Data Security

Data security is the protection of data from unauthorized access, misuse, alteration, or leakage. In AI systems, the security surface extends beyond the application itself to include what gets sent in prompts, what documents are indexed for retrieval, what logs are retained, which APIs are called, and what permissions AI agents have to act on internal systems. AI tools that connect to email, documents, databases, and workflows can expose significant data if access is overpermissioned or if the system can be manipulated through its inputs.

AI tools don't exempt themselves from enterprise security standards — but they're often adopted as if they do. Employees using personal-account AI tools bypass the security perimeter entirely; AI agents granted broad system access create a large blast radius if compromised; prompt injection can cause AI systems to reveal restricted information or take unintended actions. These aren't theoretical risks — they're patterns that appear regularly in AI deployments that went through product review without security review.