As enterprises increasingly invest in AI-specific defenses, Thales has launched an AI Security Fabric that targets runtime security risks for agents and large-scale language model-based applications.
The product focuses on protecting not only AI models but also the data and identities that underpin them. It addresses threats such as prompt injection, data leakage, model manipulation, and weaknesses in search augmentation generation (RAG) pipelines.
Thales said the first release will provide basic functionality across the core and edge of enterprise AI environments. The company aims to position Fabric as an integrated security layer across cloud and on-premises deployments.
The use of AI in business is rapidly expanding. According to a McKinsey study cited by Thales, 78% of organizations are now using AI in at least one function, up from 55% two years ago. The 2025 Thales Data Threat Report states that 73% of these organizations are investing in AI-specific security tools through new or existing budgets.
Focus on runtime threats
The AI Security Fabric focuses on runtime protection for applications that incorporate LLM and agent AI, where software agents take actions based on model outputs and external data.
Thales said the purpose of the fabric is to reduce risks such as prompt injection and jailbreak attacks, leaking system prompts, model denial of service, and leaking sensitive or regulated data. By separating control of data, models, and identities, enterprises can enforce consistent policies across different AI services.
The company says organizations can use this fabric to support AI-driven projects while maintaining compliance with internal and industry regulations. Designed to work with cloud-native, on-premises, and hybrid architectures.
Thales also emphasized alignment with recognized software security benchmarks. Fabric said it leverages existing security tools to address some of the OWASP top 10 risks associated with AI and web applications to reduce the potential for operational disruption and reputational damage.
initial component
This release includes two major components. The first is AI application security that targets internal applications that call LLM through APIs or built-in models.
AI Application Security provides runtime monitoring and control. Analyzes prompts and responses for signs of prompt insertion, jailbreak attempts, and system prompt disclosure. It also checks for sensitive information leaks and enforces content management rules.
Thales said AI Application Security offers a wide range of deployment options. It can be integrated with a variety of architectures across cloud services, on-site infrastructure, and mixed environments.
The second component is AI search augmented generation security. It focuses on data security for RAG pipelines where external enterprise data feeds model responses.
RAG Security identifies and protects sensitive structured and unstructured data before it is ingested into AI applications. Use data protection tools such as encryption and key management to limit access to and control usage of sensitive information.
This product also manages communication between LLM and external data sources. Security controls are applied to these integration points to ensure that only authorized data exchange occurs between the model and the backend system.
market positioning
Thales is marketing its AI Security Fabric to companies looking to move beyond AI experimentation to widespread adoption across business units. These organizations face tensions between expanding the use of AI and addressing regulatory, privacy, and security concerns.
In this context, the company leverages its long-standing role in cybersecurity, data protection and identity management. We bundle these technologies into a dedicated layer that sits on top of the AI model and surrounding infrastructure.
“As AI reshapes business operations, organizations need security solutions tailored to the specific risks posed by Agentic AI and Gen AI applications,” said Sebastian Cano, Senior Vice President, Cybersecurity Products Business, Thales. “Thales AI Security Fabric provides enterprises with purpose-built tools to protect AI applications while minimizing operational complexity. Backed by decades of security expertise, Thales enables enterprises to scale AI deployments with confidence and protect sensitive data, applications, and user interactions.”
Upgrades planned for 2026
Thales has developed an AI Security Fabric roadmap to 2026. The company is planning new runtime features aimed at controlling data loss and access patterns for AI agents.
Planned features include data leakage prevention across AI data flows. Thales is also adding a Model Context Protocol (MCP) security gateway. It mediates interactions between AI agents and tools that expose external data and actions.
This roadmap also includes end-to-end runtime access control across users, models, and data sources. Thales aims to provide unified and compliant management of AI interactions using a consistent security policy framework across multiple environments.
Thales said he expects these enhancements to extend the AI Security Fabric to a large portion of the AI lifecycle as organizations scale agent AI and LLM-based systems in production environments.
