Does AI at scale demand data security by design?

How can organisations safely scale AI?

As AI data security becomes a boardroom priority, few technologies have captured executives’ imaginations as AI, the suite of technologies now including generative and agentic models. 

Boards and leadership teams across industries ask how quickly new tools can be deployed to improve productivity, automate routine work, design and launch new product or solution lines, and extract deeper insights from the information organisations already hold. As their teams answer those calls, however, many are discovering that the real challenge lies not in buying or building these models, but in understanding their own data that powers them, and the resultant risk landscape that emerges.

In other words, the greatest obstacle to scaling AI lies within the condition of the data that feeds it and the security architecture governing how that data is accessed, classified, and protected. The AI data security narrative is a key one for 2026 

A recent roundtable discussion, in partnership with Securiti, invited senior technology leaders to investigate these patterns of corporate behaviour whereby firms are enthusiastic about deploying AI but far less certain about the foundations required to support it.

As one participant observed: “Everyone is trying to get to level four—AI running at scale across the business. But when you ask organisations where they actually are, most are at level one, or even half of level one.”

That first level is not about algorithms or infrastructure. It is about something far more fundamental: understanding what data exists inside the organisation and how it is governed.

Overview

• Does AI at scale demand data security by design?
  
• AI data security begins with data intelligence
• The myth of the AI-ready enterprise
• Managing shadow AI and data exposure risks
• Building the foundations for AI at scale
• FAQ’s

AI data security begins with data intelligence

Public conversation around AI still revolves around models, prompts, and applications. Inside large organisations, however, the immediate challenge is often more prosaic: visibility.

Before AI systems can interact safely with corporate data, organisations must first answer basic questions. What data exists? Where does it reside? Who can access it? Which datasets contain sensitive information? 

For many, the answers remain incomplete. Leaders around the table nodded to one attendees’ observation, “If you don’t know what data lives in a specific location, you can’t control it.”

This is consistent with recent findings from Securiti, in its report Seven Industries, One Problem, which found 81 percent of enterprises struggle with visibility of sensitive data and access. The same report also noted that 68 percent of security leaders report generative AI is being used without adequate data controls. 

From a security perspective, the problem is straightforward: if organisations cannot see where sensitive data resides, they cannot control how AI systems interact with it. Inefficiency would be the least worst eventuality; the potential exposure of information that was never intended to be surfaced is a far greater risk factor.

Let us remind ourselves that large language models (LLMs) rely on vast volumes of information to produce meaningful responses. If the underlying data estate has not been properly mapped and classified, those systems are likely to surface information in ways that organisations never anticipated, revealing hidden weaknesses.

“You can run a search as a normal user and suddenly surface sensitive information—financial data, M&A information—simply because nobody really understood what was in that repository.”

Most large organisations have accumulated complex data estates through decades of mergers, system upgrades and incremental projects. Data is copied between systems, duplicated across platforms and stored without clear ownership. AI tools simply make those relationships easier to uncover. 

NIST’s Generative AI profile for the AI Risk Management Framework explicitly presents generative AI risk management as a “cross-sector exercise in governing, mapping, measuring and managing risks linked to LLMs, cloud services and acquisition”. Mature AI adoption requires systematic controls, not just deployment enthusiasm, it adds.

The result is that the first “level” of AI maturity is not technological at all; it is informational. The subtext of this debate was clear: organisations must develop data intelligence, the ability to discover, classify, and govern data across the enterprise as a matter of urgency.

The myth of the AI-ready enterprise 

One misconception emerged repeatedly during the discussion: the idea competitors are already further ahead in the AI journey. From the outside, corporate communication manufactures a sense that entire industries are rapidly transforming into AI-driven organisations. Vendor messaging and technology headlines reinforce the impression that companies risk being “left behind”. 

Stanford HAI’s 2025 AI Index shows an environment of very rapid change but incomplete understanding. The report says even experts struggle to track the field’s progress, let alone decide on winners and losers.

“You feel like everyone else is miles ahead,” explained one participant, visibly relieved to hear empathy from around the table. “...when you talk to people actually trying to do this [such as on this roundtable], everyone is struggling with the same things.”

Many organisations are still experimenting with relatively narrow use cases—summarising documents, drafting reports, analysing internal information. The moment AI tools are connected to enterprise data, however, many see a sharp rise in complexity.

Participants described the architecture of large organisations as something closer to a “spaghetti network” than a coherent data environment. Systems have been layered over decades, often through acquisitions or regulatory change, creating intricate dependencies between platforms. In banking and other large institutions, untangling these systems can take years. One example discussed involved a multi-year programme costing hundreds of millions of dollars simply to rationalise a bank’s data architecture.

The implication is that for many organisations the journey towards AI begins not with AI itself but with the far more demanding task of modernising the data infrastructure beneath it. And even where organisations succeed in deploying AI tools, another issue quickly emerges: the quality of the underlying data.

Participants repeatedly emphasised how quickly poor data quality can undermine otherwise promising AI initiatives.

“Once you start scanning pockets of data, the number of errors you find can be staggering.” 

Examples ranged from inconsistent customer records to incomplete addresses and duplicate identities.

One participant described how large financial databases often contain anomalies that would be almost comical if the consequences were not so serious.

“You might find one client appearing under eight different names in the system. Or someone who seems to be 126 years old because the system defaulted their date of birth to 1900.”

Problems like these may appear mundane, but they become far more consequential once AI systems begin relying on the data to generate insights or automate decisions—and a poor data and AI culture takes those decisions as truth. In the AI era, poor data quality becomes a security and trust problem. When AI systems ingest inaccurate, duplicated or poorly classified information, they can produce outputs that appear authoritative while masking underlying weaknesses in the data itself.

Inconsistent or inaccurate information can distort analysis, produce misleading outputs or introduce errors into automated processes, as we heard from multiple participants. 

In fact, in many cases organisations discover that cleaning and structuring their data delivers tangible benefits even before AI is introduced. This is an important reminder for the office of the CFO in particular as improved data quality can streamline operations, reduce regulatory risk and eliminate redundant processes.

Managing shadow AI and data exposure risks

Alongside the structural challenges of managing data for AI, another risk surfaced repeatedly during the discussion included the growing presence of what participants described as shadow AI.

The term echoes an earlier era of “shadow IT”, when employees began using unsanctioned cloud tools outside official technology policies. AI appears to be following a similar trajectory.

Participants noted that employees are increasingly experimenting with generative AI tools independently of corporate governance frameworks. In some cases, staff copy internal information into public models to summarise documents or draft reports. In others, employees bypass official enterprise AI tools in favour of consumer platforms they find more effective. At the same time, AI capabilities are appearing inside many existing enterprise applications. Vendors are embedding AI assistants into software platforms at a rapid pace, often switching on new functionality overnight. 

The result is that organisations may find themselves interacting with AI in far more places than leadership realises.

This trend introduces a new category of risk. It is no longer enough to consider only the AI systems formally deployed by the organisation. Companies must also account for the tools employees are using independently, often with little understanding of how corporate information may be processed or retained.

Yet shadow AI is only one part of a broader shift. The roundtable also heard how generative and agentic AI is also changing how employees interact with data inside the organisation.

Traditional enterprise systems required users to navigate structured repositories or locate specific documents through search. Access controls were designed around those patterns of behaviour. If a user did not know where information was stored, it was unlikely they would discover it. AI assistants change that dynamic; instead of navigating systems, users can ask questions conversationally and receive responses that draw from multiple data sources simultaneously.

In theory, those users may already have the necessary permissions to access the underlying information. In practice, however, they may never have known the data existed. 

As one participant put it: “AI doesn’t necessarily break access controls. But it can surface data people didn’t even realise they had access to.

This ability to aggregate and synthesise information across large data estates creates new exposure risks. Sensitive information stored in poorly structured repositories may suddenly become visible through an AI query. Data copied between systems over many years may be combined in ways that were never previously possible.

In this sense, AI introduces a subtle but important shift in enterprise security. Traditional access controls remain necessary, but they are no longer sufficient on their own. Organisations must also consider how AI systems discover, interpret and assemble information across their data environments.

Building the foundations for AI at scale

Taken together, the discussion suggests that scaling AI safely requires organisations to rethink how they manage data and the foundational designs of its security posture. The most pressing challenges involve governance, visibility, and accountability across the entire data lifecycle.

Organisations that succeed in this transition tend to share several characteristics: clear visibility into their data estates, strong discovery and classification capabilities, well-defined access governance, and continuous oversight of how data interacts with AI systems. Combined, these all reduce the likelihood of inherent weaknesses.

That is an important part of an organisation’s armoury because AI changes the speed and scale at which those weaknesses can now be discovered. AI systems can traverse vast data estates in seconds, surfacing relationships and information flows that were previously hidden—both known-, and unknown-, unknowns, we heard. Without strong data security foundations, that capability introduces new and unpredictable exposure risks.

In the years ahead, nearly every company will look to scale AI but there will be a multitude of routes to take. The most effective will not necessarily be those with the most sophisticated models or those boasting of speed or velocity. They will be those who, with sober patience and an eye for the medium term over the short, work to prioritise data security by design.

In an AI-driven economy, that may prove to be the real competitive advantage.

FAQ’s 

1. Why is data security important for AI adoption?

Artificial intelligence systems rely on large volumes of data to generate insights and automate decisions. If organisations do not know where sensitive data resides or who can access it, AI systems may surface information in ways that create governance, compliance or security risks. Strong data security foundations ensure that AI interacts with information in a controlled and accountable way.

2. What does “data security by design” mean for AI?

Data security by design means building security principles into AI systems from the start rather than adding them later. This includes identifying sensitive data, controlling access permissions, monitoring how data flows through AI models and ensuring that information is protected throughout its lifecycle.

3. Why do many organisations struggle to scale AI?

Many organisations discover that their data estates are fragmented, poorly classified or spread across multiple legacy systems. When AI tools interact with these environments, they can reveal hidden weaknesses such as duplicated records, unclear ownership of data or overly broad access permissions. Addressing these issues is often necessary before AI can be deployed safely at scale.

4. What is shadow AI?

Shadow AI refers to the use of AI tools outside official governance frameworks. Employees may use public generative AI tools to summarise documents or analyse information without organisational oversight. Vendors may also introduce AI assistants into software platforms without formal approval. This creates security risks because sensitive information may be shared with systems that the organisation does not fully control.

5. How can organisations reduce AI security risks?

Organisations can reduce AI security risks by strengthening their data foundations. This includes discovering and classifying sensitive data, establishing clear access controls, monitoring how AI systems interact with data and implementing governance frameworks that manage risk across the entire data lifecycle.

This HotTopics Food for Thought was hosted in partnership with Securiti