By Kris Lovejoy, Global Security and Resiliency Practice
Leader at Kyndryl
The rise of AI is not just reshaping industries; it’s transforming how we perceive and prioritize data security. As this emerging technology connects previously siloed datasets, even seemingly insignificant information can become a critical asset — or liability — when aggregated.
This new reality is triggering what’s shaping up to be a paradigm shift in security and resilience strategy, one where safeguarding both individual data points and their combined insights is more critical than ever.
Traditionally, organizations have categorized data by assigning varying levels of security based on perceived sensitivity. Financial records, intellectual property and personally identifiable information (PII) were “crown jewels,” rightfully receiving the lion’s share of protection. However, AI is rewriting this hierarchy.
AI algorithms, particularly machine learning models, thrive on vast and diverse datasets. Their power lies in identifying patterns, correlations and insights impossible for humans to discern. This means that seemingly innocuous data points — browsing history, location pings, sensor readings, customer service interactions and even metadata from various systems — can, when combined, paint an incredibly detailed and valuable picture. For instance, AI can correlate production line sensor data with weather patterns and supply chain logistics to optimize manufacturing in real-time. It can also analyze customer support transcripts alongside purchasing history and social media sentiment to predict churn with uncanny accuracy.
This dot-connecting elevates the worth of almost all data. What was once a collection of isolated facts becomes a strategic asset.
But just as AI ushers in unprecedented innovation and potential, it also casts a long shadow on data security, amplifying existing challenges and introducing new complexities. Unsurprisingly, only 29% of enterprise leaders express confidence that their AI is ready to manage future risks. While the core principles of data protection remain, AI’s scale, speed and vulnerabilities necessitate a more urgent and intensified application of traditional security measures, alongside a keen focus on emerging threats.
For years, organizations have grappled with foundational data security tasks. Yet, in the context of AI, these once-routine practices take on a new level of criticality.
29%
of leaders feel their AI implementation is completely ready to manage future risks
31%
of leaders identified data privacy and security as a top barrier to their AI adoption
25%
of leaders report difficulty integrating AI technologies with existing systems and workflows
Source: Kyndryl's AI Readiness Report
The insatiable appetite of AI models for vast datasets means that sensitive information, often unstructured and dispersed, is being aggregated and used in novel ways. Traditional data discovery methods, already challenged by data sprawl, now face an even more daunting task. Knowing precisely what data exists, where it resides and its sensitivity level is paramount before it’s fed into AI systems, where it can be inadvertently exposed or misused.
For enterprise leaders, the urgency lies in implementing intelligent — often AI-augmented — discovery tools that can keep pace with the dynamic data landscapes fueling AI development.
AI systems, by their nature, process and transform data, creating new avenues for potential data leakage. Insider threats, compromised AI models, or insecure APIs interacting with AI applications can all lead to significant data loss. While monitoring for anomalies in data usage is not new, its adaptation to the AI ecosystem is crucial. This includes monitoring how data is used by AI models, tracking data movement to and from AI platforms, and preventing unauthorized extraction or exposure of sensitive information embedded within AI-generated outputs.
The urgency is heightened by the potential for AI to automate and accelerate data exfiltration, making real-time, intelligent monitoring more critical than ever.
Malicious inputs designed to fool AI models into making incorrect decisions or revealing sensitive information. Protecting against adversarial attacks requires new defense mechanisms and robust model validation.
Attackers corrupt the training data of AI models, leading to biased or compromised outputs. This highlights the need for stringent data integrity checks and secure data supply chains for AI.
Techniques like federated learning (training models on decentralized datasets) and differential privacy (adding noise to data to protect individual records) are gaining traction to enable AI development while minimizing exposure of raw sensitive data.
The platforms and infrastructure hosting AI models and data are themselves targets. Securing these environments, from on-premises servers to cloud-based AI services, is crucial.
Ensuring that AI systems are used ethically, fairly, and transparently is a growing concern. This involves establishing clear governance frameworks and developing techniques for understanding and explaining AI decision-making processes, which can also help identify security vulnerabilities.
As AI models are increasingly trained on sensitive information, techniques like data tokenization — replacing sensitive data elements with non-sensitive equivalents (tokens) — become indispensable. This allows organizations to train and run AI models on data that mimics real-world information without exposing sensitive details.
While tokenization has been a staple for protecting data in databases and payment systems, its application to AI training datasets and inference processes is now a more pressing need to mitigate privacy risks and reduce the attack surface.
This new reality is triggering what’s shaping up to be a paradigm shift in security and resilience strategy, one where safeguarding both individual data points and their combined insights is more critical than ever.
AI security starts with the keys
The encryption keys used to protect sensitive data and the AI models are high-value targets. Robust key lifecycle management — encompassing generation, storage, distribution, rotation and revocation of cryptographic keys — is fundamental. With AI, the complexity increases due to the distributed nature of AI systems, the variety of data sources and the need to protect the intellectual property of the models. A compromised key can lead to widespread data breaches or model theft. The urgency is to ensure that scalable, automated and auditable key management practices are rigorously applied across the entire AI pipeline.
To be sure, the AI era introduces a new wave of security challenges that demand immediate attention. Threats such as adversarial attacks, malicious inputs that mislead models, model poisoning and the corruption of training data all highlight the need for stronger model validation and data integrity.
At the same time, securing the infrastructure that supports AI, whether on-premises or in the cloud, has become critical. As AI systems grow more complex, governance and explainability are essential to ensure ethical, transparent use and to uncover hidden vulnerabilities.
Meanwhile, privacy-preserving techniques like federated learning and differential privacy offer promising ways to develop AI without exposing sensitive data. For those who recall the early days of data security, this moment isn’t about starting from scratch — it’s about applying proven practices with new urgency, adapting them to the realities of AI and acting decisively to meet these elevated risks. The tools may be familiar, but the stakes have never been higher.
These evolving security demands are not just shaping how AI is governed — they’re also reshaping where AI data lives. As organizations seek greater control over sensitive assets, infrastructure decisions are coming under new scrutiny.
AI’s ability to collect, connect and infer from vast datasets has elevated privacy from a compliance concern to a core design challenge. As systems become more powerful, so too does the risk of unintentional exposure, de-anonymization and misuse of personal information.
According to the IAPP, 68% of consumers are worried about online privacy, and 57% view AI as a growing threat. Regulatory pressure is also mounting. The EU AI Act bans certain high-risk uses outright and enforces strict governance over handling personal data.
And the line between non-sensitive and sensitive data is blurring. AI can now draw revealing conclusions from seemingly harmless inputs — making privacy-preserving techniques, ethical frameworks and transparency not just good practice, but essential infrastructure. Embedding privacy into the AI lifecycle from the start is no longer optional — it’s the price of trust.
The emergence of sophisticated AI has irrevocably changed the data landscape. It has unlocked unprecedented value from the information we generate and collect, transforming even mundane data points into potentially critical components of strategic insight. This paradigm shift demands a corresponding evolution in our approach to data security.
Protecting data is no longer just about safeguarding predefined “crown jewels.” It is about recognizing the immense potential — and risk — inherent in all data when viewed through the lens of AI. As organizations increasingly leverage this technology, the imperative to secure data comprehensively, consider the implications of repatriation for critical AI workloads and uphold rigorous privacy standards will be paramount to harnessing AI’s power responsibly and sustainably. The future is intelligent, and it will be built on a foundation of secure and ethically managed data.
