By NHI Mgmt Group Editorial TeamPublished 2026-06-29Domain: Agentic AI & NHIsSource: Collibra

TL;DR: A governed semantic layer gives LLMs and agents certified definitions, metrics, relationships and rules so they reason from business meaning instead of guessing, and a KU Leuven test cited by Collibra found accuracy improved from 62% to 92% with governed context in the loop. The governance issue is no longer data access alone, but whether AI can act on meaning that is trusted, current and authorised.


At a glance

What this is: This is an analysis of why AI systems need a governed semantic layer so LLMs and agents use certified business meaning instead of improvising it.

Why it matters: It matters because IAM, data governance and AI governance now intersect at the point where business meaning, access policy and runtime AI action must stay aligned.

By the numbers:

👉 Read Collibra's analysis of the semantic layer for AI and business context


Context

A semantic layer for AI is the governed meaning layer between raw data and the system that uses it, so terms, metrics and relationships are not guessed at runtime. For IAM and governance teams, the issue is not only whether AI can reach data, but whether it can interpret and act on certified meaning across the identity and data estate.

That matters because LLMs and agents can produce confident answers from the wrong business definition when context is missing. The article frames the semantic layer as the difference between AI that reads syntax and AI that behaves as if it understands the organisation, which is why it now sits inside broader identity and AI governance conversations, including open standards such as the [OWASP Agentic AI Top 10](https://genai.owasp.org/resource/owasp-top-10-for-agentic-applications-for-2026/).

For IAM practitioners, this is less about analytics tooling and more about governance at runtime. When AI systems consume business terms, metrics and policy as inputs to action, the control question becomes whether the meaning they rely on is certified, current and approved for use.


Key questions

Q: How should security teams govern AI systems that rely on business definitions at runtime?

A: Security teams should require certified definitions, approved metrics and policy metadata to be delivered together at runtime. The AI should not be allowed to invent business meaning from raw tables or prompts. Governance should cover lineage, ownership, freshness and allowed use, so meaning and permission stay aligned when the system acts.

Q: Why do semantic layers matter for AI agent governance?

A: Semantic layers matter because agents do not just read data, they use it to decide and act. If they infer the wrong definition, they can produce wrong outcomes with high confidence. A governed semantic layer reduces that risk by anchoring agents to certified business meaning before action begins.

Q: What breaks when AI uses raw data without governed context?

A: Without governed context, the system can choose the wrong definition, calculate the wrong metric or use data in an unapproved way. The result may look plausible, which makes the failure harder to detect. That is why context has to include meaning, quality and policy, not just access.

Q: Should organisations treat semantic governance as part of identity governance?

A: Yes. Once AI systems can retrieve, interpret and act on business information, the meaning they use becomes part of the control surface. Identity governance has to cover not only who can access data, but which meanings, metrics and actions are authorised for that identity at runtime.


Technical breakdown

Governed definitions and certified metrics in AI reasoning

A semantic layer turns business terms into machine-readable definitions, certified calculations and entity relationships. That gives an LLM or agent a shared reference for terms such as customer, churn or revenue, instead of letting it infer meaning from table names or column labels. The practical change is that the AI can resolve ambiguity before it generates an answer or action. Without this layer, model output may be plausible but non-compliant with the organisation's own definitions. With it, retrieval, text-to-SQL and agent reasoning all anchor to the same governed meaning.

Practical implication: certify the definitions and metrics that AI systems are allowed to use, then make those the only runtime sources of truth.

Semantic layer vs context layer for AI trust

A semantic layer defines meaning, while a context layer adds the governance needed to use that meaning safely. Context includes lineage, quality, ownership and policy, so the AI knows not just what a metric means but whether it is current, trusted and approved for this purpose. That distinction matters because many teams stop at semantic consistency and assume that is enough for AI trust. It is not. An AI system can be consistent and still act on stale, unowned or policy-violating data if the surrounding context is missing.

Practical implication: treat semantic definitions as only one control plane input, and pair them with lineage, quality and policy enforcement.

How semantic layers ground LLMs and agents at runtime

When an AI agent receives a prompt or task, the semantic layer resolves which meaning, table and metric apply before the system acts. That reduces hallucinated joins, wrong calculations and unapproved data use because the agent is not improvising its own interpretation of business language. For agentic systems, this is also an authorisation problem, not just an accuracy problem. If the meaning layer does not carry policy, the agent may still select a correct metric and use it in a disallowed context. Governance has to travel with the meaning it enables.

Practical implication: enforce runtime resolution of meaning and policy together, rather than allowing AI to separately infer both.


Threat narrative

Attacker objective: The end state is not classic compromise but reliable misinterpretation: the AI acts on incorrect meaning and propagates that error into business decisions or downstream automation.

  1. entry: the AI system reaches raw data or business terms without a governed semantic layer, so it must infer meaning from structure alone.
  2. escalation: the model selects a plausible definition, metric or join path and treats that interpretation as authoritative inside the session.
  3. impact: the system produces wrong decisions or actions that can enter reports, workflows or autonomous execution paths with no obvious error signal.

Read our 52 NHI Breaches Analysis report for a comprehensive view of breaches impacting Non-Human Identities including AI Agents.


NHI Mgmt Group analysis

Semantic meaning is now an identity control, not just a data-governance concern. Once LLMs and agents consume business meaning at runtime, the question becomes who certifies the meaning that drives action. That moves semantic layers out of the BI silo and into the control stack that governs who or what may act on behalf of the organisation. Practitioners should treat governed meaning as part of the identity surface, not a sidecar to analytics.

Meaning without policy creates a false sense of trust. The article correctly separates semantic definition from broader context, but the deeper governance point is that accurate meaning is not the same as authorised meaning. A model can know the certified revenue metric and still use it in an unapproved workflow. That distinction matters for NHI and agentic AI governance because runtime trust depends on both interpretation and permission. Practitioners should align semantic governance with policy enforcement, lineage and ownership.

Certified business language is becoming the minimum viable control for agentic systems. LLMs and agents do not fail only because they lack access. They fail because they are forced to invent business context that should have been governed upstream. The industry is heading toward a model where data, semantics and policy are co-managed as a single trust plane. Practitioners should expect semantic governance to become a prerequisite for scalable AI adoption, not an optimisation.

Runtime meaning creates a new governance boundary between human judgment and machine action. Dashboards can tolerate ambiguity because people resolve it. Agents cannot. When meaning is delivered to a system that can compose steps and act, ambiguity becomes operational risk. That shifts the control objective from making reports consistent to making machine decisions defensible. Practitioners should re-evaluate where their governance programme stops and where AI action begins.

Open standards matter because meaning lock-in is now a security issue. If certified definitions and context live inside a single platform, the intelligence layer becomes dependent on a closed governance boundary. That complicates portability, auditability and cross-platform control. The broader market signal is that identity, data and AI governance will increasingly converge on shared standards and runtime enforcement. Practitioners should prefer architecture that preserves control outside any single tool.

From our research:

  • In an independent test at KU Leuven, the same model on the same data answered correctly 92% of the time with a governed context layer in the loop and 62% without it, according to LLMjacking: How Attackers Hijack AI Using Compromised NHIs.
  • The failure rate dropped from 38.5% to 7.7% when governed context was present, a reminder that runtime meaning changes outcomes, not just reporting quality.
  • For adjacent agent-risk research, AI Agents: The New Attack Surface report shows 80% of organisations say their agents have already acted beyond intended scope.

What this signals

Semantic trust debt: organisations are now accumulating risk where business meaning, policy and machine action meet. The practical signal is that AI readiness programmes will increasingly be judged by whether certified definitions can be delivered at runtime, not by whether a model can answer questions elegantly. Teams that separate data governance from identity governance will miss the control point that matters most.

The 92% versus 62% accuracy gap from governed context in the loop shows that semantics is not a soft governance issue. It is a measurable control surface, and the more autonomous the system becomes, the more expensive ambiguity becomes. Practitioners should watch for AI workflows where the same metric can be interpreted more than one way, because that is where policy drift starts.

Identity teams should expect semantic governance to intersect with NHI and agentic AI programmes much sooner than many roadmaps assume. If an AI system can act only after resolving meaning through approved context, the control plane has to extend into data semantics, policy delivery and runtime authorisation together. That is where the next governance gap will surface.


For practitioners

  • Certify the business terms AI is allowed to use Start with the handful of metrics and definitions that drive decisions, then assign ownership, approval and review for each one. If the model uses a term that has not been certified, treat that as a governance defect, not a model quirk.
  • Bind meaning to policy, lineage and quality signals Do not let semantic definitions travel alone. Attach lineage, freshness and use-policy metadata so the system can tell whether a metric is current, trusted and authorised for the requested action.
  • Limit agent action to governed context paths Require AI agents to resolve definitions and approved data sources through a controlled context service before they can query, summarize or act on business information. That closes the gap between understanding and permission.
  • Review high-value AI workflows for definition drift Look for reports, copilots and agents that still rely on informal business language, especially where financial, customer or access decisions are involved. Any workflow that can tolerate a human correction loop is not yet safe enough for autonomous use.

Key takeaways

  • AI systems cannot be trusted to infer business meaning from raw data when the consequence is a decision or action.
  • Governed context improves accuracy materially, which makes semantic layers a control requirement rather than a documentation exercise.
  • Identity governance now extends into runtime meaning, so policy, lineage and certified metrics must travel together.

Standards & Framework Alignment

This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.

OWASP Agentic AI Top 10 address the attack and risk surface, while NIST AI RMF and NIST Zero Trust (SP 800-207) set the governance and control requirements practitioners need to meet.

FrameworkControl / ReferenceRelevance
OWASP Agentic AI Top 10A1Agent reasoning depends on governed context and tool use, which this article directly addresses.
NIST AI RMFThe article is fundamentally about trustworthy AI governance and runtime context.
NIST Zero Trust (SP 800-207)PR.AC-4Runtime authorisation for AI context aligns with least-privilege access decisions.

Bind agent actions to approved context and restrict tool use to governed data and meanings.


Key terms

  • Semantic Layer: A semantic layer is a governed translation layer that turns raw tables and fields into business meaning that machines can use. It defines terms, certified metrics and relationships so AI systems reason from the organisation's own definitions instead of guessing from structure alone.
  • Context Layer: A context layer extends a semantic layer by adding the governance needed for safe AI use. It includes lineage, quality, policy and ownership, so the system knows what the data means, whether it is trustworthy and whether it may be used for the requested action.
  • Certified Metric: A certified metric is the approved calculation the organisation recognises as authoritative for a business measure such as revenue or churn. For AI systems, certification matters because the same label can hide multiple calculations, and only one should drive automated reasoning or action.
  • Business Glossary: A business glossary is the managed set of organisational terms and definitions that gives people and systems a common vocabulary. In AI governance, it becomes more important because language models can turn ambiguous business words into operational decisions if the glossary is not enforced.

Deepen your knowledge

NHI governance, agentic AI identity, and machine identity lifecycle are core topics in our NHI Foundation Level course, the industry's only accredited NHI security programme. If you are responsible for identity security strategy or governance maturity in your organisation, it is worth exploring.

This post draws on content published by Collibra: The semantic layer for AI: Why LLMs and agents need business context to be trustworthy. Read the original.

NHIMG Editorial Note
Published by the NHIMG editorial team on 2026-06-29.
NHI Mgmt Group — the independent authority on Non-Human Identity, IAM, and Agentic AI security. nhimg.org