Notifications
Clear all
Topic starter
08/06/2026 4:40 pm
TL;DR: AI use across the U.S. federal government more than doubled from 2023 to 2024, according to the U.S. Chief Information Officers Council, while federal zero trust programmes still tend to stop at devices, users, and networks rather than the data AI consumes. That leaves mission teams with access controls that are too perimeter-shaped for AI-era decisioning.
NHIMG editorial — based on content published by Cyera: From Risk to Readiness, enabling secure, responsible AI in government
By the numbers:
- AI use across the federal government more than doubled from 2023 to 2024.
Questions worth separating out
Q: How should security teams govern AI access to sensitive government data?
A: Security teams should govern AI access through data context, not just identity context.
Q: Why do perimeter-based zero trust models fall short for AI programmes?
A: Perimeter-based zero trust falls short because AI risk sits in the data pipeline, not only in the device or network.
Q: What breaks when AI systems can access data without context-aware controls?
A: What breaks is the governance model.
Practitioner guidance
- Map AI data dependencies before expanding access Inventory the datasets, repositories, and downstream systems each AI use case consumes, then classify them by sensitivity and mission criticality.
- Move zero trust controls to the dataset level Apply policy enforcement to the data itself, including classification, usage constraints, and lineage-aware access decisions.
- Align IAM and data governance workflows Create a shared review process for identity entitlements, data sensitivity, and mission usage so AI access decisions are not made in separate silos.
What's in the full article
Cyera's full analysis covers the operational detail this post intentionally leaves for the source:
- How the platform applies cloud-scale data security controls to public sector workloads
- The specific posture management and data loss prevention capabilities discussed for mission environments
- The article's explanation of how visibility supports faster access decisions without complex integrations
- The public sector framing for secure, responsible AI adoption and mission impact
👉 Read Cyera's analysis of data-first zero trust for secure government AI →
Data-centric zero trust for AI in government: what IAM teams miss?
Explore further
08/06/2026 6:25 pm
Data-first zero trust is now the governing model for AI-era access. The article is right to move the control discussion from perimeter objects to data context, because AI value is created at the point of use, not at the point of login. Traditional IAM can verify a subject and a session, but it does not automatically answer whether the underlying data is suitable for machine consumption. Practitioners should treat data visibility and access context as the control surface that now matters most.
A few things that frame the scale:
- The average organisation believes more than 1 in 5 of their non-human identities are insufficiently secured, according to The 2024 ESG Report: Managing Non-Human Identities.
- 72% of organisations have experienced or suspect they have experienced a breach of non-human identities, with 46% confirming one and 26% suspecting one.
A question worth separating out:
Q: Who is accountable when AI access to government data is poorly governed?
A: Accountability sits with the programme owners who approve the access model, the identity teams that enforce entitlements, and the data owners who define sensitivity and permitted use. If those responsibilities are split, the AI programme can move faster than governance can prove control.
👉 Read our full editorial: Data-centric zero trust for government AI needs stronger governance
