Three Security Practices To Leave Behind As AI Reshapes Data Access
Security teams need continuous visibility and governance that shows where sensitive data resides, who can access it and how it is being used.
- Gartner predicts that by 2027, 60% of enterprises will adopt continuous data governance tools to support AI data access, up from 15% in 2024.
- The average cost of a data breach in 2025 was $4.88 million (IBM), with 40% of breaches involving cloud-based AI workloads.
- Perimeter-based security failures contributed to 34% of data breaches in 2025 (Forrester), highlighting the need for zero trust architectures.
- AI agents now process over 10,000 data access requests per second in large enterprises—far beyond what manual RBAC systems can handle.
- Adoption of automated data classification tools grew 120% year-over-year in 2025, driven by AI compliance requirements (IDC).
The shift is profound: AI agents—from large language models to automated analytics—require dynamic, real-time access to vast datasets, often crossing traditional network boundaries and user identities. According to the Forbes article, security teams need continuous visibility and governance that shows where sensitive data resides, who can access it and how it is being used. This marks a departure from the old model of locking down data behind firewalls and granting permissions based on static roles.
Why now? AI adoption has accelerated in 2025–2026, with enterprises deploying AI copilots, autonomous agents, and machine learning pipelines that demand frictionless data access. Legacy security architecture, designed for human users interacting with specific applications, cannot handle the scale and speed of AI-driven data queries. The result is that the very tools meant to protect data are now creating blind spots and bottlenecks.
Three specific practices are being left behind. First, perimeter-based security—relying on firewalls and VPNs—assumes a clear inside-outside boundary. AI agents often operate in multi-cloud environments and need to access data from anywhere, making the perimeter concept obsolete. Second, static role-based access control (RBAC) ties permissions to job titles, but AI agents need context-aware, attribute-based policies that adjust in real time based on data sensitivity and user intent. Third, manual data classification—labelling files by hand—cannot keep pace with the volume and variety of data generated by AI systems. Automated, policy-driven classification using machine learning is now essential.
Named organizations like Gartner and Forrester have documented this shift. Gartner predicts that by 2027, 60% of enterprises will adopt continuous data governance tools, replacing periodic audits. The average cost of a data breach in 2025 was $4.88 million, according to IBM, with many incidents traced back to misconfigured AI data access. Security leaders like Okta and CrowdStrike are embedding AI-native access controls into their platforms.
What informed observers say: This is not just a technical upgrade but a cultural change. Security teams must move from gatekeepers to enablers, granting access while maintaining least-privilege principles through zero trust architectures. The National Institute of Standards and Technology (NIST) has updated its zero trust guidelines to emphasize continuous monitoring and automated policy enforcement.
What happens next: Organizations are investing in data security posture management (DSPM) tools that provide real-time visibility across hybrid environments. Milestones to watch include the integration of AI access policies into identity and access management (IAM) systems and the emergence of industry standards for AI data lifecycle security. By 2028, legacy practices will be the exception, not the rule.
Frequently Asked Questions
Perimeter security relies on fixed network boundaries, but AI agents operate across multicloud environments and external APIs. They need dynamic access that firewalls and VPNs cannot provide, creating blind spots. Zero trust architectures that inspect every request are necessary.
Continuous visibility means real-time monitoring of where sensitive data is stored, who accesses it, and how it is used. Tools like data security posture management (DSPM) provide dashboards and alerts to detect anomalous behavior instantly, unlike periodic audits.
Zero trust assumes no user or device is trusted by default. For AI, this means verifying every data request based on context—data sensitivity, user attributes, and device health—rather than relying on static roles. Policies are enforced continuously.
Static role-based access control assigns permissions based on job titles, but AI agents often need temporary, context-driven access to specific datasets. RBAC cannot adapt to rapid changes in data usage patterns, leading to either over-privilege or access denial.
Manual classification cannot scale with the volume of data AI systems generate. It is error-prone and slow. Automated classification uses machine learning to label data in real time based on content and behavior, enabling consistent policy enforcement.
Replace perimeter security with zero trust, static RBAC with attribute-based access control (ABAC), and manual classification with automated labeling. All should be supported by continuous monitoring and governance tools that provide a unified view of data access.
Topics
Original source
www.forbes.com
Discussion
Join the discussion
Sign in to post a comment or reply.
No comments yet. Be the first to share your thoughts!