Notifications

Clear all

AI data security readiness gap: what IAM teams need to know

Last Post

RSS

NHI Mgmt Group

(@nhi-mgmt-group)

Member Moderator

Joined: 1 year ago

Posts: 2827

Topic starter 07/06/2026 9:22 pm

TL;DR: More than 900 security leaders were surveyed and found that 83% of enterprises already use AI in daily operations, yet only 13% have strong visibility into how it is being used, widening the gap between adoption and governability, according to Cyera Research Labs and CyberSecurity Insiders. The issue is no longer whether AI is present, but whether identity, access, and data controls can keep pace with shadow AI behaviour.

NHIMG editorial — based on content published by Cyera: The 2025 State of AI Data Security Report

By the numbers:

83% of enterprises already use AI in daily operations
only 13% have strong visibility into how it’s being used
more than 900 security leaders

Questions worth separating out

Q: How should security teams govern AI systems that access sensitive data?

A: Security teams should govern AI systems the same way they govern other high-risk non-human access paths.

Q: Why does AI adoption create an identity governance problem?

A: AI adoption creates an identity governance problem because the system that accesses data is often only loosely visible to IAM.

Q: What do organisations get wrong about shadow AI risk?

A: Organisations often treat shadow AI as a tooling issue when it is really an inventory and entitlement issue.

Practitioner guidance

Inventory AI access paths, not just AI tools Track every AI system, integration, service account, token, and data source it can reach.
Tie AI onboarding to explicit ownership Require named business and security owners before an AI system can connect to production data.
Review entitlements at the data boundary Assess where AI systems can read, write, export, or summarise sensitive information.

What's in the full report

Cyera's full report covers the operational detail this post intentionally leaves for the source:

Survey methodology from more than 900 security leaders across enterprise environments.
Breakdown of how organisations are defining AI visibility, ownership, and governance maturity.
Guidance on the specific control gaps leaving AI-connected data exposed.
The report's own recommendations for applying governance rigor to AI usage.

👉 Read Cyera's 2025 report on AI data security readiness and visibility gaps →

AI data security readiness gap: what IAM teams need to know?

Explore further

View Full Forum → | NHI Foundation Course →

Quote

Topic Tags

Forum Statistics

9 Forums

4,037 Topics

5,180 Posts

10 Online

109 Members

Latest Post: Identity consolidation at acquisition speed: what IAM teams should note Our newest member: Mr NHI Recent Posts Unread Posts Tags

Forum Icons: Forum contains no unread posts Forum contains unread posts

Topic Icons: Not Replied Replied Active Hot Sticky Unapproved Solved Private Closed

#1 Authority in NHI Education, Research and Advisory, empowering organizations to tackle the critical risks posed by Non-Human Identities (NHIs), including AI Agents.

Get in Touch

Quick Links

FAQ

NHI 101 Articles

Legal & Policies