THALES BLOG

Success Starts with Secure Data: A Practical Guide for Enterprises

July 19, 2026

Marcelo DeLima Marcelo Delima | Senior Manager, Global Solutions Marketing More About This Author >

AI depends on data—a lot of it. The quality, quantity, and accessibility of enterprise data directly determine the success of AI outcomes. However, according to IDC’s Unlocking AI with Secure, Protected Data white paper, without strong data security and governance practices, AI initiatives can introduce significant operational, compliance, and cybersecurity risks.

AI value vs. AI risk

Artificial intelligence is rapidly becoming a core enterprise initiative. According to IDC, 44% of organizations plan to spend $2 million or more on AI efforts in 2026, and this number jumps to 64% in 2027. Organizations across industries are investing heavily in AI to improve operations, automate workflows, accelerate innovation, and gain a competitive advantage.

Yet many organizations struggle to realize the full value of AI because of one critical issue: data security.

As organizations expand their use of large language models (LLMs), retrieval-augmented generation (RAG), vector databases, and AI agents, the risks surrounding sensitive data exposure continue to grow. Personally identifiable information (PII), intellectual property, financial records, and confidential business information can easily become exposed during AI training, prompting, inference, or integration with external systems.

Unlocking AI with Secure, Protected Data

Trusted AI Starts with Trusted Data

As AI initiatives scale, protecting sensitive information becomes critical. Explore IDC's recommendations for securing data before, during, and after AI processing to enable innovation with confidence.

Read the report

Can you see the challenge?

One of the biggest challenges organizations face is a lack of visibility into their data. Enterprise data is increasingly distributed across cloud platforms, applications, endpoints, collaboration tools, and hybrid infrastructures. Many organizations do not fully understand where sensitive data exists, who has access to it, or how it is being used.

The problem is even worse for unstructured data. Emails, images, and text documents lack a predefined model or format, making them fundamentally harder to govern than structured data. The scale of the challenge is significant: unstructured data accounts for more than 90% of enterprise data. Compounding this issue, unstructured data is the primary output of AI, and it is being generated in large volumes as AI usage increases.

Once sensitive information is ingested into vector databases or embedded within AI models, it becomes far more difficult—if not impossible—to control.

The result is that data security concerns, ranging from the security limitations of data platforms to compliance requirements and the disclosure of sensitive data, are among the most significant inhibitors of AI implementation.

Q. IDC: Which of the following data security concerns, if any, limit or slow your organization from implementing AI and Agentic AI?

A brave new world of threats

AI also introduces new security risks that traditional approaches were not designed to address.

Prompt misuse is one growing concern. Employees may unintentionally expose sensitive information through poorly constructed prompts, while attackers may attempt prompt injection techniques designed to bypass protections or retrieve unauthorized data. At the same time, AI systems can dynamically combine information from multiple sources, creating new sensitive records from data that appeared harmless in isolation.

Retrieval-augmented generation architectures amplify these risks because they continuously retrieve and assemble information from multiple repositories in real time. Improperly governed APIs, external integrations, and autonomous AI agents further expand the attack surface.

The rapid growth of non-human identities, including AI agents, copilots, APIs, and automated workflows, is also challenging traditional access control models. These systems interact with enterprise data at a speed and scale that legacy security architectures were never designed to support.

The fragmented reality

Unfortunately, many organizations are trying to address these challenges using fragmented security tools and siloed controls.

Over the past decade, enterprises have deployed numerous point solutions for encryption, data loss prevention, compliance, identity management, and insider threat protection. According to the 2026 Thales Data Threat Report, organizations reported using an average of seven tools for data protection and monitoring, five for key management, and another six security tools for AI- and LLM-based applications. These tools are often managed separately, with inconsistent policies and limited visibility across environments.

AI systems and agents can unintentionally exploit these gaps as they move across systems searching for data and context. Traditional security models are no longer sufficient for distributed, multicloud, and AI-driven environments. Organizations need a more unified and proactive approach to data security.

Data Threat Report Quantum and AI Trends

How Will AI and Quantum Computing Reshape Data Security?

Explore the latest findings from the 2026 Thales Data Threat Report and discover why 98% of organizations are concerned about the impact of AI and quantum computing on security. Learn how enterprises are preparing for the risks—and opportunities—ahead.

Read the report

A unified and proactive security approach is essential for effective AI

Securing AI begins with protecting data before it enters AI systems. As analyst Jennifer Glenn explains in Unlocking AI with Secure, Protected Data, organizations must move beyond reactive security models and adopt a unified, proactive approach. High-quality, secure data is foundational to AI success, and achieving this requires embedding security and governance controls earlier in the data lifecycle.

This approach emphasizes protecting data before it enters AI systems rather than attempting to mitigate risk after exposure. By integrating security into the early stages of data preparation and ingestion, organizations can reduce risk while maintaining the speed required for AI innovation.

The paper outlines the following essential capabilities for building and maintaining effective data and AI practices:

  • Visibility and control: Centralized data discovery and classification capabilities that identify different data types and locations across the enterprise, providing broad visibility, detailed context, continuous management, and granular control.
  • Real-time monitoring: Continuous inspection of data activity, model interactions, and pipeline behavior, enabling security teams to identify anomalous or malicious activity and intervene before exposure escalates.
  • Automated policy enforcement and remediation: Consistent policy enforcement and automated data security remediation using encryption and tokenization to help ensure that data is secured at every stage, in every environment, by default.
  • Identity-based access controls: Controls that protect data from unauthorized user or device exposure through obfuscation techniques such as encryption, masking, or tokenization.
  • Support for multicloud and hybrid environments: Effective security across endpoints, devices, operating environments, and applications—wherever AI is deployed and consumed.

A unified data security framework that integrates discovery, classification, encryption, identity-aware controls, runtime enforcement, and observability provides the foundation organizations need to innovate confidently.

The goal is not to slow AI adoption. It is to enable AI securely, allowing organizations to accelerate innovation, strengthen compliance, reduce risk, and unlock the full value of AI without compromising trust or resilience.

In summary, AI success depends on data security.

Learn more about the data security challenges introduced by AI and how a unified data security framework can support AI success in IDC’s white paper, Unlocking AI with Secure, Protected Data.

Unlocking AI with Secure, Protected Data

Is Your Data Ready for AI?

Download the IDC White Paper to learn the security, governance, and compliance strategies needed to build trusted AI at scale.

Read the report