The perimeter is not a network edge. It is the boundary around what an agent can read, infer, call, generate, and leak. Use the seven surfaces below to map enterprise AI risk before it becomes an incident.
Your AI perimeter is wherever an agent can read, decide, act, or leak.
Agents collapse identity, context, tools, runtime, output, and egress into one delegated actor.
Map your highest-impact AI workflow against all seven surfaces before approving another tool integration.
Each surface maps to an attacker path, an enterprise control, and an assessment deliverable.
Smuggle instructions through content the agent treats as context.
Instruction provenance, tool-policy separation, prompt-injection tests, and refusal evidence.
Instruction-control review and adversarial prompt path report.
The meaningful question is no longer “is this request inside or outside the network?” It is “what can this agent infer, retrieve, decide, call, create, and leak?” That is a different security model. It requires identity discipline, tool scoping, context hygiene, runtime isolation, output review, and egress controls around every agentic workflow.
The framework is only useful when it produces evidence: inventory, attack paths, controls, owners, and board-ready decisions.
A support agent reads a customer attachment, retrieves internal policy, opens a CRM record, and drafts a privileged update. The failure is not one prompt. It is a context-to-action chain.
Identity, context provenance, tool scope, runtime boundary, and output review before action.
Risk language leadership can use without reading exploit traces.
Find agents, copilots, RAG systems, MCP servers, AI vendors, and workflows with tool access.
Assign owners, narrow scopes, isolate runtimes, define logging, and set acceptable use boundaries.
Run adversarial testing, produce a board-ready risk map, and fund the remediation roadmap.
IMS assesses your AI estate against the seven surfaces and produces a prioritized, board-ready control roadmap.
