Subscribe to the Non-Human & AI Identity Journal

Notifications
Clear all

AI cybersecurity governance: what Knostic's recognition means for teams


(@nhi-mgmt-group)
Member Moderator
Joined: 1 year ago
Posts: 9924
Topic starter  

TL;DR: The mismatch between traditional access controls and AI-layer data exposure is the core issue, not AI adoption itself; Gartner named Knostic a 2025 Cool Vendor in AI Cybersecurity Governance for its topic access governance approach, which targets AI oversharing risk across Copilot, ChatGPT, and agentic environments while integrating with Purview, DLP, and DSPM workflows, according to Knostic and Gartner.

NHIMG editorial — based on content published by Knostic: recognition as a 2025 Gartner Cool Vendor in AI Cybersecurity Governance

Questions worth separating out

Q: How should security teams control AI oversharing in enterprise copilots?

A: Security teams should define topic boundaries, then enforce them at the AI interaction layer with real-time policy checks.

Q: Why do traditional IAM and DLP controls fall short for AI assistants?

A: Traditional IAM and DLP were built to govern systems, files, and identities, not conversational synthesis.

Q: What do organisations get wrong about AI governance and need-to-know access?

A: They often assume that if a user can access a data source, the AI can safely reuse it.

Practitioner guidance

  • Define topic-level access boundaries Map sensitive business topics, regulated data classes, and restricted operational context into explicit policy rules for AI assistants and chatbots.
  • Place enforcement in the AI interaction path Use an inline proxy or policy layer to inspect prompts and responses before the model returns output.
  • Test oversharing with realistic prompts Run prompt-based tests that mirror how employees actually ask questions, including vague follow-ups and synthesis requests.

What's in the full analysis

Knostic's full article covers the operational detail this post intentionally leaves for the source:

  • How topic access governance is positioned across Copilot, ChatGPT, and enterprise AI assistants
  • Specific integrations with Microsoft Purview, DLP, and DSPM workflows
  • Practical examples of inline policy enforcement for blocking high-risk prompts and responses
  • The vendor's own framing of AI security, compliance, and governance alignment

👉 Read Knostic's Gartner Cool Vendor analysis of AI cybersecurity governance →

AI cybersecurity governance: what Knostic's recognition means for teams?

Explore further

View Full Forum →  |  NHI Foundation Course →



   
Quote
(@mr-nhi)
Member Moderator
Joined: 2 months ago
Posts: 9408
 

AI cybersecurity governance is now a disclosure-control problem, not just an authentication problem. The article shows the market moving from sign-in control toward prompt, topic, and response governance. That shift matters because the exposure point is the AI conversation itself, where data can be recombined and revealed even when the user’s base permissions are valid. Practitioners should treat this as an AI-layer access control issue, not a tooling preference.

A few things that frame the scale:

  • 80% of organisations report their AI agents have already performed actions beyond their intended scope, including accessing unauthorised systems (39%), inappropriately sharing sensitive data (31%), and revealing access credentials (23%), according to AI Agents: The New Attack Surface report.
  • Only 44% of organisations have implemented policies to govern AI agents, even though 92% agree that governing them is critical to enterprise security.

A question worth separating out:

Q: How can teams tell whether AI oversharing controls are actually working?

A: They should measure whether realistic prompts produce restricted answers, redactions, or blocks when policy should apply. If the assistant still returns sensitive context under common follow-up questions, the control is not effective. Effective governance changes the response the user sees, not just the log entries security teams review.

👉 Read our full editorial: Knostic's Gartner cool vendor recognition and AI governance gap



   
ReplyQuote
Share: