TL;DR: The security problem is no longer raw access volume, but unmanaged AI-mediated data exposure that existing controls cannot reliably see or classify; Cyera says its Omni DLP integration with Anthropic’s Claude Compliance API brings auditable visibility to Claude Enterprise conversations, files, and user activity, while Cyera Research found workers use only about 4% of the access they are granted.
At a glance
What this is: Cyera argues that bringing Claude Enterprise activity into DLP creates auditable visibility for AI-mediated data use and risk scoring across conversations, files, and user activity.
Why it matters: For IAM, NHI, and human access teams, the issue is that AI can surface dormant access and sensitive data paths that traditional review, DLP, and monitoring flows were never built to observe.
By the numbers:
- Cyera Research analyzed 2.4 million workers and found that employees use about 4% of the access they've been granted.
- Some environments have assigned admin privileges to nearly 30% of users, six times the recommended level.
👉 Read Cyera's analysis of Claude Enterprise visibility and AI data governance
Context
Claude Enterprise changes the data-governance problem because AI interaction is now part of the control surface. The core issue is not whether users can reach data, but whether security teams can see when data moves into prompts, files, and AI-assisted decisions inside a managed enterprise workflow.
That matters for identity programmes because access that looks dormant in one system can become highly active once AI is added to the path. Existing IAM and DLP models were built to review direct access, not to trace how human identities, shared files, and AI-mediated actions combine across an enterprise control plane.
Key questions
Q: How should security teams handle sensitive data in enterprise AI chats?
A: Security teams should treat enterprise AI chats as a governed data path, not just a productivity feature. That means classifying prompts, files, and outputs, linking them to user identity, and feeding the events into DLP, SIEM, and case management. Without those controls, sensitive data can move through AI without leaving an auditable trail.
Q: Why do dormant permissions become riskier when employees use generative AI?
A: Dormant permissions become riskier because AI can turn rarely used access into active data exposure without changing the entitlement itself. A user may not look privileged on paper, but the AI session can repackage sensitive files, databases, or messages into a more consequential workflow. The risk is in reuse, not just possession.
Q: How can organisations tell normal AI use from suspicious AI use?
A: Organisations need context-aware classification that combines role, timing, data type, and activity patterns. A legal reviewer working on case files may be routine, while uploading production credentials at an unusual hour is not. Behavioural context reduces noise and helps security teams focus on AI actions that materially change exposure.
Q: What should IAM and compliance teams audit before enabling enterprise AI at scale?
A: They should audit whether AI activity can be tied back to identity, data class, and policy status in one workflow. If the organisation cannot answer who used AI, what data was involved, and what happened next, then enterprise AI is operating beyond the current governance model. Auditability has to be designed in before broad rollout.
How it works in practice
Claude Compliance API and data visibility across AI sessions
The Claude Compliance API acts as an integration point that surfaces conversation, file, and user-activity context into a separate security control plane. In practical terms, that means data classification and policy enforcement can run against AI interactions rather than only against storage systems or endpoint events. The technical shift is from point-in-time inspection to session-level monitoring of prompts, attachments, and outputs. That matters because the security question is no longer just whether data exists in a repository, but whether it is being reused in an AI session that changes its exposure profile.
Practical implication: teams need to map AI conversation logs into existing DLP and SIEM workflows before deploying enterprise chat assistants at scale.
Context-aware classification for PII, PHI, and financial data
Cyera describes AI-powered classification that weighs context and intent, not just file patterns. That distinction matters because the same dataset can be benign in one role and risky in another. A legal reviewer accessing case files may be expected, while an engineer uploading production credentials into a chat workflow is a materially different event. Context-aware classification is designed to reduce false positives by correlating identity, timing, and content. The architectural point is that classification quality depends on behaviour context, not just regex-like detection.
Practical implication: organisations should tune alert logic around role, content type, and session context instead of relying on static keyword matches.
Auditable AI activity as a governance control
Once AI interactions are auditable, security and compliance teams can reconstruct who accessed what, when they did it, and what the system did with the data. That creates a governance record that can support investigations, audit requests, and policy enforcement across AI and non-AI systems. The key mechanism is correlation. AI events become more useful when they can be linked to identity, database activity, and file transfer telemetry. Without that linkage, AI usage remains a blind spot even if the underlying platform is otherwise monitored.
Practical implication: build evidence chains that connect AI sessions to user identity, downstream actions, and policy outcomes in the same investigation workflow.
NHI Mgmt Group analysis
AI visibility is now a data-governance problem, not just an application-control problem. Once employees can move sensitive content into Claude Enterprise, the question shifts from whether the model is safe to whether the organisation can observe data movement across the session. That is a DLP and audit issue first, and an AI feature issue second. The practitioner implication is that AI oversight has to live in the same operational layer as identity and data monitoring, not beside it.
Ephemeral prompt use creates visibility gaps that traditional access reviews will miss. A user can interact with sensitive material inside AI without changing their entitlement state in a way that an access review would surface. The access still exists, but the risk appears in the interaction layer, where many governance programmes have weak telemetry. The practitioner implication is that review cadence alone does not reveal AI-mediated misuse.
Identity blast radius now extends through AI-mediated reuse of ordinary permissions. A worker using only a small fraction of granted access can still turn that access into high-risk exposure when AI recontextualises documents, files, and database output. That is why the practical boundary is not entitlement count, but how far a single identity can project sensitive data into new workflows. The practitioner implication is that blast-radius thinking must include AI sessions, not just systems of record.
Standing access assumptions become more fragile when AI can amplify dormant privileges. The assumption that most granted access remains low-risk until directly invoked breaks down once users can route data through AI assistants at scale. This is not about adding another control. It is about recognising that existing IAM posture may already contain dormant exposure that AI makes operationally reachable. The practitioner implication is to re-evaluate which permissions are truly necessary, observable, and defensible in AI-enabled workflows.
Context-aware DLP is becoming a governance filter for enterprise AI adoption. The market is moving toward controls that can distinguish authorised professional use from unusual or risky behaviour in the same tool. That does not replace IAM, but it changes where the control boundary sits. The practitioner implication is to treat AI data controls as a prerequisite for controlled adoption, not as an after-the-fact monitoring layer.
From our research:
- 72% of organisations have experienced or suspect they have experienced a breach of non-human identities, according to The 2024 ESG Report: Managing Non-Human Identities.
- Enterprises that have experienced a compromised NHI averaged 2.7 separate incidents in the past 12 months, according to The 2024 ESG Report: Managing Non-Human Identities.
- For a broader control lens, review NHI Lifecycle Management Guide for provisioning, rotation, and offboarding patterns that also matter once AI workflows begin handling sensitive data.
What this signals
AI session governance is becoming part of the identity perimeter. As enterprise chat and file workflows move into monitored control planes, teams will need to decide whether AI interactions are logged with the same rigour as privileged access. The practical shift is from defending endpoints to defending data movement through identity-bearing sessions, which requires tighter linkage between DLP, IAM, and case management.
Identity blast radius is now measured by how far a user can project data through AI. That makes dormant access and unusual activity more relevant than raw entitlement counts. The programme signal is clear: access reviews need an AI exposure layer that asks where sensitive information can be reauthored, summarised, or redistributed by an assistant, not just whether a human can open a file.
The broader market signal is that data security posture management and identity governance are converging around the same use case. Teams that already use the NIST Cybersecurity Framework 2.0 for governance will need to extend evidence collection into AI sessions, while NHI teams should track the same exposure patterns through the OWASP Non-Human Identity Top 10 where machine-mediated access is involved.
For practitioners
- Instrument AI session telemetry into existing DLP workflows Capture prompts, files, identity, and response context from enterprise AI tools so that investigations can follow the full data path instead of only repository events.
- Correlate AI usage with identity and file-transfer activity Link Claude sessions to database queries, downloads, and user identity so unusual combinations such as odd-hour uploads or cross-system enrichment stand out quickly.
- Tune alerts around role and content context Differentiate expected legal, compliance, and analyst use from high-risk behaviour such as credential uploads or financial data sharing inside an AI session.
- Review dormant access through an AI exposure lens Reassess permissions that appear unused in normal operations but can become high-impact once routed through generative AI workflows and shared files.
Key takeaways
- Enterprise AI creates a new visibility layer for sensitive data, and without it, DLP and audit teams cannot see the real exposure path.
- Cyera’s cited access data shows why this matters at scale, with workers using only 4% of granted access while AI can make dormant permissions operationally relevant.
- The practical response is to connect AI sessions to identity, data classification, and downstream activity before treating enterprise chat as a routine business control.
Standards & Framework Alignment
This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.
OWASP Non-Human Identity Top 10 address the attack and risk surface, while NIST CSF 2.0 and NIST Zero Trust (SP 800-207) set the governance and control requirements practitioners need to meet.
| Framework | Control / Reference | Relevance |
|---|---|---|
| OWASP Non-Human Identity Top 10 | NHI-01 | AI sessions expose sensitive data through identity-bearing workflows. |
| NIST CSF 2.0 | PR.DS-1 | DLP and data handling controls map directly to sensitive AI-session monitoring. |
| NIST Zero Trust (SP 800-207) | PR.AC-4 | Zero Trust demands continuous context checks for identity and data access. |
Classify AI-connected identities and trace their data exposure paths before broader rollout.
Key terms
- AI session governance: AI session governance is the set of controls that monitor, classify, and audit what happens inside enterprise AI interactions. It treats prompts, files, identity context, and outputs as governed events so security teams can assess exposure, policy fit, and downstream risk instead of relying on storage-only controls.
- Identity blast radius: Identity blast radius is the amount of sensitive data, systems, or workflows a single identity can influence once access is exercised. In AI-enabled environments, the metric expands beyond permissions on paper to include how far a user can project, reframe, or redistribute information through a model interaction.
- Context-aware classification: Context-aware classification is a data-control method that weighs role, timing, content, and behaviour before assigning risk. It improves over pattern-only detection because the same data can be acceptable in one work context and unsafe in another, especially when AI tools are used to transform or route it.
- Auditable AI interaction: An auditable AI interaction is a model session that can be traced back to a user, a data class, and a policy outcome. The record needs enough detail for investigation, compliance reporting, and incident response so AI use does not become an unreviewable side channel in the enterprise.
Deepen your knowledge
Claude Enterprise visibility, DLP correlation, and AI session auditability are core topics in our NHI Foundation Level course, the industry's only accredited NHI security programme. If your programme is extending into enterprise AI, the course gives you the governance baseline to do it without losing control.
This post draws on content published by Cyera: Cyera and Anthropic integrate to bring real-time AI security to Claude Enterprise. Read the original.
Published by the NHIMG editorial team on 2026-05-26.
NHI Mgmt Group — the independent authority on Non-Human Identity, IAM, and Agentic AI security. nhimg.org
