Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

SOC 2 audits are won or lost on evidence. When an auditor asks how an organization controls access to sensitive data, prevents unauthorized exfiltration, and monitors for anomalous behavior, the answer has to be documented and defensible. For most security and GRC teams, that answer depends heavily on whether their data security tooling is configured to produce audit-ready outputs, not just enforce policies.

Organizations are not choosing between AI adoption and data security. Rather, they are discovering, often after the fact, that these two priorities are pulling in opposite directions. The engineering team has been using GitHub Copilot for six months. Finance is running variance analysis through ChatGPT. Legal is pasting contract language into Gemini for redlining. According to Cyberhaven Labs research, 39.7% of the data employees share with AI tools is sensitive.

Clinicians are pasting patient summaries into ChatGPT to draft discharge instructions. Billing staff are uploading claim data to AI writing tools to speed up appeals letters. Nurses are using consumer AI assistants to look up drug interactions between patient visits. None of this was approved by the security team, and most of it would surprise the compliance officer.

AI agents are connecting to enterprise systems right now. Whether a developer wired up Claude to an internal Confluence instance, a vendor shipped an agentic workflow that calls the CRM, or an employee enabled a browser-based AI assistant that reads email, Model Context Protocol (MCP) is rapidly becoming the integration layer between large language models (LLMs) and corporate data. Most security teams have no visibility into any of it.

HR teams manage every stage of the employee lifecycle, from hiring and onboarding to performance management and offboarding. Security teams manage data access, behavioral monitoring, and incident response. Insider risk lives at the intersection of both. When HR and security operate independently, the gaps between them are exactly where data loss happens, and the moments of highest exposure are almost always HR events, such as a resignation submitted, a role change processed, a termination decision made.

Most enterprise security programs were built around a simple assumption, not invalid assumption that data moves when a person decides to move it. AI agents have broken that model, and now act autonomously, reading files, calling APIs, executing code, and transferring data across systems without waiting for a human to approve each step. Many of these agents were never sanctioned by IT or security.

Employees are feeding sensitive data into AI tools at a pace most security teams did not anticipate. Source code goes into coding assistants. Customer records get pasted into ChatGPT to draft emails. Confidential contracts land in Gemini for summarization. According to Cyberhaven Labs research, 39.7% of the data employees share with AI tools is sensitive, and the volume is accelerating as AI adoption spreads from individual contributors to entire workflows.

Most data security posture management (DSPM) programs don't fail because the technology is wrong. They fail because of execution gaps, from incomplete data inventory to misclassified data at scale to fragmented cloud environments and teams stretched too thin to act on findings. However, each of these problems is predictable, and each has a known fix.

Security architects who understood the large language model (LLM) risk two years ago are now confronting a more complex problem. The enterprise AI stack has split into two distinct architectural patterns, retrieval-augmented generation (RAG) and agentic AI, and the security posture required for each is fundamentally different. Conflating them is how programs end up with coverage gaps.

Most organizations have an acceptable use policy for AI tools. Very few have controls that actually enforce it. The gap between what the policy says and what security teams can detect is where insider risk lives when it comes to large language model (LLM) usage.