Notifications
Clear all
Topic starter
12/06/2026 9:35 pm
TL;DR: Enterprises cannot safely scale AI on chips, models, and compute alone because trust depends on what AI can see and do, according to Cyera’s Series G announcement. Data classification, identity controls, DLP, and AI usage governance are now the practical boundary between enablement and uncontrolled exposure.
NHIMG editorial — what this means for NHI practitioners
By the numbers:
- Over the last year alone, Cyera shipped more than 100 new product capabilities across DSPM, privacy, identity, DLP, and agentic security.
Questions worth separating out
Q: How should security teams govern AI access to sensitive data?
A: Start by classifying the data AI can reach, then bind those classes to identity-based permissions, DLP policy, and usage rules.
Q: Why do traditional security controls fall short for enterprise AI?
A: Traditional controls were built to block or allow access, not to interpret meaning, context, and downstream action at AI scale.
Q: When should AI usage governance be treated as an IAM issue?
A: As soon as AI systems can query sensitive data, use delegated credentials, or take actions inside enterprise applications.
Practitioner guidance
- Map AI access paths to data classification tiers Identify which sensitive data classes are reachable by each AI application, then align those classes to explicit authorisation rules and review cycles.
- Tie AI application entitlements to identity reviews Include AI tools, service identities, and delegated application permissions in access certification so teams can see who can invoke AI, which data sources it can query, and which actions it can take.
- Extend DLP to AI-mediated workflows Apply policy to prompts, outputs, and connected application actions so data loss prevention covers more than file transfer and email.
What's in the full announcement
Cyera's full article covers the operational detail this post intentionally leaves for the source:
- How the platform links DSPM, privacy, identity, DLP, and agentic security into a single operating model
- Why Cyera says classification is the prerequisite for trusted AI transformation, not a downstream add-on
- What the Series G capital is intended to accelerate across enterprise AI security capabilities
- Where Cyera sees the next phase of AI governance moving for enterprise buyers
👉 Read Cyera's analysis of the trust layer needed for enterprise AI security →
AI trust layers: what it means for IAM, data, and AI governance?
Explore further
12/06/2026 11:47 pm
AI trust is now an identity governance problem, not just a data security problem. Cyera’s framing is useful because it places access, classification, and usage controls in the same category. Once AI can see and act on enterprise data, the control question becomes who can reach which information and under what context. Practitioners should treat AI governance as an extension of identity governance, not a separate security programme.
A few things that frame the scale:
- Over the last year alone, Cyera shipped more than 100 new product capabilities across DSPM, privacy, identity, DLP, and agentic security, according to The State of Secrets in AppSec.
- 43% of security professionals are concerned about AI systems learning and reproducing sensitive information patterns from codebases.
A question worth separating out:
Q: What should organisations prioritise first: classification, DLP, or AI policy?
A: Classification should come first because it defines what is sensitive and what needs tighter controls. DLP and AI policy then use that classification to decide how data may move and what actions AI may trigger. If classification is weak, the other controls cannot make reliable decisions.
👉 Read our full editorial: AI trust layers and identity controls now anchor enterprise AI security
