TL;DR: Manual lineage mapping across datasets, models, agents and use cases is a persistent AI governance problem: it is slow, error-prone and weakens auditability, compliance and impact analysis, according to Collibra. The underlying issue is that AI programmes still assume traceability can be maintained by hand at the pace of model deployment.
NHIMG editorial — based on content published by Collibra: Automated traceability for Azure AI Foundry: From data to use cases
By the numbers:
- Only 13% of organisations feel extremely prepared for the reality of agentic AI despite the majority racing toward autonomous adoption.
- 69% of security leaders agree identity management must fundamentally shift to address agentic AI systems.
- 72% of organisations have experienced or suspect they have experienced a breach of non-human identities, with 46% confirmed and 26% suspected.
Questions worth separating out
Q: How should organisations govern AI traceability when models and data change quickly?
A: Build traceability into the ingestion and promotion path, not into a separate cleanup process.
Q: Why does manual lineage mapping fail in AI governance programmes?
A: Manual lineage mapping fails because relationship counts grow faster than teams can certify them.
Q: What do security teams get wrong about AI traceability?
A: They often treat traceability as reporting instead of control.
Practitioner guidance
- Map AI asset relationships at ingestion Capture dataset, model, agent and use-case links when assets enter the platform, not after deployment.
- Tie traceability to approval workflows Require traceability checks before model promotion, dataset substitution and agent rollout.
- Treat stale lineage as governance debt Inventory orphaned datasets, unmapped models and use cases with no clear origin chain.
What's in the full article
Collibra's full blog post covers the operational detail this post intentionally leaves for the source:
- How automated lineage stitching works across Azure AI Foundry assets during ingestion.
- The specific dataset matching and notification behaviours that support lifecycle tracking.
- Example use cases for compliance, fraud detection and regulated AI oversight.
- Preview scope and how the feature is positioned for broader availability.
👉 Read Collibra's analysis of automated traceability in Azure AI Foundry →
Azure AI Foundry traceability: what governance teams need to rethink?
Explore further
Automated traceability is becoming a governance control, not a convenience feature. The core problem is not simply that AI environments are complicated. It is that identity, provenance and lifecycle accountability now depend on relationship data that humans cannot maintain reliably at scale. When those links are manual, governance becomes partial by design, and auditability degrades before the business notices. Practitioners should treat traceability as part of the control plane, not the documentation layer.
A few things that frame the scale:
- Only 13% of organisations feel extremely prepared for the reality of agentic AI despite the majority racing toward autonomous adoption, according to The 2026 Infrastructure Identity Survey.
- Only 69% of security leaders agree identity management must fundamentally shift to address agentic AI systems, which shows how far governance still has to move.
A question worth separating out:
Q: Who should own traceability for AI models, data and agents?
A: Ownership should sit with the teams accountable for lifecycle decisions, not only with central compliance. If no one can answer who approved the dataset, the model deployment and the agent use case, then accountability exists on paper but not in practice.
👉 Read our full editorial: Automated AI traceability exposes the governance gap in Azure AI Foundry