What are the minimum viable security controls for AI?

This is Blog 8 in our Data Trust + AI Success Series

1. Why seeing AI risk isn't enough to protect you from it
2. Security by obscurity just died. AI killed it.
3. Why AI doesn't behave like a human
4. Why most AI projects are failing
5. Why CISOs need a seat at the AI design table
6. Why AI is a stress test of your security fundamentals
7. How high data trust speeds up AI
8. What are the minimum viable security controls for AI?

CISOs have a short list of conditions AI must meet before it gets anywhere near enterprise data.

Ninety percent of enterprises are already running generative AI at scale. Most of the security leaders sitting next to those deployments aren't sure they can stop AI from reaching the wrong data. In MIND's research, 65% of CISOs said they were not confident or only somewhat confident in their AI data security controls. One in five AI projects fail to meet their intended goals. So security leaders have started doing something practical. They've drawn a line. Before a new AI system touches enterprise data, it has to clear a short set of conditions first.

We asked 124 CISOs and 20 senior practitioners what those conditions are. Their answers converged on a baseline that's worth writing down.

The gate isn't there to slow anyone down. It exists so security keeps visibility and control while the business moves fast.

The pressure is real. Business leaders are driving AI adoption at a pace security wasn't designed to match, and the old assumptions no longer hold. Frameworks built for human actors don't account for agents that inherit broad permissions and act without human judgment. Data estates that sat quietly in SharePoint for years, unclassified and loosely governed, suddenly become reachable the moment an AI tool is pointed at them.

CISOs in this research weren't trying to block any of that. They were trying to make sure that when an AI initiative launches, it lands inside an environment where someone can still see what it's doing and shut it down if it drifts. That's the whole point of a baseline. It turns governance into something repeatable instead of something you reconstruct after every new project.

When we asked security leaders what has to be true before they'll approve an AI initiative, the same six requirements came up again and again. None of them are ideal-state. They're the practical gates CISOs are already applying today.

• Enterprise deployment. The AI tool runs under an enterprise license, not a consumer account, so administrators keep visibility and activity stays auditable.
• Vendor data usage clarity. The organization confirms how the vendor uses its data and whether that usage can be turned off.
• Data retention and hosting transparency. Retention policies, hosting location and environment type are defined clearly, not assumed.
• Identity integration. People access the tool through SSO and existing identity governance. The AI system itself carries a unique, trackable identity.
• Scoped data access. The system reaches only the data its use case requires and stays walled off from everything that isn't core to its function.
• Defined business KPIs. Success metrics are set before deployment, so the program measures outcomes instead of activity.

Read together, they describe the conditions that let an AI initiative scale without quietly introducing data exposure no one chose to accept.

Of the six, scoped data access is where most organizations have the furthest to go. The principle is simple. A system should reach only the data its use case requires and stay walled off from everything else. Holding to it is where teams struggle, because most AI tools don't arrive scoped. They arrive with the access of whoever turned them on.

That's the gap that turns AI into a present risk rather than a future one. An agent that inherits a human's permissions operates at the full scope of what that human can reach, not what the task actually needs.

Scoping access to the task is the control that does the quiet work behind every other one on the list. A system that can only reach what it needs can only ever expose what it needs. That's also why scoping is hard. You can't restrict access to data you haven't found and classified, and most enterprises have years of unclassified files sitting in collaboration tools and cloud stores that no one has mapped. Until that data is visible, scoped access is a policy on paper rather than a boundary the AI system actually runs inside.

A baseline only helps if you can hold the line in real time. This is where most teams feel the strain, because the controls assume something many organizations don't yet have: a clear, current picture of where sensitive data lives and who, or what, is touching it.

That picture is what MIND is built to give you. We discover and classify sensitive data across the unstructured estate, file stores, collaboration platforms and cloud repositories, so the boundary you drew at intake is one the AI system can actually be held to. We're not just flagging where data sits. We're minding the connection between that data and every identity reaching for it, human or agent, so the gate you set at intake stays enforced after the project goes live.

When security joins at project intake and the controls are already in place, governance becomes the thing that lets AI move faster, not the thing teams route around.

The organizations adopting AI fastest in this research share one pattern. They treat data trust as a prerequisite, not a cleanup task. They keep visibility into what their systems can access, they extend governance to non-human identities and they decide what success looks like before the first query runs.

From that footing, AI stops being a risk to manage cautiously and becomes a capability you can direct with confidence. Think of the six controls as a floor rather than a finish line. They make everything you build above them safe. Most teams already have the pieces. What's been missing is the visibility and enforcement to make them hold at AI speed.

Read the whole report.

If your organization is moving on AI and you want to see what scoped access and real-time enforcement look like against your own data, see MIND for yourself.