AI security was one of the dominant themes at this year’s Gartner Security & Risk conference. It was not confined to a single track or a narrow set of technical sessions. It showed up in discussions about AI risk frameworks, privacy, data security, third-party AI, shadow AI, AI agents, Copilot, access governance, breach response, and application security, including Mythos.

The message was clear: AI security has moved from a future concern to an immediate priority.

Cybersecurity teams are increasingly being asked to own or co-own AI security. But the answer cannot be to simply say “no” to AI. The business is moving too quickly. Boards, executives, and employees want the productivity, innovation, and competitive advantage AI can provide. Security leaders need to enable safe AI adoption, not become the department that blocks it.

One analogy that resonated came from Gartner analyst Josh Murphy in his AI risk frameworks session. AI security controls are like the brakes, seatbelts, airbags, and safety systems in a car. Those controls are not there to stop the car from going fast. They are what make it possible to go fast safely. Without them, you either crash or decide it is too risky to drive fast at all.

That is the right way to think about AI security. The goal is not to slow the business down. The goal is to build the safety systems that allow the business to move faster with confidence. To continue the analogy, while AI security controls are still being implemented, business stakeholders need to have a clear conversation about how much risk they are willing to accept until all the brakes and seat belts are fully in place on their car.

Across the sessions, one broader conclusion stood out: AI security is not just about models, prompts, or guardrails. It is about understanding and controlling the data AI can access, the identities it acts through, the business purpose it serves, the privacy impact it creates, and the blast radius if something goes wrong.

Below are the 10 sessions that shaped my thinking the most, along with Gartner perspectives on what security and risk leaders can do in the next 90 days to enable the safe deployment of AI in your business.

 

1. AI Risk Management Frameworks

Key learning from the session

AI risk requires structure. Organizations need a consistent way to assess AI systems, align stakeholders, define accountability, evaluate controls, and monitor risk over time.

Frameworks such as NIST AI RMF and ISO 42001 are the two most commonly used starting points, with OWASP and the EU AI Act providing additional perspectives. NIST AI RMF is often favored for its flexibility and strong alignment with existing risk management practices, making it easier to integrate into current governance structures. ISO 42001, on the other hand, is more prescriptive and audit-oriented, which can be advantageous for organizations seeking formal certification or alignment with regulatory expectations, particularly if compliance with the EU AI Act is a priority.

Each framework has trade-offs. NIST AI RMF offers adaptability but may require more interpretation to operationalize. ISO 42001 provides clearer structure and auditability but can be more resource-intensive to implement. OWASP is valuable for addressing specific technical threats, while the EU AI Act introduces regulatory requirements that organizations must map to their internal controls. The practical takeaway is that most organizations will need to use more than one lens.

The session also reinforced that AI risk is broader than traditional cybersecurity risk. It includes data risk, model risk, privacy risk, legal risk, operational risk, and business impact.

 

Why it matters

Without a framework, AI security becomes a series of disconnected decisions. One team evaluates model risk. Another team reviews privacy. Another team worries about access. Another team approves business use cases. That fragmentation makes it hard to govern AI consistently.

Frameworks create shared language across security, privacy, legal, data, product, engineering, and business teams. They also help security teams shift from being perceived as blockers to becoming enablers of responsible AI adoption.

Lightbeam perspective

AI risk frameworks are important, but customers still need to operationalize them. That is where the data layer becomes critical.

Most frameworks eventually force practical questions:

  • What data is involved, and how will it be used by AI systems?
  • Whose data is it?
  • Is it sensitive, personal, regulated, confidential, or business-critical, especially in the context of AI processing?
  • Where does it live, and how is it accessed by AI models or pipelines?
  • Who can access it, including AI systems and their operators?
  • Is that access appropriate for both human users and AI use cases?
  • Is the data being reused for a new purpose, such as training or fine-tuning AI models?
  • Can the organization reduce exposure before AI uses it?
  • Can the organization prove control over time, including governance of AI-driven data usage?

This maps directly to Lightbeam’s strengths in data discovery, classification, identity context, access governance, privacy workflows, retention, and remediation.

What to do in the next 90 days

Choose a baseline AI risk framework and use it to create an AI security assessment. The assessment should cover sensitive data discovery, data access, least privilege, privacy impact, data retention, third-party AI, and monitoring.

Recommended Gartner research: Gartner login required.

 

2. Cybersecurity’s Basic Questions Preparing Every AI Initiative for AI Laws

Key learning from the session

AI governance starts with basic questions that many organizations skip:

  • What business purpose does this AI initiative serve?
  • What process is being improved?
  • Is AI the right tool for the job?
  • What data is being used, and whose data is it?
  • What impact could the system have?
  • How will the system be monitored over time?

The session framed accountability as contextual. The same use of AI may be appropriate in one business context and inappropriate in another. That means organizations cannot evaluate AI in the abstract. They need to understand the purpose, process, data, risk, and impact of each initiative.

The EU AI Act was also discussed as a preview of where broader AI governance expectations are likely headed: accountability, purpose, control, data quality, impact assessment, human oversight, and monitoring.

Why it matters

Many organizations start with the technology. They ask, “What can this AI tool do?” or “What is the best AI platform?” But the better starting point is, “What problem are we solving, and what data will AI need to access to solve it?”

This matters because AI systems can drift from their original purpose. Data can change. Models can change. Business context can change. Without ongoing governance, an AI system that was appropriate at launch may become risky over time.

Lightbeam perspective

This is where Lightbeam’s privacy capabilities become highly relevant to AI security.

AI initiatives should trigger practical governance workflows, including Privacy Impact Assessments, Records of Processing Activities (RoPA) updates, data source reviews, retention reviews, purpose documentation, and access control reviews.

Many AI security vendors focus on prompts, models, or usage controls. But AI governance is not only a technical control problem. It is also a privacy, accountability, and data governance problem. Lightbeam can connect these workflows in a way many AI security tools cannot.

What to do in the next 90 days

Require AI initiatives involving sensitive or personal data to document business purpose, data sources, data subjects, retention, impact, access controls, and monitoring requirements.

Recommended Gartner research: Gartner login required.

3. Privacy Prerequisites to AI Success Stories

Key learning from the session

AI success depends on privacy and data governance foundations. The session emphasized familiar but critical disciplines:

  • data discovery
  • purpose limitation
  • classification
  • retention
  • access controls
  • secondary-use prevention
  • consistent governance

The core message was that organizations should not treat privacy as a separate compliance exercise after AI systems are already deployed. Privacy needs to be part of AI readiness from the beginning.

Why it matters

AI creates privacy risk when data is reused for new purposes, retained too long, exposed to the wrong users, or connected to systems without proper assessment.

For example, data collected for one business purpose may not be appropriate for AI training, model grounding, analytics, or automated decision support. Data that is legally retained may still be risky to expose through enterprise AI. Data that users technically have access to may not be appropriate for broad AI retrieval.

AI does not eliminate privacy principles. It makes them more important. When AI systems ingest personally identifiable information (PII) or other regulated data, that information can be embedded into models, logs, or downstream outputs in ways that are difficult to trace, audit, or remove. Unlike traditional systems where data can be deleted or access can be revoked, AI models may retain patterns or fragments of sensitive data even after the original source is removed. This creates challenges for compliance with regulations such as GDPR, HIPAA, and others that require strict control over data usage, retention, and deletion.

Organizations must therefore apply stronger governance around what data is fed into AI systems, how it is processed, and where it is stored. This includes implementing data minimization practices, anonymization or pseudonymization techniques, strict access controls, and clear policies on model training and retraining. Without these safeguards, the risk of unintended data exposure, regulatory violations, and loss of trust increases significantly.

Lightbeam perspective

Privacy Impact Assessments and RoPA are not side capabilities in an AI security story. They are essential practices that must be completed before sensitive data is ingested by AI systems. Customers need to document purpose, understand data subjects, assess impact, evaluate retention, review secondary use, and prove accountability.

What to do in the next 90 days

Adapt existing privacy processes for AI. Require PIAs, RoPA updates, retention reviews, and purpose documentation for high-priority AI initiatives, especially where personal or sensitive data is involved.

Recommended Gartner research: Gartner login required.

 

4. Apply Data-Centric Controls to Support Privacy and AI Governance Initiatives

Key learning from the session

AI governance requires data-centric controls. Organizations need to understand the data itself, not just the application, model, or AI interface.

That includes classification, sensitivity, business purpose, access context, and appropriate use. The same data may be appropriate for one AI use case and inappropriate for another.

Why it matters

Traditional access control often focuses on whether a user has permission to access a system, folder, or file. AI introduces a more nuanced question: is this data appropriate for this AI use case, this user, this purpose, and this context?

For example:

  • Customer support data may be appropriate for case resolution but not AI training.
  • Employee data may be appropriate for HR operations but not broad enterprise search.
  • Financial data may be appropriate for tax retention but not general-purpose AI summarization.
  • Customer PII may be appropriate for service workflows but not for experimentation with a new AI tool.

AI security therefore requires more than “allow” or “block.” It requires understanding purpose. 

Lightbeam perspective

By connecting sensitive data classification, business purpose, identity context, and policy enforcement, Lightbeam can help customers govern not only who can access data, but why that access is appropriate.

This is especially relevant for AI because the central question is often not whether data exists or whether a user technically has access. The question is whether that data should be used in a specific AI context.

What to do in the next 90 days

Identify sensitive data used in AI initiatives, document the approved business purpose, label the data based on sensitivity and purpose, and review whether user and AI access aligns to that purpose.

Recommended Gartner research: Gartner login required.

5. DSPM Unleashed: Turning Data Discovery Into Defense

Key learning from the session

Discovery is not defense.

Finding sensitive data, classifying it, and surfacing risk scores are necessary. But they do not reduce risk by themselves. Security teams do not need another dashboard of unresolved findings. They need to turn findings into action.

Rather than attempting to discover, classify, and analyze access across all data at once, organizations should first focus on the small percentage of data that represents their crown jewels. This is where the majority of risk is concentrated. By running the full data security lifecycle—discovery, classification, access analysis, and remediation—on this critical subset first, teams can drive meaningful risk reduction faster and more effectively.

The session emphasized moving from visibility to defense. That means prioritizing risk, remediating exposure, reducing excessive access, assigning accountability, and proving measurable improvement.

Why it matters

Many DSPM programs start with broad discovery and risk visibility. That can be valuable, but it can also overwhelm teams if it produces thousands of findings without a clear remediation path.

In an AI context, this problem becomes more urgent. AI can make overshared, stale, or poorly governed data easier to find, summarize, and expose. Discovery without remediation leaves the underlying AI risk in place.

Lightbeam perspective

The value of DSPM comes from what happens after discovery:

  • reduce excessive access
  • remove open access
  • automate remediation
  • enforce least privilege
  • assign data owners
  • retain or delete data based on policy
  • support access reviews
  • prove risk reduction over time

The right approach is not just “we find sensitive data.” It is “we help reduce the risk that sensitive data creates.”

What to do in the next 90 days

Pick the most sensitive 5% of data, identify open or excessive access, remediate it, apply and enforce a retention policy, and report before-and-after risk reduction.

This “crown jewels first” approach gives customers a practical way to make progress without trying to fix everything at once.

6. Outlook for Data Security: Going From Reactive to Resilient

Key learning from the session

Data security programs need to move from reactive to resilient.

The session highlighted a common problem: many organizations cannot quickly answer basic breach questions:

  • What data was touched?
  • Whose data was impacted?
  • Which customers, employees, or data subjects need to be notified?
  • Which systems or identities were involved?
  • What response is required?

The session also emphasized adaptive controls, classification, least privilege, tested response, and the need to reduce recovery time.

Why it matters

In a breach, speed matters. If it takes days or weeks to understand what data was exposed, the organization faces more operational, legal, regulatory, and reputational risk.

AI makes this more urgent. AI can accelerate attacker discovery, automate data access, and increase the speed at which sensitive data can be found or misused. Resilience requires knowing what data matters, who can access it, and how to respond quickly when something goes wrong.

Lightbeam perspective

Lightbeam enables automated breach impact scoping as part of its core capabilities.

Lightbeam can help customers determine what data was touched, whose data was impacted, and what response may be required. Importantly, Lightbeam can distinguish between PII belonging to customers versus employees, which carry different breach impacts and require different response actions. This capability is valuable to security, privacy, legal, compliance, and executive teams.

What to do in the next 90 days

Run a breach impact tabletop exercise. Test whether the organization can quickly identify impacted data, impacted people, and required response actions.

Also identify crown-jewel data, lock down excessive access, and evaluate where adaptive controls should apply.

 

7. Extending Existing Controls to Discover and Control Third-Party AI Usage

Key learning from the session

Organizations need to govern several categories of AI:

  • public or personal AI
  • enterprise AI
  • third-party AI embedded in SaaS and business applications

AI risk is broader than employees pasting sensitive data into public tools. AI is increasingly embedded in business applications, vendor platforms, SaaS tools, and third-party workflows.

Why it matters

Many organizations start by focusing on public AI use, such as employees using ChatGPT, Claude, Gemini, or other tools with personal accounts. That is important, but it is only part of the problem.

AI is also appearing inside approved enterprise applications, productivity suites, collaboration tools, CRM platforms, service platforms, and vendor ecosystems. Those AI capabilities may access sensitive data through existing permissions, user identities, connectors, or agent identities. At the same time, individuals are downloading and using their own frameworks to build agents, further expanding how AI interacts with enterprise data.

This creates a broader AI visibility and governance challenge.

Lightbeam perspective

Customers need to understand not only which AI tools are being used, but what sensitive data those tools can access and whether that access is appropriate.

This expands AI security from usage control to data access control. It is not enough to know that an AI tool exists. Organizations need to know whether that tool can reach customer data, employee data, regulated data, source code, contracts, financial records, or other sensitive information.

Lightbeam can help connect AI usage visibility and control with sensitive data exposure and access governance.

What to do in the next 90 days

Inventory public, enterprise, and third-party AI usage. Identify which tools can access sensitive enterprise data. Define approved AI use cases, restricted data types, and user guidance.

A practical control pattern is inline coaching: when a user attempts a risky or blocked AI action, explain why it is blocked and point them to approved alternatives.

Recommended Gartner research: Gartner login required.

8. Expose and Tame AI’s Top 3 Blind Spots

Key learning from the session

Shadow AI is bigger than most teams realize.

It includes more than employees using public AI tools. It can also include developers installing AI tools, SaaS vendors embedding AI, third parties using AI, AI browsers, and agent identities.

The session reinforced a familiar security principle: organizations cannot govern what they cannot see.

Why it matters

Shadow AI creates risk because it often operates outside approved governance, monitoring, data handling, and access control processes.

The risks are not limited to prompt data leakage. Shadow AI can introduce software supply chain risk, expose sensitive data through browser-based tools, create unmanaged agent identities, or allow vendors and third parties to process data in ways the organization has not reviewed.

As AI becomes embedded across the business, the boundary between approved and unapproved AI becomes harder to see.

Lightbeam perspective

The deeper question is not just “Which AI tools are being used?” It is “What sensitive data can those AI tools, users, and agents access?”

That moves the conversation from AI discovery to AI data security.

Lightbeam’s role is to help customers understand where AI usage intersects with sensitive data, excessive access, privacy obligations, and business risk.

What to do in the next 90 days

Discover employee, developer, SaaS, and third-party AI use. Review AI browsers and browser-based AI tools. Identify which tools intersect with sensitive data. Define approved AI tools, restricted data types, and monitoring priorities.

 

9. How to Secure Enterprise AI Agents

Key learning from the session

AI agents require discovery, identity, scoped access, tool containment, monitoring, and governance.

Agents are not just users of data. They can retrieve data, invoke tools, take actions, call APIs, interact with systems, and operate with varying levels of autonomy.

That makes them fundamentally different from traditional applications or human users.

Why it matters

Agentic AI changes the access governance problem.

The question is no longer only “Who has access to sensitive data?” It is also:

  • What autonomous or semi-autonomous systems can access the data?
  • What tools can they invoke?
  • What actions can they take?
  • What systems can they modify?
  • What data can they retrieve?
  • Whose data are they allowed to access?
  • Under whose authority are they acting?
  • How long do they need access?
  • What business purpose justifies the access?

A useful principle from the session: the sensitivity of an agent equals the sensitivity of the data and systems it can access.

Lightbeam perspective

Agentic AI introduces a new class of identities that require the same rigor applied to human and machine access.

Lightbeam helps organizations extend their access governance practices to AI agents by providing visibility into agent identities, their permissions, ownership, and the context in which access is granted, including purpose and duration. It also enables monitoring of agent activity to ensure appropriate use.

This approach aligns with Lightbeam PrivilegeIQ and a broader zero standing privilege strategy, helping organizations understand and reduce what agents can access before allowing them to operate across enterprise systems.

What to do in the next 90 days

Inventory AI agents and agent-like workflows. Assign owners. Identify what data, tools, and systems each agent can access. Remove unnecessary permissions. Require just-in-time or time-bound access for higher-risk agents.

Recommended Gartner research: Gartner login required.

10. AI Cyber Stewardship: 6 Principles for Managing AI Cyber Risk

Key learning from the session

AI policy alone is not enough.

Many organizations have AI policies, but misuse continues. Policies do not create control unless they are backed by literacy, governance, monitoring, enforcement, and measurable remediation.

Security leaders need to move AI security from written policy to operational control.

Why it matters

AI adoption is already happening across the business. Employees are experimenting. Developers are using AI tools. Business units are building AI workflows. Vendors are embedding AI into platforms. Agents are beginning to appear.

If cybersecurity waits for perfect policy or perfect governance, it will fall behind the pace of adoption. But if it acts without structure, it risks becoming either a blocker or an ineffective policy publisher.

The practical need is a maturity model that helps teams prioritize what to do first.

Lightbeam perspective

A shared responsibility model is essential, where cybersecurity enables and governs, but business and data owners actively participate in applying controls and guardrails to AI usage. This collaborative approach ensures that AI risk is managed where data is created, accessed, and used, rather than relying solely on centralized security teams. It also encourages greater accountability across the organization, as stakeholders who understand the context and value of the data are better positioned to make informed decisions about its protection. By embedding security practices into everyday workflows, organizations can respond more quickly to emerging risks, improve compliance with regulatory requirements, and foster a culture where secure and responsible AI use becomes a standard part of operations.

What to do in the next 90 days

To operationalize these principles, organizations should focus on a set of practical, time-bound actions:

  • Establish AI governance ownership: Define clear roles and responsibilities across cybersecurity, data, legal, and business teams to support a shared responsibility model.
  • Inventory AI usage: Identify where AI tools and models are currently being used across the organization, including shadow or unsanctioned usage.
  • Define acceptable use policies: Create or update policies that outline how AI can be used, what data can be shared, and what controls must be followed.
  • Implement baseline controls: Apply foundational safeguards such as access controls, data classification, logging, and monitoring for AI-related activities.
  • Conduct risk assessments: Evaluate high-impact AI use cases to understand potential security, privacy, and compliance risks.
  • Launch awareness and training: Educate employees on responsible AI use, emphasizing data protection and secure practices.
  • Pilot governance workflows: Test approval, monitoring, and incident response processes for AI use cases to refine governance before scaling.

These actions provide a structured starting point to move from awareness to execution, helping organizations quickly reduce risk while building a foundation for long-term AI governance.

Recommended Gartner research: Gartner login required.

The 90-Day AI Security Agenda

  1. Choose an AI governance framework.
  2. Inventory AI usage across public, enterprise, third-party, developer, browser-based and agentic AI.
  3. Identify crown-jewel data.
  4. Assess what AI can access.
  5. Reduce excessive access before expanding AI.
  6. Apply privacy governance to AI initiatives.
  7. Govern AI agents with identity, ownership, and scoped access.
  8. Move from discovery to remediation.
  9. Test breach impact readiness.
  10. Communicate safe AI as an enabler, not a blocker.

Conclusion: The Next 90 Days Matter


The biggest takeaway from Gartner Security & Risk is that AI security is no longer a future planning exercise. AI is already being adopted across the business, often faster than security, privacy, legal, and data teams can fully govern it. Waiting for perfect policies, perfect frameworks, or perfect tooling is not a realistic option.

At the same time, saying “no” to AI is not a sustainable strategy. The role of cybersecurity is to help the business move fast safely. That requires the AI equivalent of brakes, seatbelts, airbags, and control systems: risk frameworks, data discovery, classification, access governance, privacy assessments, retention controls, monitoring, and breach impact readiness.

The common thread across the Gartner sessions was that AI security depends on data security. Organizations need to understand what sensitive data they have, who and what can access it, whether that access is appropriate, what purpose the data serves, and what happens if that data is exposed. Without that foundation, AI can amplify existing data security, privacy, and access governance gaps at machine speed.

The next 90 days are an opportunity to make meaningful progress. Security leaders can choose an AI risk framework, inventory AI usage, identify crown-jewel data, assess what AI can access, reduce excessive permissions, apply privacy governance to AI initiatives, and begin governing AI agents. None of these steps require waiting for a long-term AI security program to be fully mature. They are practical actions that can reduce risk now while enabling the business to keep moving.

AI readiness starts with data readiness. The organizations that understand and control their data today will be the ones best positioned to adopt AI quickly, safely, and responsibly tomorrow.