Thales Builds Security Layer for Agentic AI Applications

Thales has introduced its AI Security Fabric, a security platform developed to counter threats aimed at agentic AI and large language model applications. This platform prioritises runtime security by monitoring AI applications during their operation rather than depending only on pre-deployment scanning. With AI adoption accelerating across business functions, the 2025 Thales Data Threat Report notes that 73% of organisations are now investing in security tools specifically for AI.

This trend reflects the rapid integration of AI into core business processes. According to McKinsey research, 78% of organisations use AI in at least one business function which is an increase from 55% two years prior. This expansion gives rise to new attack surfaces that conventional security architectures may struggle to protect effectively.

Addressing prompt injection and model manipulation

The initial release of the AI Security Fabric features two distinct products. The first AI Application Security operates alongside applications powered by large language models to monitor for a range of threats. These include prompt injection attacks jailbreaking attempts system prompt leakage and model denial-of-service attacks. The system also watches for sensitive information leakage and content moderation failures across cloud on-premises and hybrid environments. The second product AI Retrieval-Augmented Generation Security scans enterprise data before it is ingested into retrieval-augmented applications. It applies encryption and key management to both structured and unstructured data and secures the communication channel between LLMs and external data sources. Both of these products are focused on the OWASP Top 10 for LLM applications a list of vulnerabilities documented by security researchers in production AI systems.

“As AI reshapes business operations organisations require security solutions tailored to the specific risks posed by Agentic AI and Gen AI applications,” says Sebastien Cano Senior Vice President of Thales’ Cyber Security Products Business. “Thales AI Security Fabric offers enterprises specialised tools to secure AI applications while minimising operational complexity.”

Securing enterprise data in RAG pipelines

Retrieval-augmented generation or RAG is a common method in enterprise AI deployments as it allows models to access current information without needing to be retrained. However RAG architectures introduce security challenges. Data that is retrieved from enterprise systems may contain sensitive information that models could then leak through their outputs. Thales' RAG security capability addresses this by scanning data before ingestion applying encryption and access controls to limit potential exposure. The system's goal is to prevent scenarios where confidential data might flow into model contexts and subsequently appear in responses to unauthorised users.

Planned expansion and the Model Context Protocol

Thales plans to expand the platform in 2026 with three new additions:

• Data leakage prevention
• A Model Context Protocol security gateway
• End-to-end runtime access control

Anthropic has developed the Model Context Protocol as a standard for connecting AI systems to external tools and data sources. Agentic AI systems use this protocol to access databases execute code and pull information from APIs. A security gateway would monitor these connections blocking requests that attempt to access restricted data or perform unauthorised actions. Runtime access control moves security checks from the development phase into production.

Instead of scanning code once before deployment the system monitors every interaction between users models and data sources. This is important as AI systems can behave in ways their developers did not anticipate particularly when users discover edge cases or provide them with unusual inputs. Trial versions of some tools are now available through the Thales AI Security Fabric website.

“Supported by decades of security expertise Thales enables businesses to confidently scale their AI adoption safeguarding sensitive data applications and user interactions,” Sebastien says.