It misses the way data now moves through SaaS, cloud, and AI workflows that do not pass through a small set of inspection points. Modern DLP has to understand the data itself, its context, and the identities that can reach it. Without that, enforcement becomes reactive and incomplete.
Why This Matters for Security Teams
Endpoint and email-centric DLP assumes that sensitive data enters, moves, and exits through a few inspectable choke points. That model breaks when users collaborate in SaaS apps, sync files across cloud services, paste data into copilots, or trigger AI workflows that never touch a traditional gateway. The result is not just missed leakage, but blind spots around who accessed the data, from where, and through which identity.
NHI Management Group has repeatedly shown that modern exposure is identity-driven as much as content-driven. The LLMjacking report and the DeepSeek breach both illustrate how quickly secrets and sensitive records can be reached once non-human identities or AI-adjacent workflows are compromised. Current guidance from the NIST Cybersecurity Framework 2.0 reinforces that protection has to follow the asset and the identity, not only the network path.
In practice, many security teams encounter uncontrolled data movement only after a SaaS sync, token leak, or AI prompt exposure has already created a reportable incident.
How It Works in Practice
Effective DLP in cloud and AI environments shifts from perimeter inspection to context-aware enforcement. That means classifying data at creation, tracking it through SaaS and collaboration layers, and tying enforcement to the identity or workload that is requesting access. For NHI and agentic workflows, the question is not just whether the content looks sensitive, but whether the requesting identity should have that access at that moment.
Practically, this usually requires three layers working together:
- Content detection for structured and unstructured sensitive data, including secrets, regulated data, and confidential customer records.
- Identity and context signals such as role, workload identity, device posture, tenant, location, and session risk.
- Runtime policy decisions that can block, redact, tokenize, quarantine, or require step-up approval before data is exposed or moved.
That approach aligns with the direction of modern control frameworks and with the reality described in NHI Management Group research. The State of Secrets in AppSec highlights how fragmented secrets management and slow remediation make static controls unreliable. For identity-centric implementation, current guidance from the NIST Cybersecurity Framework 2.0 supports continuous monitoring and responsive protection, while the industry increasingly treats DLP policy as part of a broader identity and access decision flow rather than a standalone filter.
In AI workflows, this often means restricting prompt injection of sensitive data, logging model interactions, and preventing agents from exporting protected content into unapproved destinations. These controls tend to break down when an organisation has unmanaged SaaS sprawl and no reliable identity layer for machine-to-machine access, because the data moves faster than the inspection points can update.
Common Variations and Edge Cases
Tighter DLP often increases friction for users and administrators, requiring organisations to balance leakage prevention against workflow speed and support overhead. That tradeoff becomes especially visible in engineering teams, customer support, and AI-assisted knowledge work, where broad blocking can create shadow systems and bypass behaviour.
There is no universal standard for this yet, but current guidance suggests a few practical exceptions. Shared documents and collaboration tools usually need inline classification and post-exposure monitoring rather than hard blocking everywhere. High-trust internal systems may rely on stronger identity controls and auditability, while external sharing zones often need more aggressive redaction and expiry. Where NHI or agent identities are involved, policy should be evaluated at request time, not only at upload or download boundaries.
Best practice is evolving around data-centric controls that follow the record, token, or secret across environments. That is the most reliable way to handle SaaS-to-SaaS transfers, AI copilots, and automated agents that can chain actions across systems. The LLMjacking report shows why this matters: once credentials or trusted non-human identities are abused, traditional endpoint DLP has little visibility into downstream exfiltration paths.
Standards & Framework Alignment
This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.
OWASP Non-Human Identity Top 10 address the attack and risk surface, while NIST CSF 2.0 and NIST AI RMF set the governance and control requirements practitioners need to meet.
| Framework | Control / Reference | Relevance |
|---|---|---|
| OWASP Non-Human Identity Top 10 | NHI-03 | Static secrets and weak rotation drive identity-based data exposure. |
| NIST CSF 2.0 | PR.DS | Data security controls must protect data across SaaS, cloud, and AI paths. |
| NIST AI RMF | GOVERN | AI workflows require accountability for data handling and access decisions. |
Use short-lived NHI credentials and automate rotation to reduce DLP-bypassing exfiltration paths.
