+
The New Rules for Data Security
AI can’t scale without data security–here’s why
Accelerating AI adoption and improving innovation, as well as the bottom line, starts with a proactive approach to data security.�
AI adoption is growing daily, with 92% of organizations planning to increase their AI investments over the next three years. But despite the enthusiasm, only 1% of leaders say their organizations are “mature” in AI deployment.
�While leaders and employees want to move faster, trust and safety are top concerns. Seven out of eight companies have sensitive data exposed to every user—and that data could be surfaced by AI tools.
�“Organizations are generating more sensitive data than ever, and AI tools, such as copilots, agents, and chatbots, are surfacing that data faster than humans can control it,” says Yaki Faitelson, cofounder and CEO at Varonis, a leading data security company. “But the biggest challenge isn’t just external threats—it’s internal exposure.”
A single data breach can result in millions—and often tens of millions—of dollars in hard costs for companies. In 2024, the average data breach cost in the financial industry was $4.88 million. The cost was even steeper for the health care industry, with a breach’s average cost topping $7 million.
Dollars aside, a single breach drains corporate resources. IT spends countless hours reporting regulatory requirements, remediating vulnerabilities, and recovering data systems after a security incident. Sales and marketing business units also lose time trying to overcome eroded customer and partner trust and brand reputation.
�AI security isn’t something that can be put off.
Back to home
From planning to deployment: Why AI security is data security
From planning to deployment: Why AI security is data security
Read more
Read more
Explore more
Back to home
Watch now
Strengthening data defense in the
age of AI
“Organizations need to monitor use, enforce policies, and educate teams on what safe AI use looks like. Security isn’t just technical—it’s cultural.”
BRIAN VECCI
Field chief technology officer, Varonis
To ensure an organization is protected, business leaders must consider data security in tandem with their AI initiatives.
�Data security involves proactively mapping where sensitive data lives, who has access to what data, and how that access is being used. From there, access is rightsized, so users have only the access they need to do their jobs. Without a secure foundation, corporate secrets can be readily surfaced by AI tools. Once that sensitive data is in the system, it can be difficult—if not impossible—to remove it.
�To avoid this data exposure, business leaders must take security a step further. Too many organizations think data discovery equals data security. Yet, tools that locate sensitive data don’t always fix the issues they find.
Security from the start
If security measures can’t automatically remediate risk—revoke permissions, disable stale users, remove risky apps—then they’re not securing AI,” says Brian Vecci, field chief technology officer at Varonis. “They’re just watching it go off the rails.”
�Organizations must take the time to build a secure data foundation for everything that comes next in AI security: monitoring, employee training, and policy enforcement.
Once data is secured at the source, the next challenge is to assess how AI is currently being used and who is using it. Shadow AI—technology used by employees and contractors without permission or oversight by IT—can create multiple problems with enterprise AI. The Varonis 2025 State of Data Security Report revealed that 98% of employees use unsanctioned apps.
�As more employees rely on the convenience of using unsanctioned AI tools, it comes with substantial hidden risks, including exposing sensitive data, undermining compliance, and introducing vulnerabilities.
�“Whether it’s uploading sensitive files to a chatbot or using shadow AI apps, human behavior is a major risk factor,” says Vecci. “Organizations need to monitor use, enforce policies, and educate teams on what safe AI use looks like. Security isn’t just technical—it’s cultural.”
�Because employees can get around security parameters with little effort and create risk within an organization, training and upskilling is critical.
Putting people controls in place
“Every employee needs a baseline understanding of how to use AI safely.... The more we upskill our workforces, the more they can innovate with AI without putting their organizations at risk.”
Dana Shahar
Chief HR officer, Varonis
“Every employee needs a baseline understanding of how to use AI safely,” says Dana Shahar, chief HR officer at Varonis. “Shadow AI happens when users don’t understand how data should be handled. Identity compromise happens when they can’t spot an AI-generated phishing attack. The more we upskill our workforces, the more they can innovate with AI without putting their organizations at risk.”
�In the age of AI, leaders need to rethink security positions and duties and how to train their workforces to succeed. “We need to equip the next generation of human defenders with the knowledge and tools to focus on what only they can do: Drive secure adoption, build resilient strategies, and make the judgment calls AI can’t,” says Shahar.
Still, as AI and data continue to mature and scale, humans alone can’t keep up with AI-enabled threats. These vulnerabilities grow much faster than humans can keep up with, so AI-powered defenses are often the best option to protect systems from attack.
�Security analysts can use agentic AI as digital assistants that support human teams by handling critical, time-consuming tasks. By deploying these tools to detect, investigate, and respond to threats automatically—and often more quickly and effectively than humans alone—security teams can take back control. Companies must understand that AI is not secure by default. By taking a security-first approach, business leaders can give their organizations the power to harness the potential without the risk. Still, protecting data is an ongoing commitment that organizations must stay tuned into as they scale their AI.
�“AI security isn’t a one-time setup. It must start early and continue to reduce risk,” says Vecci. “It’s a living system that needs constant attention.”
Putting people controls in place
© 2025 Fortune Media IP Limited. All Rights Reserved. Use of this site constitutes acceptance of our Terms of Use and Privacy Policy | CA Notice at Collection and Privacy Notice | Do Not Sell/Share My Personal Information FORTUNE is a trademark of Fortune Media IP Limited, registered in the U.S. and other countries. FORTUNE may receive compensation for some links to products and services on this website. Offers may be subject to change without notice.
© 2025 Fortune Media IP Limited. All Rights Reserved. Use of this site constitutes acceptance of our Terms of Use and Privacy Policy | CA Notice at Collection and Privacy Notice | Do Not Sell/Share My Personal Information FORTUNE is a trademark of Fortune Media IP Limited, registered in the U.S. and other countries. FORTUNE may receive compensation for some links to products and services on this website. Offers may be subject to change without notice.
Back to home
Read more
Read more
Strengthening data defense in the
age of AI
Explore more
Field chief technology officer, Varonis
BRIAN VECCI
“AI doesn’t discriminate. It will use whatever data it can access. Without proper controls, every prompt becomes a potential breach.”
From planning to deployment: Why AI security is data security
The New Rules for Data Security
Back to home
+
“AI threats move faster than humans can respond. You need AI-powered defenses that can classify data, detect anomalies, and remediate risk in real time.”
Yaki Faitelson
Cofounder and CEO, Varonis
AI can’t scale without data security–here’s why