, applications, and business processes.

This layer provides real-time visibility into AI activity. It can help identify prompt injection attempts, guardrail bypasses, risky outputs, and unexpected agent behavior before those issues become larger problems.

Layer 3: Information Governance

Information governance focuses on understanding, classifying, and protecting the data that powers AI systems. Organizations need visibility into where sensitive information resides, who can access it, and how it moves throughout the environment.

This often involves capabilities such as data classification, data loss prevention, identity and access management, and data lineage tracking. Together, these controls help ensure AI systems only access information they are authorized to use and prevent sensitive data from being surfaced inappropriately.

Layer 4: Infrastructure and Technology Stack

The final layer addresses the technology foundation that supports AI. This includes cloud environments, APIs, integrations, development pipelines, and monitoring platforms. While these controls may feel familiar to security teams, they remain essential because every other layer depends on them.

Proper configuration, strong access controls, encryption, logging, and monitoring all help reduce the attack surface and ensure AI systems operate within a secure environment.

The Reality: Most Organizations Are Not Fully There Yet

Based on what we are seeing across organizations, most are still early in this journey.

Many are focused on generative AI use cases and have limited governance in place. Fewer have visibility into how AI is being used. Even fewer are monitoring agent behavior in real time.

At the same time, adoption is accelerating which creates a gap between capability and control. The TRiSM framework helps close that gap by providing a structured approach to securing AI.