Notifications

Clear all

AI security best practices: are data-centric controls enough?

Last Post

RSS

NHI Mgmt Group

(@nhi-mgmt-group)

Member Moderator

Joined: 1 year ago

Posts: 2827

Topic starter 07/06/2026 8:50 pm

TL;DR: 83% of enterprises already use AI, but only 13% have strong visibility into how it touches their data, while 76% say autonomous AI agents are the hardest to secure, according to Cyera’s 2025 State of AI Data Security Report. The gap is no longer about model adoption, but about governance that can see and constrain data access in real time.

NHIMG editorial — based on content published by Cyera: AI Security Best Practices: Why a Data-Centric Approach Is the Foundation for Secure AI Innovation

By the numbers:

83% of enterprises already use AI, while only 13% report strong visibility into how it touches their data.
82.6% of phishing emails are now AI-crafted.

Questions worth separating out

Q: How should security teams govern AI agents that can access sensitive data?

A: Treat AI agents as non-human identities with explicit owners, scoped datasets, and continuous monitoring.

Q: Why do AI systems create new IAM and data governance problems?

A: AI systems can consume, transform, and expose sensitive data across multiple environments without the same human review loops used for staff access.

Q: What breaks when autonomous AI agents are given broad access?

A: Broad access turns every agent decision into a potential blast-radius event because the agent can fetch data, trigger actions, and amplify mistakes without direct human oversight.

Practitioner guidance

Classify AI systems as identity-bearing actors Assign each model, copilot, and agent a named owner, a data scope, and a review path.
Move from periodic audits to continuous AI-SPM Monitor AI tools, prompts, outputs, and connected datasets in real time so changes in policy, scope, or data movement are visible before incident response is needed.
Limit agent reach by dataset and function Scope autonomous agents to the minimum dataset set required for the task and separate read, write, and trigger permissions.

What's in the full article

Cyera's full research covers the operational detail this post intentionally leaves for the source:

The report's AI Security Posture Management guidance for continuous monitoring across AI tools and datasets
Specific examples of how overprovisioned AI agents and shadow AI expand exposure in real environments
The report's breakdown of regulatory, legal, and reputational risk tied to AI data handling
The original survey findings behind the 83% adoption and 13% visibility gap

👉 Read Cyera's research on AI security best practices and data-centric governance →

AI security best practices: are data-centric controls enough?

Explore further

View Full Forum → | NHI Foundation Course →

Quote

Topic Tags

Forum Statistics

9 Forums

4,037 Topics

5,180 Posts

7 Online

109 Members

Latest Post: Identity consolidation at acquisition speed: what IAM teams should note Our newest member: Mr NHI Recent Posts Unread Posts Tags

Forum Icons: Forum contains no unread posts Forum contains unread posts

Topic Icons: Not Replied Replied Active Hot Sticky Unapproved Solved Private Closed

#1 Authority in NHI Education, Research and Advisory, empowering organizations to tackle the critical risks posed by Non-Human Identities (NHIs), including AI Agents.

Get in Touch

Quick Links

FAQ

NHI 101 Articles

Legal & Policies