Varonis Atlas: the safety layer that monitors, tests and blocks the IA in production

Varonis has launched the Varonis Atlas market, a platform that aims to become the safety layer that will accompany the wave of artificial intelligence tools within the companies. Instead of a timely solution that monitors only models or conversations, Atlas presents itself as an integral approach: to identify which IA systems exist, to assess their exposure, to test their resistance to real-time attacks and to apply controls while they work, all linked to the context of the data that these IA consume.

The central argument behind this bet is not a rhetorical novelty: agents, copilots and models are no longer passive assistants. They run actions, access files and can orchestrate processes at speeds that exceed traditional human supervision. So, the visibility on which IA systems are deployed and what information they can touch is today the minimum condition for safe use. Analysts such as Gartner have pointed out the progress of automated agents in productive environments and the growing need to control not only the prompts, but the actions that these agents carry out ( Gartner, Future of AI Security).

The incidents and public warnings of data filtration by a negligent use of cloud-based assistants have been frequent: from companies that prohibited the use of ChatGPT for sensitive data to cases where accidental exfiltration was detected. This reality is no longer theoretical, and means like Reuters have documented corporate concern about the indiscriminate use of these services ( Reuters, 2023).

In view of this picture, Varonis Atlas proposes several integrated layers of work. The first is the creation of a live inventory of IA assets: not only endpoints of models or chat applications, but agents, unit servers, projects in repositories and "shadow" uses that employees could have adopted without going through formal governance. This continuous detection should also provide a context of access to information and activity to move from mere visibility to actuable.

On that basis, the platform proposes a security position management specific to IA that combines code analysis, configurations, prompts and model dependencies with the sensitivity of the data they can access. Assess the exposure of a model without understanding what data you can touch is an incomplete piece of the puzzle, and that's where, according to Varonis, the advantage of linking the IA layer with a consolidated data security platform (more information on the page of the Varonis Data Security Platform).

Another relevant component of Atlas is the ability to perform dynamic tests against models in production. Instead of relying only on static reviews, these tests perform controlled attacks - for example, attempts to inject prompts or jailbreak techniques - on actual endpoints to reveal unsafe behaviors that are only manifested in execution time. The practice of submitting systems to live adverse tests has gained traction as a method of discovering vectors that static analyses do not see; community organizations and projects have warned about the many ways in which models can be manipulated ( OWASP Top Ten for Large Language Models).

But detection and testing only close the circle if there is real-time intervention capacity. Varonis Atlas includes what they define as a gateway that inspects prompts, responses and agent actions before they reach the model or subsequent systems. This allows to block sensitive information leaks, stop behaviors that are not in accordance with internal or regulatory policies and keep audit records, without the need to redo the architecture of the applications that use IA. One point they highlight is that telemetry can remain in the hands of the client, which is critical when there are data residence requirements or strict privacy controls.

The regulatory agenda also pushes these operational practices. The European Union is moving forward with the AI Act and in the United States agencies like NIST have published risk management frameworks for IA ( NIST TO RMF), which place transparency, traceability and continuous testing as key requirements. Having technical evidence and decision-making of an IA system is no longer optional when demonstrating compliance with auditors or authorities.

Third-party risk treatment is another angle that Atlas addresses: it is not enough to control what is developed internally if a relevant part of the IA processing depends on external suppliers. Integrating inventories, IA "bills of materials" and questionnaires to suppliers to continuously reassess how third parties handle data and what their dependencies are is a practical piece to reduce the risk area in the supply chain.

The in-production monitoring, recorded with a focus on execution (prompts, tool calls, access to data and guarrails decisions), feeds IA-specific detection and response. When attack techniques or abnormal behaviors are detected, the platform promises actuable alerts and the ability to block inline activities, as well as to integrate with existing response and orchestration tools such as IMS and SOAR.

What does this provide, in short, to the security officer or the data director? First, the idea that IA security should be continuous and based on the data context; second, that effective protection requires active production tests and controls acting on the implementation route; and third, that governance and compliance must be based on technical evidence and reproducible devices, not on isolated questionnaires.

Varonis offers demonstrations and test periods for teams to assess how Atlas discovers risks, fixes exposures and applies guards before a leak occurs. If an organization is accelerating the use of IA within critical flows, assessing the control layer that links the behaviour of the models with data security is a step that can no longer be postponed. For those who want to inquire more, the company explains Atlas's capabilities on its product page ( Varonis Atlas), and the demo or the test access are available on your registration links.

The arrival of platforms such as Atlas illustrates a clear trend: the security of IA is being professionalized and seeking not to fragment between tools that only see part of the problem. It remains to be seen how these solutions are integrated into heterogeneous architectures, how attack and defence techniques evolve, and how regulation will guide the adoption of mandatory technical controls. Meanwhile, the practical recommendation for security equipment is simple and urgent: map where IA is used, understand what data can be involved and test in real environment before scaling up its use in production.