Notifications
Clear all
Topic starter
07/06/2026 8:55 pm
TL;DR: A 2025 AI Data Security Readiness report found 76% of respondents view autonomous AI agents as the hardest to secure, while enterprises have now been helped to discover and secure over 4 million agents, according to Cyera. That gap matters because identity, data, and AI controls are converging faster than most governance models can track.
NHIMG editorial — based on content published by Cyera: Cyera becomes one of the top 10 fastest-growing companies, powering the new era of AI and data security
By the numbers:
- Cyera says it has helped enterprises protect more than 530 million identities.
Questions worth separating out
Q: How should security teams govern AI agents that access sensitive data?
A: Start by treating each agent as a governed non-human identity with explicit ownership, scope, and telemetry.
Q: Why do autonomous AI agents complicate least privilege?
A: Least privilege becomes harder to define when the actor can choose actions at runtime and change tool use within a task.
Q: What do security teams get wrong about AI agent data risk?
A: They often focus on the data store and miss the identity of the actor interacting with it.
Practitioner guidance
- Inventory every AI agent identity Maintain a continuously updated register of agents, the systems they can reach, and the data classes they are allowed to access.
- Bind data classification to identity context Link sensitive data labels to the human, workload, or agent identity that is interacting with the data so policy can distinguish approved use from unacceptable exposure.
- Review autonomous access as runtime behaviour Use telemetry from agent sessions, tool calls, and data interactions to decide whether access stayed within scope.
What's in the full analysis
Cyera's full report covers the operational detail this post intentionally leaves for the source:
- The full metric breakdown behind agent discovery, prompt protection, and identity coverage across enterprise environments.
- The classification and control details behind Cyera's 97% precision claim for sensitive data discovery.
- The specific ways the platform links AI models, agents, and business context to enforcement decisions.
- Customer deployment examples showing how teams operationalise data and identity controls together.
👉 Read Cyera's announcement on AI and data security growth →
AI agent security and data controls: what practitioners need to know?
Explore further
08/06/2026 8:39 am
AI agent governance is now an identity and data problem at the same time. The article's own numbers show that enterprises are already discovering millions of agents and protecting hundreds of millions of identities, which means the control boundary is no longer a single system or team. Data security tools that do not understand identity context, and identity tools that do not understand data sensitivity, will both miss the real exposure. Practitioners should treat agent governance as a shared operating model across IAM, NHI, and data security.
A few things that frame the scale:
- 76% say autonomous AI agents are the hardest to secure, according to the 2025 AI Data Security Readiness report.
- When AWS credentials are exposed publicly, attackers attempt access within an average of 17 minutes and as quickly as 9 minutes in some cases, according to LLMjacking: How Attackers Hijack AI Using Compromised NHIs.
A question worth separating out:
Q: How can organisations tell whether AI agent governance is working?
A: Look for evidence that every agent has an owner, a defined purpose, a current access map, and usable telemetry showing what it actually did. If you cannot explain who approved the agent, what data it touched, and whether those interactions were expected, the control model is not yet working.
👉 Read our full editorial: AI agent growth is exposing the limits of data security controls
