AI agents and GenAI data access: are your controls keeping up?

TL;DR: Policy-based access control must sit around AI query input, retrieval, and response layers to prevent data leaks in RAG and LLM workflows, especially when agents act as NHIs and permissions must remain tied to user identity, according to PlainID. The governance problem is not AI alone but unchecked authorization paths that outgrow traditional Zero Trust assumptions.

NHIMG editorial — based on content published by PlainID: Secure Policy-Driven AI Data Access

By the numbers:

• Only 5.7% of organisations have full visibility into their service accounts.
• 97% of NHIs carry excessive privileges, increasing unauthorised access and broadening the attack surface.
• 79% of organisations have experienced secrets leaks, with 77% of these incidents resulting in tangible damage.

Questions worth separating out

Q: How should security teams enforce access control in GenAI workflows?

A: Security teams should enforce access control at three points: before the query is accepted, before data is retrieved into context, and before the response is released.

Q: Why do AI agents complicate IAM and NHI governance?

A: AI agents complicate governance because they can behave like non-human identities while also reshaping what data gets retrieved and disclosed.

Q: What breaks when retrieval controls are too broad in RAG systems?

A: When retrieval controls are too broad, the model can ingest documents the user was never meant to access and then summarize or recombine them into a visible answer.

Practitioner guidance

• Map authorization to the full AI request path Define control points for prompt submission, retrieval, and response delivery so that each stage is policy checked against the user’s identity and entitlement.
• Limit retrieval to policy-approved data scopes Classify source documents and embeddings by sensitivity, then enforce retrieval filters that prevent the model from seeing content outside the user’s allowed scope.
• Inspect and mask generated outputs before release Add output-layer controls that detect secrets, regulated fields, and restricted content patterns before the response reaches the user or another system.

What's in the full article

PlainID's full blog post covers the operational detail this post intentionally leaves for the source:

• Policy design examples for enforcing authorization across AI query, retrieval, and output stages
• How PlainID frames PBAC for RAG and LLM environments in practice
• Product-oriented guidance on controlling AI-generated responses to reduce leakage risk
• The vendor's own walkthrough of dynamic authorization use cases for cybersecurity and data protection

👉 Read PlainID's analysis of policy-based access control for AI data security →

AI agents and GenAI data access: are your controls keeping up?

Explore further

View Full Forum →  |  NHI Foundation Course →