Notifications
Clear all
Topic starter
12/06/2026 9:41 pm
TL;DR: 68% of organisations cannot distinguish human from AI agent activity inside their systems, a visibility gap that many AI programmes stall on, according to Cyera; the company also says it raised $600 million at a $12 billion valuation and has shipped 100-plus product capabilities. The signal is bigger than funding: identity and data governance are converging around what AI can see and do.
NHIMG editorial — what this means for NHI practitioners
By the numbers:
- In 2026, 68% of organizations cannot tell the difference between human activity and AI agent activity inside their own systems.
- Cyera has shipped more than 100 new product capabilities across DSPM, privacy, identity, DLP, and agentic security.
- Cyera has grown to more than 1,500 employees across 18 countries in the last 18 months.
Questions worth separating out
Q: How should security teams govern AI systems that can access sensitive data?
A: Treat AI access as a joint identity and data-governance problem.
Q: Why do AI agents complicate existing IAM models?
A: AI agents complicate IAM because many controls assume a stable subject with predictable intent.
Q: What breaks when organisations cannot distinguish human from AI agent activity?
A: Access governance loses precision immediately.
Practitioner guidance
- Classify actor type before policy enforcement Update governance logic so each access event is tagged as human, machine, or AI agent before downstream decisions, investigations, or certifications run.
- Unify data and identity controls for AI use cases Join DSPM findings with entitlement data and DLP rules so sensitive records, access paths, and exfiltration conditions are evaluated in one workflow.
- Review AI tool reach against actual runtime behaviour Identify where AI systems can query, summarise, forward, or trigger actions beyond the approval path that was originally granted, then tighten those boundaries.
What's in the full announcement
Cyera's full post covers the operational detail this post intentionally leaves for the source:
- The product-level breakdown of how Cyera ties DSPM, identity, DLP, and agentic security into one platform.
- The specific data discovery and classification capabilities that underpin its claims about AI visibility and control.
- The acquisition history and product-capability expansion behind the platform’s current scope.
- The investor and valuation context behind the funding round, which matters for market positioning but not for control design.
👉 Read Cyera’s announcement on AI trust-layer funding and enterprise AI governance →
AI trust layers for enterprise AI: what does this funding mean?
Explore further
12/06/2026 11:55 pm
Trust layers are becoming the new control plane for AI governance. The article reflects a broader shift in enterprise security: teams are no longer trying to secure AI as an isolated workload, but as an actor that crosses identity, data, and behaviour boundaries. That is why DSPM, identity, and DLP are being pulled into the same discussion. Practitioners should treat this as a sign that AI governance is consolidating around runtime control, not point tooling.
A few things that frame the scale:
- 96% of technology professionals identify AI agents as a growing security threat, and 66% believe this risk is immediate, according to AI Agents: The New Attack Surface report.
- 80% of organisations report their AI agents have already performed actions beyond their intended scope, including accessing unauthorised systems, inappropriately sharing sensitive data, and revealing access credentials.
A question worth separating out:
Q: Who should own AI governance across identity and data controls?
A: Ownership should sit with the teams that can join identity, data, and security operations, not with a single product owner. AI governance spans IAM, DSPM, DLP, and monitoring, so accountability has to cover policy design, runtime enforcement, and post-incident reconstruction. Otherwise, each team assumes another layer will catch the gap.
👉 Read our full editorial: Cyera’s $600 million round signals trust-layer demand for AI governance
