The interaction between human users and artificial intelligence (AI) agents is fundamentally changing how security needs to be applied across enterprise environments. Part 1 of this series, Security in the Age of AI, explored the concepts of AI and examined the challenges of securing sensitive data across large language models (LLMs), from structured data to the complexities of unstructured data. We explained where AI can facilitate as well as make it harder to protect critical data and how security mechanisms can be abstracted from the applications using AI to ensure that sensitive data consumed and produced by these models can be protected and trusted. When you consider how fast AI is evolving, those challenges run much deeper. The acceleration is happening alongside growing concern about the need for oversight to ensure reliability. As highlighted by The Wall Street Journal, advancements in AI are also making it more difficult to detect risks in increasingly autonomous systems^[1].

Against this backdrop, enterprises must now secure not just the critical data they collect, use, and store to conduct business, but also the increasing amount of data supplied to AI models and the high-volume outputs that these generate. According to the Thales 2026 Data Threat Report, “61% of organizations report that their AI applications are already being targeted by hackers, with sensitive data being the leading target.”^[2] This new reality is creating fundamentally different challenges that traditional security tools have not been designed to manage.

Critical Security Challenges

AI expands both the types of data and the ways data can be exposed. Data used to train models, inference inputs, and real-time retrieval-augmented-generation (RAG) pipelines used by LLMs to maintain situational awareness of publicly available facts can all be sources of risk, including compromise and deliberate data manipulation or poisoning to produce erroneous results. Add to this the vast amount of data that is now produced by AI, and this results in a significant expansion of the attack surfaces, also raising questions over access controls and data ownership.

Traditional security solutions designed to address gaps in perimeter defenses and data storage controls are insufficient for addressing dynamic, real-time AI workflows. As highlighted by the Thales Data Threat Reports, “complexity limits clear insight into data security posture, making governance and control significantly harder at scale.”^[3]

Challenges and Mitigation Strategies

The adoption of AI is introducing significant security and governance challenges. The Thales Data Threat Report cites that attacks aimed at exposing sensitive data are among the fastest-growing AI threats.^[4] Organizations can address these through data-centric security strategies that protect the data before it is ever shared with AI models. A side-by-side outline of challenges and mitigation strategies is shown below:

Using AI to Protect Data

AI presents a considerable amount of risk, but it can also enable stronger defenses when applied correctly. Automated discovery and classification of sensitive data across environments can significantly reduce risks. Behavioral monitoring to detect anomalies and potential exfiltration and policy-driven enforcement to dynamically protect data in real time also provide a significant advantage. According to Gartner®: “Agentic AI enables novel ways to handle security operations by being more proactive than reactive, thereby unlocking greater operational efficiency and business value for improved accuracy and enhanced automation in cybersecurity use cases.”^[5]

A critical approach is decoupling data protection from the AI system itself. This can be achieved by tokenizing or redacting sensitive data before AI can have access to it, ensuring that the AI operates on protected representative data rather than the true values. Establishing policies to control when and how data can be re-identified ensures the confidentiality and integrity of the data.

Conclusion

While AI is reshaping enterprise operations, it is also introducing entirely new data protection risks. The combination of rapid change, increased attack surface, and growing complexity makes traditional security approaches insufficient. To securely adopt AI, organizations must protect sensitive data before it enters AI systems, maintain protection throughout processing and transformation to ensure outputs do not expose regulated or confidential data. The new security imperative requires a shift to a data-centric approach where security travels with the data.

Application-level data protection solutions that enforce policy-driven protection with encryption, tokenization, data masking and redaction, and granular access controls across a distributed environment help enterprises leverage the vast potential of AI innovation while reducing risk. According to Gartner®: “digital tokenization is one of the technologies that can help make your data AI-ready and keep your use cases and product and vendor choices resilient against possible future (regulatory) changes, mistrust against service providers, and data breaches.”^[6]

Leading with Prime Factors

Prime Factors helps organizations protect sensitive data with practical, proven cryptographic solutions designed for real-world enterprise environments. Its EncryptRIGHT platform takes an application-level, data-centric approach to security, separating cryptography and data protection functionality from applications. This enables organizations to centrally define and manage protection policies while enforcing them locally where data is used, processed, stored, or shared. The result is stronger, more consistent protection across distributed environments without requiring major application changes or disrupting business operations.

Whether supporting regulatory requirements, reducing exposure risk, or preparing for evolving cryptographic and AI-driven threats, EncryptRIGHT is designed to help organizations strengthen control over critical information assets. To learn more, request a free trial.

1. The Wall Street Journal: AI Is Getting Smarter. Catching Its Mistakes Is Getting Harder. Katherine Blunt, 14 April 2026.
2. Thales 2026 Data Threat Report: Data Security in the Agentic Age. February 2026.
3. Ibid., 1.
4. Ibid., 2.
5. Gartner: Emerging Tech: Top Use Cases for Agentic AI. Anushree Verma, Aakanksha Bansal, Alfredo Ramirez IV, Danielle Casey, Akhil Singh, 15 September 2025.
6. Gartner: Use Digital Tokenization to Protect Data in AI and GenAI Use Cases. Joerg Fritsch, Meghan Hollis, 5 February 2026.

Gartner is a trademark of Gartner, Inc. and/or its affiliates.