Thales unveils AI Security Fabric for runtime threats

Thales has launched an AI Security Fabric that targets security risks in agentic and large language model-based applications at runtime, as businesses increase investment in AI-specific defences.

The product focuses on protecting not only AI models but also the data and identities that underpin them. It addresses threats such as prompt injection, data leakage, model manipulation and weaknesses in retrieval-augmented generation, or RAG, pipelines.

Thales said the initial release delivers foundational features that sit across the core and edge of an enterprise AI environment. The company aims to position the fabric as a unifying security layer across cloud and on-premises deployments.

Use of AI in business has expanded rapidly. McKinsey research cited by Thales indicates that 78% of organisations now use AI in at least one function, up from 55% two years earlier. The 2025 Thales Data Threat Report states that 73% of these organisations are investing in AI-specific security tools, through new or existing budgets.

Runtime threat focus

The AI Security Fabric concentrates on runtime protection for applications that embed LLMs and agentic AI, where software agents take actions based on model outputs and external data.

Thales said the fabric aims to reduce the risk of prompt injection and jailbreaking attacks, system prompt leakage, model denial-of-service, and the exposure of sensitive or regulated data. It separates control over data, models and identities so that companies can apply consistent policies across different AI services.

The company said organisations can use the fabric to support AI-driven projects while maintaining compliance with internal and sector regulations. It is designed to operate in cloud-native, on-premises and hybrid architectures.

Thales also highlighted alignment with recognised software security benchmarks. It said the fabric draws on existing security tools to address several of the OWASP Top 10 risks linked to AI and web applications, in an effort to reduce the likelihood of operational disruption or reputational incidents.

Initial components

The launch includes two main components. The first is AI Application Security, which targets in-house applications that call LLMs via APIs or embedded models.

AI Application Security provides monitoring and control at runtime. It analyses prompts and responses for indications of prompt injection, jailbreaking attempts and system prompt disclosure. It also checks for sensitive information leakage and enforces content moderation rules.

Thales said AI Application Security offers a range of deployment options. It can integrate with different architectures across cloud services, on-site infrastructure and mixed environments.

The second component is AI Retrieval-Augmented Generation Security. This focuses on data security in RAG pipelines, where external enterprise data feeds model responses.

RAG Security identifies and protects sensitive structured and unstructured data before ingestion into AI applications. It uses data protection tools, including encryption and key management, to restrict access and control use of confidential information.

The product also manages communication between LLMs and external data sources. It applies security controls at these integration points so that only authorised data exchanges take place between the model and back-end systems.

Market positioning

Thales is pitching the AI Security Fabric at enterprises that are moving beyond experimentation with AI and into broader deployment across business units. These organisations face tension between extending AI use and managing regulatory, privacy and security concerns.

In this context, the company is drawing on its long-standing role in cybersecurity, data protection and identity management. It is bundling those technologies into a dedicated layer that sits above AI models and surrounding infrastructure.

"As AI reshapes business operations, organizations require security solutions tailored to the specific risks posed by Agentic AI and Gen AI applications," said Sebastien Cano, Senior Vice President of Thales' Cyber Security Products Business, Thales. "Thales AI Security Fabric offers enterprises specialized tools to secure AI applications while minimizing operational complexity. Supported by decades of security expertise, Thales enables businesses to confidently scale their AI adoption, safeguarding sensitive data, applications, and user interactions."

Planned 2026 upgrades

Thales set out a roadmap for the AI Security Fabric that extends into 2026. The company plans new runtime capabilities that target data loss and control over AI agents' access patterns.

Planned features include data leakage prevention across AI data flows. Thales will also add a Model Context Protocol, or MCP, security gateway. This will mediate interactions between AI agents and tools that expose external data or actions.

The roadmap also includes end-to-end runtime access control across users, models and data sources. Thales aims to offer unified and compliant management of AI interactions, with a consistent security policy framework that spans multiple environments.

Thales said it expects these enhancements to extend the AI Security Fabric across a larger part of the AI lifecycle, as organisations scale agentic AI and LLM-based systems in production.