Notifications
Clear all
Topic starter
02/06/2026 7:03 pm
TL;DR: Cyera says Forrester’s Q2 2026 evaluation gave it the highest Strategy score among 10 vendors and six of seven top marks in that category, while the company argues that AI-era discovery must combine classification with context, identity, access, and exposure. That shift makes data intelligence a governance requirement, not a reporting exercise.
NHIMG editorial — what this means for NHI practitioners
By the numbers:
- Cyera says it received the highest score in the Strategy category among 10 vendors evaluated.
- Paramount classified 51PB+ of data across 400K+ datastores in under two weeks.
Questions worth separating out
Q: How should security teams use sensitive data discovery to reduce AI risk?
A: Treat discovery as the starting point, not the outcome.
Q: When does data classification fail in AI environments?
A: It fails when the environment changes faster than the review cycle.
Q: What do security teams get wrong about data visibility and NHI risk?
A: They often assume that discovering sensitive data automatically means they understand exposure.
Practitioner guidance
- Map sensitive datasets to identity owners Require every high-value dataset to have a named business owner, a technical owner, and an access owner.
- Tie discovery results to access lineage Use data lineage to show which service accounts, pipelines, and agents can reach each sensitive dataset.
- Review non-human identity access as part of data risk Include service accounts, API keys, and agent credentials in data-risk reviews, not just human entitlements.
The issue is whether teams can explain who or what can use it, and whether that access is still justified?
👉 Read Cyera's analysis of sensitive data discovery and AI-ready classification →
Explore further
02/06/2026 7:20 pm
Context-rich discovery is now the baseline for AI governance. Sensitive data discovery no longer delivers value when it stops at labels. Security leaders need ownership, access, and exposure context to decide what to fix first. That is especially true when AI systems can consume data faster than teams can review permissions, so practitioners should treat context as part of the control, not as an add-on.
A few things that frame the scale:
- 70% of organisations grant AI systems more access than they would give a human employee performing the exact same job, according to the 2026 Infrastructure Identity Survey.
- Only 44% of organisations have implemented any policies to manage their AI agents, despite 92% agreeing that governing AI agents is critical to enterprise security.
A question worth separating out:
Q: How do IAM and data security teams align on AI governance?
A: They should align around the same control objective: explainable access to sensitive data. IAM teams own entitlements and identity review, while data teams own classification and lineage, but AI risk emerges where those controls overlap. The best programmes treat access path visibility as a shared requirement.
👉 Read our full editorial: Sensitive data discovery for AI adoption now depends on context
