AI security best practices show why data-centric controls matter

At a glance

What this is: Cyera argues that secure AI starts with data-centric governance because enterprise adoption, autonomous agents, and weak visibility have outpaced existing controls.

Why it matters: IAM, NHI, and AI governance teams need the same visibility-first discipline because AI systems are now identity-bearing actors that can widen blast radius across data, tools, and workflows.

By the numbers:

• 83% of enterprises already use AI, while only 13% report strong visibility into how it touches their data.
• 76% of organizations surveyed said autonomous AI agents are the hardest to secure.
• 82.6% of phishing emails are now AI-crafted.

👉 Read Cyera's research on AI security best practices and data-centric governance

Context

AI security breaks down when organisations treat models as the main object of control instead of the data and identities that models touch. The primary keyword here is AI security best practices, and the practical problem is that AI systems increasingly access regulated data through tools, copilots, and agents faster than governance can classify or constrain them.

That gap matters to IAM because AI systems now behave like non-human identities with broad data reach, but without the same lifecycle discipline many teams apply to service accounts or privileged workloads. The result is an access and visibility problem, not just a model-risk problem. Cyera's report frames the issue as a data governance failure that sits at the centre of AI adoption.

The report also shows why periodic review is no longer enough when AI behaviour changes continuously. Security teams need to understand where AI touches sensitive data, how permissions expand over time, and which controls can keep pace with autonomous action and shadow AI usage.

Key questions

Q: How should security teams govern AI agents that can access sensitive data?

A: Treat AI agents as non-human identities with explicit owners, scoped datasets, and continuous monitoring. The goal is not just to limit what the agent can do at provisioning time, but to detect when its actual data reach drifts beyond the approved boundary. That requires identity, data classification, and posture management to operate together.

Q: Why do AI systems create new IAM and data governance problems?

A: AI systems can consume, transform, and expose sensitive data across multiple environments without the same human review loops used for staff access. That creates a governance gap where permissions, lineage, and policy compliance change faster than access reviews can keep up. The practical answer is continuous visibility over where the data flows.

Q: What breaks when autonomous AI agents are given broad access?

A: Broad access turns every agent decision into a potential blast-radius event because the agent can fetch data, trigger actions, and amplify mistakes without direct human oversight. When access is not tightly scoped, teams lose the ability to predict which datasets or downstream systems the agent can reach during execution.

Q: How can organisations tell whether AI security controls are actually working?

A: Look for real-time evidence that the organisation can identify AI tools, map their data access, and flag policy drift before incidents occur. If the team only discovers exposure during periodic audits or after a user reports a problem, the control is not operating at the speed of AI.

Technical breakdown

AI security posture management and continuous visibility

AI Security Posture Management, or AI-SPM, extends data security posture management into AI environments. The mechanism is continuous discovery of AI tools, the data they touch, and the policies applied to that data across cloud, SaaS, and on-premises environments. That matters because AI systems evolve faster than audit cycles, so point-in-time reviews miss scope changes, new tools, and policy drift. In practice, AI-SPM is about detecting exposure before it becomes a breach condition, not documenting exposure after the fact.

Practical implication: replace periodic AI reviews with continuous monitoring of data access, policy drift, and model-connected tools.

Autonomous AI agents as non-human identities

AI agents are not just workloads. When they independently decide what data to retrieve and what actions to take, they behave as high-risk non-human identities. The security issue is not only privilege size, but privilege timing and scope drift during execution. Unlike static service accounts, agents can expand their reach as workflows change, approvals disappear, or downstream systems chain new actions. That makes traditional least-privilege design harder to apply at provisioning time.

Practical implication: govern agents as identity subjects with scoped data access, reviewed entitlements, and explicit escalation boundaries.

Data-centric AI security and regulated information flow

A data-centric approach anchors AI security in the classification, lineage, and movement of sensitive information. Rather than trying to secure each model independently, teams focus on the data that feeds training, inference, prompts, and augmentation. This is the part of the stack regulators care about because it determines whether personal data, intellectual property, or other regulated records are used defensibly. It also gives security teams a clearer control plane for deciding where AI should be allowed to operate at all.

Practical implication: classify data first, then map every AI system to the datasets, prompts, and outputs it can reach.

Breaches seen in the wild

• Moltbook AI agent keys breach — Moltbook breach exposed 1.5M AI agent keys.
• AI LLM hijack breach — attackers used stolen AWS access keys to hijack Anthropic LLM models on Bedrock.

Read our 52 NHI Breaches Analysis report for a comprehensive view of breaches impacting Non-Human Identities including AI Agents.

NHI Mgmt Group analysis

AI security is becoming a data-governance problem before it is a model-governance problem. Cyera’s report reinforces a pattern NHIMG sees repeatedly: organisations can deploy AI faster than they can prove what data it can touch. That shifts the control question from model behaviour to identity, classification, and lineage. Practitioners should treat data visibility as the prerequisite control for everything else.

Autonomous AI agents turn access scope into a moving target. The report is right that these agents are harder to secure, but the deeper issue is that their runtime behaviour can outgrow provisioning assumptions. An access model that was valid at setup can become wrong mid-session when the agent pulls additional data or triggers downstream actions. Practitioners should assume that static entitlement design will miss the real control boundary.

AI security posture management is now the operational layer that periodic audit cannot supply. AI-SPM is useful because it watches changing access, policy compliance, and data movement continuously rather than episodically. That reflects the direction the market is moving: governance will be judged by evidence of live control, not by documented intent. Practitioners should build for continuous detection and exception handling, not annual attestation.

Shadow AI and overprovisioned agents create a distinct form of identity blast radius. This is the named concept this topic deserves. When AI tools proliferate outside central governance, the organisation loses track of which identity has access to which sensitive datasets, and the blast radius becomes both wider and less attributable. Practitioners should reframe AI governance as blast-radius management across non-human identities, not as model inventory alone.

From our research:

• 85% of organisations lack full visibility into third-party vendors connected via OAuth apps, according to The State of Non-Human Identity Security.
• Only 1.5 out of 10 organisations are highly confident in their ability to secure NHIs, compared to nearly 1 in 4 for securing human identities, according to The State of Non-Human Identity Security.
• For the lifecycle side of the problem, NHI Lifecycle Management Guide is the next step when AI systems need provisioning, review, and offboarding discipline.

What this signals

Shadow AI creates an identity visibility problem before it creates a model risk problem. With 85% of organisations lacking full visibility into third-party vendors connected via OAuth apps, the boundary problem is already familiar to IAM teams. The same governance failure now appears in AI tooling, where data access, delegated trust, and hidden integrations widen the blast radius faster than review processes can catch up.

AI security programmes need to be built around data reach, not tool count. A useful next step is to map every AI system to the sensitive datasets it can touch and then compare that map with the entitlements already documented in the NHI Lifecycle Management Guide. That is where identity governance becomes operational, because access scope is only meaningful when it is tied to specific data paths and review triggers.

The signal for practitioners is that AI governance will increasingly be measured by continuous evidence, not policy statements. Teams that can show live visibility, lifecycle control, and exception handling across AI identities will be able to defend their programme when regulators, auditors, or business leaders ask where sensitive data really goes.

For practitioners

• Classify AI systems as identity-bearing actors Assign each model, copilot, and agent a named owner, a data scope, and a review path. Link access to the classification of the data it can reach, then revoke broad entitlements that are not tied to an explicit business use case.
• Move from periodic audits to continuous AI-SPM Monitor AI tools, prompts, outputs, and connected datasets in real time so changes in policy, scope, or data movement are visible before incident response is needed. Use this control to detect shadow AI and permission drift.
• Limit agent reach by dataset and function Scope autonomous agents to the minimum dataset set required for the task and separate read, write, and trigger permissions. Remove inherited access when the workflow changes so the original entitlement does not outlive the use case.
• Build cross-functional AI governance around data risk Bring security, data, legal, and engineering into one approval path for AI deployments that handle regulated information. Use a shared register of AI systems, data types, and policy exceptions to prevent local decisions from widening enterprise exposure.

Key takeaways

• AI security fails when organisations focus on models but cannot see the data those models access.
• Autonomous agents behave like high-risk non-human identities because their runtime decisions can expand scope beyond provisioning assumptions.
• Continuous AI-SPM, data classification, and lifecycle governance are now the practical controls that separate safe AI use from unmanaged exposure.

Key terms

• AI Security Posture Management: AI Security Posture Management is the continuous discovery and control of AI tools, data access, and policy compliance across an environment. It extends posture management into AI-specific workflows so teams can detect scope drift, shadow AI, and data exposure before those issues become incidents.
• Autonomous AI Agent: An autonomous AI agent is an AI system that can decide what action to take, what tools or data to use, and when to execute without a human approval gate. In governance terms, it behaves like a non-human identity whose access scope can change during runtime.
• Data-Centric Security: Data-centric security is the practice of protecting the information itself rather than relying only on the applications or models that use it. For AI, that means classifying sensitive data, tracking lineage, and enforcing access rules wherever the data moves.
• Shadow AI: Shadow AI is AI use that occurs outside approved governance and monitoring paths. It includes models, copilots, and agents that can access sensitive data without being fully inventoried, reviewed, or constrained by security and compliance teams.

Deepen your knowledge

AI security best practices, data-centric governance, and non-human identity control are core topics in our NHI Foundation Level course, the industry's only accredited NHI security programme. If you are building a governance model for AI agents and sensitive data, it is worth exploring.

This post draws on content published by Cyera: AI Security Best Practices: Why a Data-Centric Approach Is the Foundation for Secure AI Innovation. Read the original.