The Orca Approach to Runtime AI Security

The Runtime Gap: Why AI Security Can’t Stop at Posture

Most AI security conversations in 2025 centered on posture. What models are deployed? Who has access? Are your AI pipelines misconfigured? These are the right questions, but they’re the pre-game warmup. The harder problem is what happens at runtime, when your AI systems are live, handling real data, and making decisions your SOC wasn’t designed to monitor.

This is where Orca’s approach to AI security becomes relevant.

CSPM and DSPM give security teams eyes on configuration drift and data exposure across cloud environments. AI-SPM extends that logic to AI assets in production environments, inventorying models, pipelines, and training data. Orca’s agentless-first approach means you’re getting that coverage without deploying agents across every node, which matters when your AI infrastructure is sprawling faster than your team can instrument it.

But posture is a snapshot. AI threats are more like films.

Independent Reasoning and Autonomous Action Change the Game

When an LLM-powered agent starts making API calls, accessing customer records, or spawning subprocesses in a production environment, the attack surface shifts from “what was misconfigured” to “what is happening right now.” Prompt injection attacks don’t show up in your configuration scanner. A compromised model output that exfiltrates data through a legitimate API integration doesn’t look like a traditional breach. It looks like normal application behavior.

This is the structural blind spot: developers build the AI system, your security team is responsible for the risk that’s introduced, and neither group has full visibility into what the model is actually doing in production.

As security leaders seek to understand how AI is actually being used in their organization, the real questions they need to answer fall into two camps: visibility and actionability. Visibility covers questions like:

• Where and how is AI being used?
• What data is being sent to AI systems?
• Which AI services, models, and identities are involved?

Meanwhile, actionability covers questions like:

• Who is allowed to access and use AI services?
• What actions can AI perform in our environment?
• How do we detect and govern risky AI usage?

Why Runtime AI Security Is Hard

Three compounding factors make this genuinely difficult, not just a tooling gap you can close with another license.

First, non-determinism—a technical word that basically means unpredictable. Securing traditional applications assumes predictable behavior, meaning the same input yields the same output. But with an LLM, the same input can (and usually does) produce different outputs, which means behavioral baselines are moving targets. Anomaly detection built for deterministic systems will either miss the signal or bury you in noise.

Second, the attack surface is the application logic itself. In cloud-native environments, lateral movement typically exploits misconfigured IAM, overprivileged service accounts, or exposed APIs. With agentic AI, the application layer is the attack vector, and agents are operating with permissions before security teams understand what the agent would actually do with them. Blast radius from a compromised agent that has write access to your data warehouse isn’t a theoretical concern anymore.

Third, ownership gaps persist. Who is responsible when a fine-tuned model starts producing outputs that violate your data handling policies? The ML engineer who trained it? The AppSec team? The CISO? In most organizations, this isn’t settled, and attackers don’t wait for org charts to get updated.

Orca Goes Beyond Posture with Real-time AI Detections

In addition to a strong AI-SPM solution, the Orca Platform now detects AI usage in real-time through Orca Sensor. Security teams immediately get:

• a real-time activity log of AI usage, enriched with cloud and runtime risk details
• clarity about what MCP servers, tools, and skills are doing with your applications
• prompt-level risk analysis including sensitive data leakage, prompt-injection risk, suspicious traffic patterns, and more

#1 Discover AI activity and know the source

Challenge: Without an agent-based approach to see real-time activity, it would be impossible to fully understand what LLMs and MCP servers are interacting with your cloud-native applications, who owns these systems, and the business risk of those interactions.

Solution: Orca Sensor captures all outbound LLM requests and inbound MCP activity, then maps it to the originating workload and process. When available, security teams can even see what identities (human or agents) generated the activity. And because this data is normalized into Orca’s Unified Data Model, security teams easily access related context like exposure details, asset context, and related alerts.

#2 Analyze risk at the prompt level

Challenge: Coverage is a key metric in the maturity of security. Without visibility into how users are engaging with AI, governance policies are simply generic do’s and dont’s that are not personalized to the risk profile of an organization.

Solution: Orca Sensor captures prompts in real-time and analyzes them for risky or malicious behavior like leaking secrets, exfiltrating PII, and other suspicious AI activity. This allows security teams to fine-tune AI governance policies to their risk appetite while enabling the business to continue innovating and building with AI.

#3 Go beyond prompts to understand how MCP servers are engaging with your applications

Challenge: Prompts are only an input to an unpredictable system. Analyzing prompts doesn’t give proper insight to how the system chooses to respond to the request. This means organizations that over-index on prompt-level analysis miss what the system actually did— what data it accessed, what tools were invoked, and how its output was consumed and acted upon.

Solution: Orca Sensor shows security teams how MCP servers are using tools and skills. By observing the output of AI interactions and chained workflows, security teams can fine-tune AI governance policies to ensure users and agents operate appropriately within the bounds of an organization’s risk profile.

Full Runtime AI Security Requires Both Posture and Real-time Solutions

The Orca Platform secures AI as an evolution and extension of its core capabilities identifying, prioritizing, and remediating risk across production cloud environments. By combining an agentless approach with Orca Sensor, the Platform delivers:

• inventory of your AI models, cloud-managed AI services, unmanaged apps and other AI frameworks 
• sensitive data detection on the assets running your AI projects, including training or fine-tuning datasets, as well as AI files 
• and now, real-time detection of AI activity including prompt-level analysis and MCP server interactions

Orca’s Unified Data Model pulls together cloud configuration, workload context, and AI running on production workloads. This is meaningful because attack paths don’t respect tool boundaries. An attacker who compromises an AI pipeline isn’t staying in the AI layer; they’re using it as a pivot point into cloud infrastructure. Seeing those connections requires a platform that can correlate across both domains simultaneously.

Orca’s newest dashboards provide security leaders with the knowledge of how their AI infrastructure is growing, where unmanaged and unsanctioned AI is operating, and what presents the most risk to the business.

Dashboard 1: AI Cloud Workloads

The AI Cloud Workloads dashboard gives security leaders a combined view of real-time AI risks, like prompts with sensitive data or jailbreak attempts, with asset-level risk. Teams can answer questions like:

• How many MCP/LLM Requests/Responses were detected in my runtime environment over time?
• What are my top AI cloud runtime alerts (prompts with sensitive data / jailbreak attempts)
• Which compute assets with AI Software or AI runtime activity are at risk?

Dashboard 2: AI Models and Tools

With the latest AI Models and Tools dashboard in the Orca Platform, security teams can now take a focused view to answer questions like:

• Which AI models (Cloud Manage / Self Hosted / Runtime Activity) do I have in my cloud and code environments?
• Where are these AI models being used?
• What Self hosted AI Software & Frameworks are running on my compute assets?
• Which AI Software is vulnerable?

Dashboard 3: Cloud AI Services 

Organizations that rely on cloud-managed AI services can now understand the risks related to their inventory that runs AI services from AWS, Microsoft, and Google Cloud. Security leaders can now answer questions like:

• Which cloud AI services are being used in my environment? (Azure OpenAI, Bedrock etc) 
• What are the misconfigurations and risks of my cloud AI Services?

Dashboard 4: AI Security Overview

This dashboard puts the high level metrics from the previous dashboards at the fingertips of any security leader trying to answer questions like:

• What are my AI Models & Tools, AI Cloud Workload Assets and Cloud Managed AI Assets I have in my environment?
• What are my AI Risks? (Prompts with Sensitive Data, AI Misconfigurations, AI Assets with Sensitive Data, AI Secrets..)
• What are the most common AI Models and providers in my environment?
• What is my AI compliance posture?

Bonus Dashboard: Coding Agents

Want to understand how your developers are using AI to generate code and what risk these decisions introduced? Understand the impact of building with AI with this new dashboard featuring analysis of human vs AI-generated code.

About Orca

The Orca Platform delivers a unified cloud security experience that helps organizations identify, prioritize, and remediate risk across their cloud environments, code, and AI. Interested in seeing how we help you secure AI? Schedule a personalized 1:1 demo.