Hype cycles lead to impulsive adoption. It’s what they’re designed to do. But enterprises aren’t falling for it this time. When it comes to generative AI, pilot projects are in motion. Yet most enterprises refuse to connect their proprietary data to LLMs or other AI agents. 

Security teams are in the dark about important questions. Will generative AI providers disclose information to others? Will someone be able to uncover proprietary information with a clever prompt? How safe is our data really? 

The data confirms their concerns. According to IBM’s 2025 Cost of a Data Breach Report, 97% of organizations that experienced AI-related breaches lacked basic access controls. The threat isn’t hypothetical.

The SaaS boom left too much data exposed to bad actors. Generative AI will, if anything, both complicate security problems and accelerate breaches. Enterprises want to be proactive, not reactive, and rightfully so. The stakes are too high to learn as we go. Teams are looking to layer on policies, securities, and permissions from the very start, to enable safe use of generative AI without exposing data where it doesn’t belong. 

Lessons from SaaS

During the SaaS boom of the 2010s, organizations adopted apps more quickly than security solutions could keep pace. Lured by low total cost of ownership and easy scaling, teams rapidly accumulated SaaS software. Software ate the world, to paraphrase venture capitalist Marc Andreessen. Companies that had used a handful of business applications suddenly found themselves managing multitudes of SaaS vendors.

It’s now normal to use dozens of SaaS applications, each with its own integration points, APIs, and third-party connections. The convenience of SaaS comes at a cost. 43% of organizations have reported SaaS-related security incidents since 2019. The average enterprise spends around $1 million annually on incident response and recovery from SaaS-related attacks and data breaches. 

SaaS apps and enterprise databases create a sprawling attack surface where a single misconfiguration, unvetted integration, or overlooked permission can expose sensitive data. Since security controls are often inconsistent across apps, attackers only need to exploit the weakest link to gain entry.

AI complicates everything

The ultimate goal of generative AI is to delegate more tasks to AI agents. These agents exist in the sprawling infrastructure of enterprise SaaS. When you give agents permissions to access to sensitive data and let them to act without human oversight, the SaaS attack surface increases even more. Blind spots grow bigger and breaches accelerate. 

Agents relying on third-party models and APIs inherit pre-existing vulnerabilities, which attackers can exploit. A compromised agent can expose data and perform malicious action, moving laterally between multiple SaaS applications and APIs. SaaS tools often default to permissive sharing, so AI tools that scrape or auto-share data can increase unintentional data exposure. Because agents operate at machine speed, and can execute decisions without human review, breaches and data exfiltration can happen before security teams detect them. And now AI is compounding the problem – shadow AI breaches cost organizations an average of $670,000 more than traditional incidents (IBM, 2025).

If data can’t be exposed without permission, and if an agent cannot move between APIs and SaaS tools without governance, many problems can be prevented. A combination of access controls, governance, and monitoring is in order so that we don’t enhance the security problems from the SaaS era. 

Implementation hesitation

Security teams want to track how generative AI is being used, and rightfully so. Most enterprise data projects remain stuck in the pilot phase—and for good reason. According to BigID’s 2025 AI Risk & Readiness Report, only 6% of organizations have an advanced AI security strategy in place. Meanwhile, Gartner predicts that 40% of AI-related data breaches by 2027 will stem from cross-border GenAI misuse if left unchecked.

I’ve seen a few attempts to address the problem. 

One is adoption caution. Software vendors questionnaires to make sure their products are secure. One new question I’ve seen is: “Does the product have anything to do with generative AI?” Teams need to know where their data is going, and to whom. 

I find these solutions circuitous. At Fluree, we’ve long included the ability for data to defend itself. Enterprises should be able to control where any of their data goes. Only full oversight will suffice. 

Data defends itself, with or without AI

Fluree offers the ability to embed policies into data itself, otherwise known as data-centric security. Data retains security policies regardless of where it is stored, processed, or accessed.

Security teams define who and how data can be contributed, used, and accessed. They can monitor the data as it moves through systems and users, enforcing identity and access management protocols along the way. Policies protect data no matter if there’s one line of code off in your API or if a lot of different users use a lot of different APIs. Moreover, data-centric security is naturally scalable. 

When an LLM makes a query, you don’t just receive the answers—you also receive the security policies that were applied. This gives you complete traceability over the data. On top of that, you can reproduce any policy as it existed at a specific point in time, so if you ever need to audit something, that context is always available. You can review the applied policies in real time to verify compliance, or export them for governance and reporting purposes. If something looks off, you can adjust permissions instantly and confirm that the changes are enforced.

As a result, whether you’re using generative AI or not, data will be compliant with regulatory requirements, because policies and permissions are baked in. It will be a lot harder for attackers to access data, because it defends itself. You can update security policies across the board even in complicated infrastructures that include many generative AI agents.

A new opportunity for security 

The question isn’t whether AI will transform business operations—it’s whether we’ll learn from SaaS mistakes and secure these systems properly from the start.