AI trust layers and identity controls now anchor enterprise AI security

At a glance

What this is: Cyera’s funding announcement argues that enterprise AI needs a trust layer to govern what AI can see and do, with data classification and identity controls positioned as the missing foundation.

Why it matters: For IAM, NHI, and autonomous-system programmes, the article reinforces that AI governance is no longer a pure data or model problem. It is an access problem that spans sensitive data, identity controls, and usage policy.

By the numbers:

• Over the last year alone, Cyera shipped more than 100 new product capabilities across DSPM, privacy, identity, DLP, and agentic security.

👉 Read Cyera's analysis of the trust layer needed for enterprise AI security

Context

Enterprise AI governance fails when security teams treat data, identity, and usage policy as separate problems. Once AI systems can reach sensitive data and act across applications, the real question becomes what they are allowed to see, what they can infer, and what they can do with it.

Cyera’s announcement frames that gap as a trust-layer problem rather than a model-quality problem. That matters for IAM and NHI practitioners because AI access control is increasingly about governing data exposure, identity permissions, and agent behaviour in the same control plane.

Key questions

Q: How should security teams govern AI access to sensitive data?

A: Start by classifying the data AI can reach, then bind those classes to identity-based permissions, DLP policy, and usage rules. If the AI system can query multiple datasets or act in business applications, governance must cover both information exposure and action scope. Without that linkage, teams may authenticate AI successfully while still allowing excessive access.

Q: Why do traditional security controls fall short for enterprise AI?

A: Traditional controls were built to block or allow access, not to interpret meaning, context, and downstream action at AI scale. That creates a gap when the system needs selective access to sensitive information and can also move into connected applications. The result is either overrestriction that slows adoption or undercontrol that spreads risk.

Q: When should AI usage governance be treated as an IAM issue?

A: As soon as AI systems can query sensitive data, use delegated credentials, or take actions inside enterprise applications. At that point, the programme is no longer only about model behaviour or data classification. It also has to answer who or what is authorised, what it may access, and what it may do with that access.

Q: What should organisations prioritise first: classification, DLP, or AI policy?

A: Classification should come first because it defines what is sensitive and what needs tighter controls. DLP and AI policy then use that classification to decide how data may move and what actions AI may trigger. If classification is weak, the other controls cannot make reliable decisions.

How it works in practice

Why classification is the prerequisite for AI trust

Classification is the process of identifying sensitive information by meaning, context, and business relevance rather than only by file labels or regex patterns. In AI environments, that matters because the system may ingest unstructured data, generate new combinations of information, and surface content that traditional controls never mapped as sensitive. A classification engine therefore becomes the first policy input for downstream decisions about DLP, access control, and AI usage governance. Without that layer, organisations are either overblocking AI or allowing uncontrolled data reach.

Practical implication: build classification coverage before expanding AI access, or every downstream control will operate on incomplete signal.

Identity and access controls for AI usage governance

AI usage governance depends on tying model access, application access, and data access back to identity. That means controls must answer who or what is invoking the AI system, which datasets it can query, and which actions it can trigger in connected applications. In practice, this moves governance beyond simple authentication into authorisation, entitlement scope, and session-level control. If those controls are not linked, AI can be authenticated but still over-entitled to sensitive information or enterprise actions.

Practical implication: align AI access policy with identity entitlement reviews so data reach and action scope are governed together.

DLP and agentic security in enterprise applications

Data loss prevention in AI settings has to work on data in motion and on AI-mediated workflows, not only on email or endpoint exfiltration paths. Agentic security extends that concern to systems that can initiate actions inside business applications, where the risk is not just disclosure but misuse of legitimate access. The technical shift is from perimeter inspection to contextual policy enforcement across applications, prompts, responses, and delegated actions. That is why AI security programs increasingly converge with identity governance.

Practical implication: extend DLP policies into AI-connected applications and agent workflows before broad deployment creates irreversible exposure.

NHI Mgmt Group analysis

AI trust is now an identity governance problem, not just a data security problem. Cyera’s framing is useful because it places access, classification, and usage controls in the same category. Once AI can see and act on enterprise data, the control question becomes who can reach which information and under what context. Practitioners should treat AI governance as an extension of identity governance, not a separate security programme.

Classification is the named control gap that determines whether AI can be governed at all. The article makes clear that legacy security controls were built to block or allow, not to interpret meaning at scale. That binary fails when AI needs selective access to sensitive information without unrestricted reach. The practitioner conclusion is straightforward: without meaningful classification, authorisation is guesswork.

Agentic security collapses the distance between data exposure and action risk. The moment an AI system can move from reading data to acting inside enterprise applications, governance has to include both the data plane and the action plane. This is where NHI thinking becomes relevant for AI programmes, because access no longer ends at authentication. Practitioners should re-evaluate whether existing controls can bound what AI is able to do after it is trusted in.

The market is moving toward converged controls for data, identity, and AI behaviour. The announcement signals that practitioners are no longer buying isolated point controls for AI visibility alone. They need an operating model that connects DSPM, IAM, DLP, and usage governance into one decision framework. That shift will reward teams that can align identity governance with data governance before AI adoption outpaces control maturity.

From our research:

• Over the last year alone, Cyera shipped more than 100 new product capabilities across DSPM, privacy, identity, DLP, and agentic security, according to The State of Secrets in AppSec.
• 43% of security professionals are concerned about AI systems learning and reproducing sensitive information patterns from codebases.
• That concern reinforces why teams should pair AI usage governance with identity and secrets controls, as explored in The State of Secrets in AppSec.

What this signals

AI trust layers will increasingly become the convergence point for DSPM, IAM, and DLP. Teams that keep these programmes separate will struggle to prove where AI access ends and application misuse begins. The operational question is no longer whether AI can be enabled, but whether it can be governed with the same precision as other high-risk identities.

Our view is that classification-driven governance is becoming the control plane for enterprise AI. Once sensitive data, identity permissions, and usage policy are linked, organisations can make access decisions that are both narrower and more defensible. The teams that prepare now will be better positioned to support AI adoption without creating uncontrolled data reach.

With 43% of security professionals concerned about AI systems learning and reproducing sensitive information patterns from codebases, the pressure is shifting from policy intent to enforceable controls. That is why the next phase of AI governance will reward programmes that can tie classification to action limits in real workflows.

For practitioners

• Map AI access paths to data classification tiers Identify which sensitive data classes are reachable by each AI application, then align those classes to explicit authorisation rules and review cycles. If a system can infer or generate sensitive content, treat that as part of the access path, not an edge case.
• Tie AI application entitlements to identity reviews Include AI tools, service identities, and delegated application permissions in access certification so teams can see who can invoke AI, which data sources it can query, and which actions it can take.
• Extend DLP to AI-mediated workflows Apply policy to prompts, outputs, and connected application actions so data loss prevention covers more than file transfer and email. Prioritise use cases where AI can move information into systems of record or business workflows.
• Define approval boundaries for agentic actions Document which AI-initiated actions are allowed, which require human approval, and which must remain blocked even when the underlying identity is authenticated. This prevents delegated access from becoming open-ended execution.

Key takeaways

• Enterprise AI governance fails when classification, identity, and usage control are managed as separate problems.
• AI access becomes materially riskier once systems can both reach sensitive data and act inside business applications.
• Practitioners should align classification, IAM, and DLP before broad AI adoption expands the exposure surface.

Key terms

• AI Trust Layer: An AI trust layer is the control set that decides what an AI system can see, infer, and do across enterprise data and applications. It usually combines classification, identity-based access control, DLP, and usage policy so AI behaviour stays within approved boundaries.
• Classification Engine: A classification engine identifies sensitive information by meaning and context rather than just file names or labels. In AI programmes, it becomes foundational because downstream access and usage decisions are only as accurate as the sensitivity signal feeding them.
• Agentic Security: Agentic security is the governance of AI systems that can initiate actions, not just produce outputs. It extends beyond prompt safety into permission boundaries, approval gates, and control over what the system may do inside connected business applications.
• AI Usage Governance: AI usage governance is the policy and control layer that determines how people, applications, and agents may use AI systems. It covers data access, allowed actions, review boundaries, and accountability so adoption does not outpace control.

Deepen your knowledge

NHI governance, agentic AI identity, and machine identity security are core topics in our NHI Foundation Level course, the industry's only accredited NHI security programme. If you are responsible for identity security strategy or governance maturity, it is worth exploring.

This post draws on content published by Cyera: Building the Trust Layer for Enterprise AI, Why We Raised $600M at a $12B Valuation. Read the original.