Reskill · CCS
Cloud & Container Security
The agent provisioned a resource to get the job done. CSPM flagged the change after it was already live.
Autonomous provisioning is a change your config controls meet too late. Reskilling moves them upstream.
The rung you have to reach
Organization Management
Controls for enterprise-wide AI management, asset discovery, inventory, and centralized security enforcement. Includes AI service, agent, and model discovery, AI-enabled developer tool management, cloud provider policy controls (e.g., AWS SCPs, Azure Policy, GCP organizational policies) to restrict AI services and models, configuration baselines, automated guardrail enforcement, and isolation patterns for blast radius control. Shared security components for managing AI autonomy and agents.
L1 · Initial
No visibility into enterprise AI usage. AI-powered applications and AI coding assistants are untracked. Individual teams self-manage AI tools and services without centralized oversight. No technical controls to restrict or manage AI service usage.
L2 · Repeatable
AI usage tracked through available means (billing analysis, endpoint telemetry, manual surveys). Approved AI platforms and developer tools identified but enforcement is policy-based or limited to provider-managed settings. Basic security requirements for AI deployments documented. No automated discovery of AI services or coding tool usage. AI feature settings managed for major SaaS platforms (e.g., Microsoft 365 Copilot) but not consistently.
L3 · Defined
Initial technical controls for AI services on primary cloud platform (e.g., AWS SCPs restricting Bedrock models, Azure Policy for Copilot, GCP Organization Policy for Vertex AI). AI coding assistants deployed via enterprise licensing with centralized administration (e.g., GitHub Copilot Business/Enterprise). Dedicated cloud deployments (account/subscription) provisioned for AI workloads. AI service inventory maintained for primary platforms but discovery remains manual.
L4 · Capable
Consistent organizational policies enforce approved AI services and models across cloud accounts. Enterprise controls for AI developer tools enforced (approved assistants, security code review agents). Initial use of AI-SPM or cloud-native tools for automated AI service discovery. Unmanaged AI discovery capability covering both AI services and unauthorized coding tools. Visibility into models, endpoints, agents, and dependencies. Blast radius controlled through account/subscription isolation.
L5 · Efficient
Automated, continuous AI discovery across cloud platforms and developer environments. Shared security services leverage automation for efficiency. Policy-as-code for AI service restrictions integrated with provisioning pipelines. AI-SPM integrated into security operations with automated alerting on unmanaged AI or policy violations. Org-level AI controls updated proactively as providers release new models/services. Automated workflows to bring discovered unmanaged AI under management or block.
our model · calibrated to SAE J3016
Your syllabus
The plays that climb the rung.
The curriculum for this function is still forming. Baseline it below, and the fitted plays follow.
Autonomy must not outrun maturity. The gate holds each rung until its controls are evidenced. The gate framework: eight gates, three lanes →