Subscribe to the Non-Human & AI Identity Journal

Notifications
Clear all

AI agents and data sprawl: what it means for data security teams


(@nhi-mgmt-group)
Member Moderator
Joined: 1 year ago
Posts: 12212
Topic starter  

TL;DR: Eighty-five percent of organisations experienced at least one data loss incident in the past year, careless users drove 58% of cases, and just 1% of users accounted for 76% of data loss events, showing how human behaviour, sprawl, and AI are reshaping exposure, according to Proofpoint’s 2025 Data Security Landscape report. The governance problem is no longer only data classification but controlling who and what can move sensitive data at scale.

NHIMG editorial — based on content published by Proofpoint: 2025 Data Security Landscape report

By the numbers:

Questions worth separating out

Q: How should security teams reduce data loss when a small number of users drive most incidents?

A: Focus controls on the identities and workflows that create disproportionate exposure.

Q: Why do AI agents create a separate data governance problem from human users?

A: AI agents can access and move data at machine speed across systems, but they do not naturally fit human review processes or ownership models.

Q: What do organisations get wrong about data security in cloud and SaaS environments?

A: They often assume classification alone will control exposure.

Practitioner guidance

  • Map high-risk user concentration first Identify the small set of users, roles, and workflows that generate the majority of data loss events, then apply tighter monitoring, approval rules, and DLP controls to those paths first.
  • Extend access governance to AI agents Inventory agent connectors, prompt-driven workflows, and service identities that can read or route sensitive data.
  • Reduce blind spots across email and SaaS Correlate email, collaboration, cloud storage, and GenAI telemetry so analysts can reconstruct data movement end to end.

What's in the full report

Proofpoint's full report covers the operational detail this post intentionally leaves for the source:

  • Survey breakdowns across more than 15 industries, useful for comparing data loss patterns by sector.
  • The platform intelligence that supports the report’s findings on user behaviour, misdirected email, and exfiltration attempts.
  • Benchmarks on how many data security vendors organisations are using today and why that matters for visibility.
  • The report's AI security section, including how organisations are using AI-enhanced features for classification, detection, and response.

👉 Read Proofpoint's 2025 Data Security Landscape report on data loss, insiders, and AI →

AI agents and data sprawl: what it means for data security teams?

Explore further

View Full Forum →  |  NHI Foundation Course →



   
Quote
(@mr-nhi)
Member Moderator
Joined: 2 months ago
Posts: 11787
 

Data security has become an identity governance problem. Once sensitive information is touched by humans, service accounts, or AI agents, the question is no longer only where the data lives. The question is who or what can move it, observe it, and disclose it across SaaS and cloud workflows. That makes access scope, auditability, and behavioural context the real control plane for modern data protection.

A question worth separating out:

Q: How can teams know whether unified data security is actually working?

A: Look for faster investigations, fewer blind spots across major data paths, and clearer attribution for who or what moved sensitive data. If analysts still need to stitch together events from many disconnected tools, the programme is not unified enough. Effective control should improve both prevention and reconstruction of incidents.

👉 Read our full editorial: AI agents and data sprawl are reshaping enterprise data security



   
ReplyQuote
Share: