They were built for fixed text patterns, while AI reshapes content continuously. Sensitive facts can be paraphrased, translated, split across turns, or hidden in an agent workflow, so a pattern match often misses the risk. Organisations need intent-based inspection and runtime enforcement to govern meaning, not just strings.
Why This Matters for Security Teams
Keyword and regex controls are still widely used because they are simple to deploy and easy to explain, but that simplicity is also their weakness. They only see strings, not meaning, intent, or transformation. AI systems can paraphrase, translate, fragment, or reassemble sensitive information in ways that bypass pattern matching, especially when data moves through prompts, responses, embeddings, logs, and agent tool calls.
This is why data protection for AI cannot rely on static text rules alone. Security teams need runtime enforcement that evaluates context, not just content, and governance that follows the data as it is transformed by models and agents. That aligns with the broader direction of the NIST Cybersecurity Framework 2.0 and NHIMG research on sensitive information exposure in modern application stacks, including the Ultimate Guide to NHIs - Key Research and Survey Results.
NHIMG research highlights the operational gap clearly: 43% of security professionals are concerned about AI systems learning and reproducing sensitive information patterns from codebases in the real world. In practice, many security teams discover that their regex policy missed the leak only after a model has already echoed, transformed, or routed the data into a place they no longer control.
How It Works in Practice
Effective AI data protection starts by treating detection and enforcement as a runtime problem. Instead of asking, “Does this text contain a secret pattern?”, teams ask, “Is this request allowed to access, transform, or export this class of data in this context?” That shift matters because AI workflows can move sensitive content across prompt chains, retrieval layers, memory stores, and agent tools without ever producing a stable string for a regex engine to catch.
Current guidance suggests layering multiple controls rather than replacing one filter with another. A practical design often includes:
- Pre-ingest classification for known high-risk data classes such as secrets, tokens, and regulated identifiers.
- Context-aware policy evaluation at request time for prompts, model outputs, and tool invocations.
- Redaction or tokenization before content reaches logs, vector stores, or downstream agents.
- Short-lived credentials and least-privilege access for systems that mediate AI data flows.
For agentic systems, this becomes even more important because the agent can chain actions across tools, making a single text scan insufficient. NHIMG’s DeepSeek breach shows how exposed data can persist and spread once it enters an AI ecosystem, while standards-driven handling of non-human identities is summarised in the Ultimate Guide to NHIs - Standards. These controls tend to break down when unstructured data is copied into ad hoc agent memory or external retrieval systems because the same sensitive fact can surface in many different textual forms.
Common Variations and Edge Cases
Tighter inspection often increases false positives and operational overhead, so organisations have to balance detection coverage against user friction and review cost. There is no universal standard for this yet, especially where AI systems handle mixed-content workflows that combine chat, code, documents, and API payloads.
One common edge case is split disclosure, where a sensitive value is broken across multiple turns or multiple tool outputs and never appears as a complete match. Another is semantic leakage, where the model does not repeat the exact secret but still reveals enough context to identify the asset, account, or customer. Regex also struggles with translated content, generated summaries, and agent-authored paraphrases, which are increasingly common in production workflows.
For organisations operating under privacy obligations such as the EU General Data Protection Regulation (GDPR), current guidance suggests pairing content detection with retention limits, access scoping, and auditability. The practical lesson is that keyword rules can remain a useful tripwire, but they should not be treated as the control boundary. The State of Secrets in AppSec underscores why this matters: once sensitive material is spread across systems, static string matching rarely contains it cleanly.
Standards & Framework Alignment
This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.
OWASP Non-Human Identity Top 10, OWASP Agentic AI Top 10 and CSA MAESTRO address the attack and risk surface, while NIST AI RMF and NIST CSF 2.0 set the governance and control requirements practitioners need to meet.
| Framework | Control / Reference | Relevance |
|---|---|---|
| OWASP Non-Human Identity Top 10 | NHI-01 | Regex fails when secrets and identities are transformed across AI workflows. |
| OWASP Agentic AI Top 10 | A2 | Agent outputs and tool use can bypass fixed pattern checks. |
| CSA MAESTRO | GOV-04 | AI governance must account for dynamic data movement and leakage paths. |
| NIST AI RMF | AI risk management requires controls beyond simple content filters. | |
| NIST CSF 2.0 | PR.DS-1 | Data security controls must protect sensitive information across AI processing stages. |
Evaluate agent actions and outputs at runtime with policy that understands intent and context.
Related resources from NHI Mgmt Group
- Why do traditional access controls fail to protect sensitive data in cloud and AI environments?
- Why do keyword-based DLP controls fail for generative AI use?
- When is it crucial to implement least-privilege access for AI agents?
- What is the difference between managed identities and hardcoded secrets for AI agents?
Deepen Your Knowledge
Reviewed and updated by the NHIMG editorial team on July 9, 2026.
NHI Mgmt Group — the #1 independent authority on Non-Human Identity, IAM, and Agentic AI security. nhimg.org