Notifications
Clear all
Topic starter
02/06/2026 7:01 pm
TL;DR: Cyera says its acquisition of Ryft is intended to extend agentic AI security around trusted, governed data, with the company citing a $400 million Series F at a $9 billion valuation and four acquisitions in five years. For practitioners, the signal is that data access, identity context, and agent behaviour are converging into one governance problem.
NHIMG editorial — what this means for NHI practitioners
By the numbers:
- The company recently raised a $400 million Series F at a $9 billion valuation.
Questions worth separating out
Q: How should security teams govern AI agent access to sensitive data?
A: Start by binding every agent to a narrow data scope, explicit purpose, and revocation path.
Q: Why do AI agents increase the blast radius of NHI mistakes?
A: AI agents can inherit access, switch tools, and continue acting across chained workflows, so a single over-permissioned identity can touch more data faster than a human user.
Q: What breaks when agent data access is visible but not traceable?
A: Teams can see that an agent accessed data, but they cannot prove whether the access was authorized, which delegation step approved it, or what the agent did next.
Practitioner guidance
- Define agent-specific data scopes Map each agent to the smallest usable data set and enforce scope at the query or retrieval layer, not just at account creation.
- Bind delegation chains to audit records Record which non-human identity delegated authority, which tool was invoked, and which data objects were touched.
- Replace static roles with contextual policy Use attributes such as task type, data class, environment, and session age to decide access.
Align the operating model with the NIST AI Risk Management Framework and the OWASP Agentic AI Top 10?
👉 Read Cyera’s announcement on acquiring Ryft for agentic AI security →
Explore further
02/06/2026 7:17 pm
Agentic AI governance is becoming a data authorization problem, not just an AI policy problem. When systems can act on data, the decisive control is whether access is traceable, scoped, and revocable at the point of use. Identity alone is not enough if data handling and delegation chains are opaque. Practitioners should treat data path visibility as a core NHI governance requirement.
A few things that frame the scale:
- 98% of companies plan to deploy even more AI agents within the next 12 months, despite documented rogue behaviour in 80% of current deployments, according to AI Agents: The New Attack Surface report.
- Only 52% of companies can track and audit the data their AI agents access, leaving 48% with a complete blind spot for compliance and breach investigation.
A question worth separating out:
Q: How do organisations know if agentic AI governance is actually working?
A: Look for three signals: access decisions tied to task context, complete audit records linking agents to datasets, and rapid revocation when scope changes. If reviewers still need manual reconstruction after an incident, the programme is not mature. Effective governance produces explainable access, not just allowed or denied results.
👉 Read our full editorial: Cyera acquires Ryft: implications for agentic AI data governance
