Data security is becoming the control plane for enterprise AI adoption

At a glance

What this is: This commentary argues that data security is the foundation for enterprise AI adoption because agents now need governed access to the data they use to act.

Why it matters: It matters to IAM, NHI, and human identity teams because AI success now depends on who or what can reach data, how that access is scoped, and whether guardrails survive agentic execution.

👉 Read Cyera's RSAC reflections on data security and agentic AI

Context

Enterprise AI is no longer just about model selection or chatbot rollout. The security gap is that organisations are trying to operationalise agentic workflows while still relying on controls built for static applications and predictable human request flows.

In that environment, data security becomes an identity problem as much as a data problem. If agents can act on behalf of the business, the programme has to govern what they can reach, when they can reach it, and how their access is constrained as models, tools, and use cases change.

Key questions

Q: How should security teams govern data access for agentic AI workflows?

A: Security teams should treat data access as part of the agent’s decision boundary, not as a separate storage problem. Scope access by use case, classify the datasets that influence actions, and verify that policies can constrain runtime behaviour as agents select tools and next steps. The goal is to prevent an agent from turning broad data reach into uncontrolled action.

Q: Why do legacy IAM controls struggle with autonomous AI systems?

A: Legacy IAM controls assume stable identities, predictable requests, and access patterns that can be reviewed after the fact. Autonomous AI breaks that assumption because it can decide what to do, which data to use, and when to act during runtime. That makes static permissions and periodic review insufficient unless they are tied to live decision paths.

Q: What do organisations get wrong when they secure AI only at the model layer?

A: They often protect the model while leaving the data and action layer under-governed. If an agent can retrieve sensitive information and act on it, model safety alone does not stop misuse. Effective governance has to control data exposure, tool use, and the authorisation path that turns context into action.

Q: How can teams tell whether AI access is actually under control?

A: Look for evidence that access is limited by purpose, not just by account. If you can show which data the system can reach, which actions it can trigger, and how policy changes when the use case changes, you have real governance. If you only have sign-off at deployment time, control is still mostly theoretical.

Technical breakdown

Why data context becomes the control layer for agentic workflows

Agentic workflows change the security boundary because the system does not just produce output, it decides what to do next. That means access to data becomes part of runtime behaviour, not merely a downstream permission check. Data context, in this setting, is the security meaning attached to the information an agent can retrieve, combine, and act on. Without that context, policy cannot distinguish between harmless retrieval and a decision path that exposes sensitive material. The architectural shift is from protecting storage alone to governing how data informs action across the workflow.

Practical implication: map which datasets are decision inputs for agents before expanding their access.

Why legacy security tools struggle with autonomous AI

Legacy controls were designed for applications and users with stable intent, not systems that select actions dynamically. An autonomous agent can change its behaviour within a session as tool use, memory, and data availability shift. That makes static allowlists and one-time approvals weak as control boundaries because they do not follow the decision path. The failure mode is not simply over-permissioning. It is that the security model assumes a fixed request, while the agent is continuously composing a new one from data, tools, and context.

Practical implication: evaluate whether your existing controls can observe and constrain runtime decision paths, not just initial authentication.

How platform consolidation affects AI security architecture

The move from point tools to broader platforms reflects a buyer preference for fewer control planes across AI risk, runtime protection, and data governance. Architecturally, this matters because fragmented tooling makes it harder to connect data classification, access policy, and agent activity into one decision loop. The more agentic the environment becomes, the more important it is to see identity, data, and policy together rather than in separate dashboards. Consolidation does not solve governance by itself, but it does expose whether an organisation can operationalise consistent control across the stack.

Practical implication: test whether your AI governance stack can enforce one policy model across data, identity, and agent execution.

Breaches seen in the wild

• Moltbook AI agent keys breach — Moltbook breach exposed 1.5M AI agent keys.
• AI LLM hijack breach — attackers used stolen AWS access keys to hijack Anthropic LLM models on Bedrock.

Read our 52 NHI Breaches Analysis report for a comprehensive view of breaches impacting Non-Human Identities including AI Agents.

NHI Mgmt Group analysis

Data context has become the new access boundary for AI governance. The article is right to place data security at the centre of AI adoption, but the deeper identity issue is that agents cannot be governed meaningfully if the data they can reach is treated as a passive asset. In practice, data now determines what an agent can infer, decide, and execute. Practitioners should treat data context as part of entitlement design, not as a separate downstream control.

The assumption that AI systems can be enabled with static security guardrails is already breaking. That assumption was designed for systems whose access patterns were mostly stable and whose intent could be approximated at provisioning time. It fails when agents choose actions dynamically from available data and tools, because the access decision is no longer front-loaded. The implication is that identity governance must stop assuming fixed runtime behaviour.

Agentic AI turns data security into a governance discipline, not just a classification exercise. The article reflects a wider market shift: enterprises are no longer asking whether AI can read data, but which data should shape autonomous decisions. That aligns with OWASP Agentic AI Top 10 concerns and with NIST AI Risk Management Framework thinking about governance, measurement, and trustworthiness. Practitioners should reframe AI enablement as a controlled delegation problem.

Platform consolidation is a symptom of governance fragmentation, not just vendor fatigue. Buyers want fewer tools because AI security requires identity, data, and policy decisions to line up in real time. When controls are split across point solutions, the organisation loses the ability to answer basic questions about who or what accessed which data for which action. The market is moving toward integrated control planes because the workload has already become integrated.

The next AI security maturity step is proving that access controls survive agentic execution. Traditional programme language still talks about enabling AI after securing data, but the real test is whether those controls remain enforceable once an agent starts chaining actions. That is where identity and data governance converge. Practitioners should expect board-level scrutiny on whether AI access is merely permitted or actually bounded.

From our research:

• 70% of organisations grant AI systems more access than they would give a human employee performing the exact same job, according to the 2026 Infrastructure Identity Survey.
• 67% of organisations still rely heavily on static credentials despite the risks they pose to agentic AI deployments, according to the 2026 Infrastructure Identity Survey.
• That pattern is why the OWASP Agentic AI Top 10 and NIST AI Risk Management Framework matter together when teams design runtime controls for AI decision-making.

What this signals

Policy drift becomes inevitable when AI adoption outruns governance design. With 70% of organisations already granting AI systems more access than they would give a human employee performing the exact same job, per the 2026 Infrastructure Identity Survey, teams should expect entitlement sprawl unless data access is re-scoped around use cases and runtime behaviour.

Data-centric AI governance will increasingly sit alongside identity governance rather than beneath it. That means security leaders need shared control language for classification, authorisation, and execution. The organisations that can connect those layers will move faster without turning every new AI workflow into a one-off exception.

Runtime visibility is the real maturity signal. If you cannot explain what data an agent used to make a decision, the governance model is still incomplete. The next phase of AI security is proving that access controls survive the transition from pilot to autonomous workflow, not merely that the pilot was approved.

For practitioners

• Define data context for agentic use cases Identify which datasets feed autonomous decisions and classify them by sensitivity, business function, and downstream action risk. Treat that mapping as a prerequisite for granting agent access.
• Tie policy to runtime decision paths Validate that your controls can observe, constrain, and log the sequence of agent actions rather than only the initial authentication event. Static permissions are not enough when behaviour changes mid-session.
• Consolidate identity, data, and policy checks Review whether fragmented tools leave gaps between classification, authorisation, and execution. The goal is one consistent policy model across data access and agent behaviour.
• Reassess human-style approval gates Determine where approval workflows still assume a person is the actor. For agentic workflows, redesign governance so decisions are enforceable at runtime instead of waiting for a manual checkpoint.
• Build AI governance metrics around action scope Measure what sensitive data agents can reach, what actions they can trigger, and how often those permissions change as use cases evolve. Those signals are more useful than model accuracy alone.

Key takeaways

• AI adoption is shifting the security problem from model oversight to data-governed execution.
• Static IAM patterns do not fit agentic workflows because runtime decisions change the access boundary.
• Practitioners need one control model that links data context, identity, and action scope.

Key terms

• Agentic Workflow: An agentic workflow is a sequence of tasks in which AI systems select actions, use tools, and move between steps with limited human intervention. In identity terms, the security question is not only what the system can read, but what it can decide to do with that access.
• Data Context: Data context is the security meaning attached to the information an AI system can access and use. It includes sensitivity, purpose, and how the data influences decisions. For autonomous systems, data context becomes part of the authorisation problem because access can directly shape action.
• Runtime Governance: Runtime governance is the set of controls that constrain behaviour while a system is operating, rather than only at deployment or review time. For AI agents, this means policy must follow the decision path, not just the initial login or provisioning event.
• Action Scope: Action scope is the set of outcomes an AI system is permitted to trigger based on its granted access and task context. In agentic environments, it is a better control target than simple account permission because it reflects what the system can actually do with data, tools, and timing.

Deepen your knowledge

AI governance that spans data context, agent behaviour, and identity controls is covered in our NHI Foundation Level course, the industry's only accredited NHI security programme. If you are building a programme for agentic workflows, the course is a practical place to start.

This post draws on content published by Cyera: RSAC Reflections, Data Is the Foundation for Successful AI. Read the original.