The market for AI agent oversight tools is growing faster than the terminology is stabilizing. CISOs, CTOs, and compliance teams are evaluating products that all describe themselves as "AI governance" or "AI security" — but solve fundamentally different problems at fundamentally different layers of the stack.
This article defines the three distinct categories, maps them to specific enterprise needs and regulatory requirements, and identifies representative vendors in each.
The three categories
Category 1: AI Security & Detection
What it is: Tools that detect threats, attacks, and misuse targeting AI systems. Focus on prompt injection, jailbreaks, adversarial inputs, and model-level vulnerabilities. Typically deployed as content filters or threat detection layers around model endpoints.
What it solves: Protecting AI systems from external attacks and malicious inputs. Detecting anomalous or adversarial behavior in real time.
What it doesn't solve: Governance of legitimate agent actions, audit trails for regulatory compliance, cross-system policy enforcement, or identity management across agent fleets.
Representative vendors: Lakera, Prompt Security, Rebuff, Protect AI
Category 2: AI Risk & Compliance Management
What it is: Platforms for documenting, assessing, and managing AI risk across an organization. Focus on model inventories, risk assessments, policy frameworks, bias detection, and compliance reporting. Often dashboard-based.
What it solves: Organizational governance of AI programs. Demonstrating compliance posture to regulators. Managing AI risk at the portfolio level.
What it doesn't solve: Real-time enforcement of policies at the point of agent action, tamper-evident audit trails of individual agent decisions, or cross-system governance of autonomous agent fleets.
Representative vendors: Credo AI, ISMS.online, IBM OpenPages, Microsoft Purview (partial)
Category 3: Agent Enforcement Layer
What it is: Infrastructure that sits in the data path between AI agents and the systems they act on — enforcing policies, managing identities, capturing tamper-evident audit trails, and governing every action before it executes. Proxy-based architecture means governance is external to the agent and requires no code changes.
What it solves: Real-time policy enforcement across agent fleets. Cryptographically verifiable audit trails for regulatory compliance. Identity and scope management per agent. Cross-system governance that doesn't depend on any single vendor's platform.
What it doesn't solve: Organizational risk management at the portfolio level, or threat detection for adversarial model attacks.
Representative vendors: Kyde, WitnessAI, Zenity (partial), Lunar.dev (partial)
Comparison table
AI Security & Detection
AI Risk & Compliance
Agent Enforcement Layer
Primary layer
Model / Input
Org / Portfolio
Infra / Data path
Deployment
SDK / API wrapper
Dashboard / SaaS
Proxy / Gateway
Real-time enforcement
Partial
No
Yes
Tamper-evident audit trail
No
No
Yes
Agent identity management
No
No
Yes
Cross-system governance
No
No
Yes
Regulatory audit export
No
Partial
Yes
Code changes required
Typically
No
No
EU AI Act Art. 12 logging
Partial
Partial
Yes
DORA independent audit trail
No
No
Yes
NIS-2 forensic evidence
No
No
Yes
When you need which category
You need AI Security & Detection when:
- You are deploying customer-facing AI applications exposed to untrusted inputs
- You need real-time protection against prompt injection and jailbreak attempts
- You are hardening model endpoints against adversarial attack
- Your primary concern is what comes into the model, not what the agent does afterward
You need AI Risk & Compliance Management when:
- You need an organizational inventory of all AI systems in use
- You are preparing for a regulatory audit and need documented risk assessments
- You need to demonstrate a governance framework to a board or regulator at the program level
- You are managing AI policy across business units rather than governing individual agent actions
You need an Agent Enforcement Layer when:
- You are deploying AI agents that take actions across production systems
- You need a tamper-evident audit trail that satisfies EU AI Act, DORA, or NIS-2 requirements
- Your agents operate across multiple vendors and platforms — not just within one stack
- You need to enforce hard limits on agent actions — spending caps, API allowlists, scope boundaries — without modifying agent code
- A regulator, auditor, or court may ask you to produce a complete, verifiable record of what a specific agent did, when, and why
Regulatory mapping
Requirement
AI Security
AI Risk & Compliance
Agent Enforcement
EU AI Act Art. 12 — Automatic logging of high-risk AI events
Partial
Partial
✓
EU AI Act Art. 14 — Human oversight and causal reconstructability
No
No
✓
EU AI Act Art. 26 — Log retention minimum 6 months
No
No
✓
DORA Art. 30 — Independent audit trail for ICT third-party providers
No
No
✓
DORA Art. 23 — 72-hour forensic incident reporting
No
No
✓
NIS-2 Art. 23 — Forensic evidence for incident reporting
No
No
✓
GDPR Art. 22 — Automated decision-making documentation
No
Partial
✓
GDPR Art. 35 — DPIA for high-risk automated processing
No
✓
Partial
Why enterprises need more than one category
These categories are not substitutes. They address different layers of the same problem.
A financial institution deploying AI agents for credit decisioning under DORA and the EU AI Act needs all three: AI Security & Detection to protect model endpoints from adversarial inputs. AI Risk & Compliance Management to document the governance framework and demonstrate organizational oversight to BaFin. An Agent Enforcement Layer to produce the tamper-evident, independent audit trail that DORA Article 30 requires — and that vendor-provided logging cannot satisfy.
The common mistake is assuming one category covers the others. A compliance dashboard that documents AI risk does not produce a forensically valid audit trail of individual agent decisions. A prompt injection filter does not enforce spending limits on a procurement agent. An agent enforcement proxy does not replace organizational risk documentation.
Each category does one thing well. Enterprise AI governance at scale requires all three.
The category most enterprises are missing
AI Security tools have been available since the first LLM deployments. AI Risk & Compliance platforms have existed in various forms for years and are well understood by procurement teams.
The Agent Enforcement Layer is the newest category — and the least understood. It emerged as a distinct requirement when AI agents moved from generating content to taking actions: updating records, authorizing payments, calling APIs, executing transactions across production systems.
At that point, the governance problem changed. A content filter is insufficient when the risk is not what the agent says but what it does. A compliance dashboard is insufficient when the regulator is asking for a cryptographically verifiable record of a specific agent action on a specific date.
The Agent Enforcement Layer exists because agents act. And every action needs an identity, a policy check, and a tamper-evident record — before it reaches the system it targets, not after.
Summary: Choosing the right category
If your question is "Are our AI systems protected from attacks?" — you need AI Security & Detection.
If your question is "Can we demonstrate our AI governance framework to a regulator?" — you need AI Risk & Compliance Management.
If your question is "Can we prove what our agents did, enforce limits on what they can do, and produce a tamper-evident audit trail that satisfies DORA and the EU AI Act?" — you need an Agent Enforcement Layer.
If you are deploying AI agents in a regulated environment, the answer to all three questions is probably yes.
↳ KYDE
Kyde is an Agent Enforcement Layer — a model-agnostic governance proxy that sits between your AI agents and every system they act on. Every agent gets an identity. Every action is policy-checked. Every event is cryptographically signed and hash-chained into a tamper-evident audit trail. No code changes required.