TL;DR: Enterprises are moving beyond AI experimentation toward production use cases where agents approve transactions, generate reports, and trigger workflows, and Collibra’s post argues that trusted data context now determines whether those actions stay inside control boundaries. The real issue is governance, not AI novelty: if lineage, certification, and ownership are stale, the agent is effectively operating outside policy.
NHIMG editorial — based on content published by Collibra: Collibra named Databricks' 2026 Data Governance Partner of the Year
Questions worth separating out
Q: How should security teams govern AI actions that depend on business data context?
A: They should treat context as an enforcement signal, not a description.
Q: Why do lineage and certification matter for production AI?
A: Because they tell the system whether the data behind the action is trustworthy for that use case.
Q: What do organisations get wrong about AI governance and data governance?
A: They separate them too early.
Practitioner guidance
- Map AI actions to governed data dependencies Identify which approvals, reports, and workflow triggers depend on certified datasets, business definitions, and lineage records.
- Block execution on stale context signals Prevent AI systems from using uncertified, outdated, or lineage-poor data for business actions.
- Unify ownership and classification across platforms Standardise business definitions, data ownership, quality certification, and regulatory classification so the same asset carries consistent meaning across analytics and AI environments.
What's in the full article
Collibra's full blog post covers the partnership and platform context this post intentionally leaves at a higher level:
- How Databricks Unity Catalog and Collibra divide governance responsibilities across data and AI assets
- The specific business context signals Collibra says should travel with data into production AI workflows
- Why the partnership matters for teams building governed paths from raw data to deployed agents
- The operational framing behind Collibra's Data Confidence message for enterprise data teams
👉 Read Collibra's post on why data governance is central to production AI →
AI agent governance and data context: what should IAM teams do?
Explore further
AI governance fails when context is treated as metadata instead of a control. Collibra’s central point is that the business meaning of data now shapes whether AI actions remain trustworthy. When agents approve transactions or trigger workflows, stale definitions and uncertified datasets are not cosmetic defects. They are governance failures that alter the legitimacy of the action itself. Practitioners should treat context as part of the policy boundary, not a documentation layer.
A few things that frame the scale:
- The average estimated time to remediate a leaked secret is 27 days, despite 75% of organisations expressing strong confidence in their secrets management capabilities, according to The State of Secrets in AppSec.
- Only 44% of developers are reported to follow security best practices for secrets management, exposing a significant developer behaviour gap, according to The State of Secrets in AppSec.
A question worth separating out:
Q: How can teams tell whether AI is operating inside governed boundaries?
A: Check whether the system can demonstrate the source, ownership, classification, and certification state of the data it used for the decision. If any of those are missing or stale, the action may still run, but it is outside a defensible governance boundary.
👉 Read our full editorial: Data governance for AI agents is becoming production critical