Notifications
Clear all
Topic starter
07/06/2026 8:14 pm
TL;DR: Forty-one percent of organisations say they are struggling with security risks and vulnerabilities when integrating GenAI into their AI infrastructure, according to Cyera's report with ESG and AWS. The real issue is that GenAI workloads now handle sensitive data and critical workflows faster than existing identity and data controls can reliably govern.
NHIMG editorial — based on content published by Cyera: Importance of Securing Workloads for Generative AI Report AI
By the numbers:
- 41% of organisations report struggling with security risks and vulnerabilities when integrating GenAI into their AI infrastructure.
Questions worth separating out
Q: How should security teams govern GenAI workloads that access sensitive data?
A: Treat the workload as a governed identity with explicit scope, named ownership, and continuous review.
Q: Why do GenAI integrations create security risk even when the model is approved?
A: Approval of the model does not guarantee control over the runtime environment.
Q: What do IAM and security teams get wrong about GenAI access control?
A: They often focus on the model or the application wrapper and ignore the data paths behind it.
Practitioner guidance
- Classify each GenAI workload as a governed identity Inventory the model, orchestration layer, connectors, and downstream data paths as one access chain.
- Map sensitive data paths through prompts and connectors Trace where confidential data enters, is transformed, cached, exported, or logged.
- Tighten workload access to task-scoped privileges Remove broad read or write permissions that are not required for the current use case.
What's in the full article
Cyera's full report covers the operational detail this post intentionally leaves for the source:
- How Cyera, ESG, and AWS break down the workload-security findings behind GenAI adoption pressure
- The report's supporting survey context around security risk, compliance, and business continuity concerns
- Implementation framing for protecting AI assets and sensitive data across production GenAI environments
👉 Read Cyera's report on securing workloads for generative AI →
GenAI workload security gaps: what IAM teams need to know?
Explore further
07/06/2026 10:03 pm
GenAI workload security is becoming an identity and data governance problem, not just a model protection problem. Once a generative system can consume sensitive inputs and trigger downstream actions, the control surface moves from the model to the workload identity. That means the security conversation has to include access scope, connector trust, and data handling boundaries. Practitioners should assess GenAI through the same governance lens used for other high-privilege workloads.
A few things that frame the scale:
- Only 1.5 out of 10 organisations are highly confident in their ability to secure NHIs, compared to nearly 1 in 4 for securing human identities, according to The State of Non-Human Identity Security.
- Only 44% of developers are reported to follow security best practices for secrets management, exposing a significant developer behaviour gap, according to The State of Secrets in AppSec.
A question worth separating out:
Q: How can organisations tell whether GenAI security controls are actually working?
A: Look for evidence that access scope, connector trust, and data handling are all reviewable in the same control process. If teams cannot show who owns the workload, what it can access, and when those permissions were last reassessed, the control is not functioning as a governance mechanism.
👉 Read our full editorial: Securing generative AI workloads is now an identity problem
