Topic

Data Loss Prevention

Data loss prevention (DLP) refers to security tools and strategies that identify, monitor, and block sensitive information from being transmitted outside an organization's network or stored in unauthorized locations. In AI governance, DLP is critical because machine learning models trained on enterprise data can inadvertently expose proprietary information, personal data, or regulated content through model outputs or data leakage during training pipelines. Implementing DLP controls helps organizations meet compliance requirements like GDPR and HIPAA while protecting intellectual property and maintaining customer trust.

2 items

Corporate PolicyGlobal2026-05-30

Agentic AI in Production Demands Least-Privilege Controls, DLP Integration, and Quarterly Audit Reviews, Adappt Playbook Finds

AI platform vendor Adappt has published a technically specific governance playbook for deploying agentic AI systems in production environments, recommending least-privilege permissions, scoped retrieval, data loss prevention (DLP) integration, adversarial risk testing, and structured evaluation gates. The guidance targets organizations moving autonomous AI agents from pilot to production in 2026 and specifies audit log requirements designed to support both incident response and periodic governance review. The playbook addresses a recognized gap in enterprise governance programs: the absence of operational controls for AI agents that take consequential, multi-step actions on behalf of users or systems.

agentic AI least-privilege prompt injection audit logs data loss prevention risk management model evaluation transparency accountability enterprise governance

ResearchUS2026-04-19

82% of Top 100 GenAI SaaS Tools Rated Medium to Critical Risk as Employees Routinely Enter Sensitive Data, Cyberhaven Labs Finds

Cyberhaven Labs released its 2026 AI Adoption and Risk Report on February 5, 2026, drawing on analysis of billions of real-world data movements across generative AI SaaS platforms, endpoint AI applications, and AI agents used in enterprise environments. The report finds that 82% of the top 100 GenAI SaaS tools are classified as medium to critical risk, and that employees are entering sensitive data into AI tools on average once every three days. A significant shadow IT dimension is documented: 32.3% of ChatGPT usage and 24.9% of Gemini usage occurs through personal accounts rather than corporate-managed accounts, placing that activity outside enterprise data governance controls. For compliance teams, the findings underscore a structural gap between the pace of AI adoption and the maturity of data loss prevention, acceptable use policies, and third-party risk management programs. Organizations lacking visibility into AI tool usage at the endpoint level may face exposure under data protection obligations in multiple jurisdictions, including the EU AI Act, various US state privacy laws, and sector-specific regulations governing sensitive data handling.

Cyberhaven ChatGPT Gemini OpenAI Google EU AI Act EU United States shadow IT data governance data loss prevention third-party risk management transparency enterprise AI risk