Ninety percent of enterprises are already running Enterprise GenAI at scale. That number comes from new research conducted by MIND in partnership with CISO ExecNet, and it should give every security leader pause. Not because AI adoption is surprising. But because of what sits directly beneath it.

Although 90% of organizations are deploying Enterprise GenAI at scale, only 34% of CISOs describe themselves as reasonably confident in their AI data security controls. As a result, only 1 in 5 of those AI initiatives are meeting their intended KPIs.

The adoption curve and the confidence curve are moving in opposite directions. That gap is what this research was built to examine.

Why does AI adoption expose what poor data governance was hiding?

For years, poor data governance was survivable. Files went unclassified. Repositories stayed ungoverned. Access controls were written for human actors who exercised natural judgment about what they touched and when. None of it surfaced as a crisis because no system was scanning everything at once.

AI changed that equation entirely. The moment an Enterprise GenAI tool connects to a data source, it finds everything within reach. Unclassified files, overshared repositories and sensitive data that nobody realized was broadly accessible. At one organization, executive compensation files had been sitting in SharePoint for years with no classification or access controls. When an Enterprise AI tool was deployed, those files became broadly accessible to a wide internal audience overnight. Security by obscurity ended the moment AI came online.

The research puts numbers to this reality.

• 70% of security leaders struggle to enforce policies on GenAI tools
• 66% cannot enforce policies on AI agents
• And 98% are dealing with at least one significant AI security challenge

These aren't organizations without governance. Boards have been briefed. Policies have been written. Frameworks have been established. But as the research makes clear, governance without technical enforcement is intention without effect. For most organizations, the mechanisms capable of applying those policies against data in motion, at the speed AI demands, simply don't exist yet.

The deeper issue is structural. Every security framework in the enterprise was built with human actors in mind. Humans can be trained, audited and held accountable. Even privileged users exercise judgment about what they access and share. AI agents inherit the same permissions but operate without any of that judgment. They move at machine speed and find everything within reach, not just what's relevant. Thirty-two percent of organizations already have unknown agents operating in their environments. The frameworks that were adequate before AI arrived are now being stress-tested at a scale they were never built to handle.

What does new research from 124 CISOs reveal about AI success and data trust?

MIND and CISO ExecNet set out to understand exactly where data trust is breaking down and what it means for AI success. The study combined a quantitative survey of 124 senior security leaders with 20 qualitative interviews from CISOs at organizations with more than 1,500 employees or over one billion dollars in annual revenue. All participants held VP-level roles or higher. The seven insights that emerged from the convergence of survey data and practitioner experience represent the strongest and most consistent patterns across the entire research project.

Those insights trace a connected arc.

• The enforcement gap
• The data debt problem
• The structural mismatch between security frameworks designed for human actors and the non-human actors now operating against them
• The measurable cost of AI initiative failure
• The growing difficulty of communicating AI risk to a business that is committed to moving fast
• The competitive advantage that flows to organizations who solve it first.

The central thesis is that data trust is not a security feature. It is the invisible but decisive ingredient that determines whether AI initiatives succeed or fail. When data trust is high, organizations can use data freely to power AI-driven outcomes. When it isn't, AI innovation slows, scales poorly or introduces risk that most organizations can't yet see.

MIND isn't just reporting on this gap. We're minding the conditions that close it, helping organizations achieve visibility into what data exists, extend governance to non-human actors and build enforcement that operates at AI speed. The organizations that build that foundation now aren't just reducing exposure. They're building the only infrastructure that allows AI to become a genuine competitive accelerant.

How can CISOs close the gap between AI adoption and data security?

The full report, {children}, is available now. It covers the enforcement gap, the data debt problem, why AI agents behave so differently from human users, how AI initiative failure stays invisible and what a minimum viable security foundation actually looks like in practice. It also maps a clear path forward for CISOs who want security to be the function that enables AI adoption, not the one that slows it down.

If your organization is running AI at scale and the outcomes aren't matching the investment, this research was written for you.

{children}

Running a Data Loss Prevention program has never been easy. Security teams define policies, tune classifiers, investigate alerts and stitch together signals across dozens of systems. The mission is clear: protect sensitive data. The reality is a constant stream of operational work that pulls analysts away from higher-value security decisions.

What matters now is simple. Data security teams need a way to operate at the speed of their environments.

Sensitive data now moves across SaaS platforms, GenAI applications, endpoints, on-premise file shares and emails. At the same time, security teams are expected to protect it all without growing headcount. The gap between the scale of modern data environments and the capacity of security teams continues to widen.

Running a DLP program is not optional. The challenge is how much manual effort it still demands.

{children}

Why is traditional DLP so hard to operate today?

Traditional DLP was built for a different era. Early systems relied heavily on pattern matching, static policies and manual review. As environments grew more complex, security teams responded by adding more rules, more policies and more investigation workflows.

Over time this created an operational burden. Alerts increased. False positives accumulated. Analysts spent more time triaging activity than understanding risk.

Modern environments simply move faster than manual workflows can keep up with.

What does autonomous data security actually mean?

This is where the idea of autonomous data security comes in.

Instead of asking security teams to run every workflow manually, the system can begin taking on parts of that operational work. Classification, investigation and triage become collaborative processes between analysts and intelligent systems. The analyst stays in control, but the heavy lifting starts to shift toward automation.

Our vision is to revolutionize data security by innovating with simplicity, AI and automation in MIND.

We believe that programs should scale with the business. Security teams should spend less time managing alerts and more time focusing on real risk.

What is the Autonomous DLP Analyst?

Today we are taking a meaningful step toward that vision.

MIND is introducing the Autonomous DLP Analyst, designed to help security teams run their data security programs at AI speed. Rather than requiring analysts to manually execute every step of the workflow, the Autonomous DLP Analyst performs key operational tasks through specialized skills.

People remain at the center of the process. What changes is how much repetitive work they have to do to get to an answer.

The first two skills focus on areas where security teams consistently spend the most time: building classifiers and investigating issues.

How can security teams automatically classify business-specific data?

Every organization has sensitive data that is unique to its business. Intellectual property, internal strategy documents, proprietary code and operational records rarely follow predictable patterns.

Historically, security teams attempted to identify this data using complex regex rules and static policy logic. Maintaining those rules required constant tuning and often generated large volumes of false positives.

The Custom Classifier skill changes this workflow.

Security teams can provide examples of the sensitive data that matters to their organization. The system analyzes those examples and automatically generates classifiers designed to recognize similar information across the environment.

These classifiers are then deployed into MIND's multi-layer AI classification engine, allowing the platform to detect business-specific data across SaaS applications, GenAI tools, endpoints, on-premise file shares and email environments.

Instead of forcing teams to translate business knowledge into complex rules, the system learns directly from the data itself.

How can AI help investigate DLP alerts faster?

The second operational bottleneck in most DLP programs is investigation.

When alerts appear, analysts often need to reconstruct the entire sequence of events. Who accessed the data. Where it moved. How sensitive the information is. Whether the activity represents real risk or normal behavior.

Gathering that context typically requires pivoting between multiple tools and consoles.

The Issue Investigator skill streamlines this process.

Rather than assembling the story manually, analysts receive structured context that highlights the most relevant signals. User activity, file movement and data sensitivity are presented together so the investigation can begin with the right perspective.

Automation helps here, but the real value is clarity. When context arrives with the alert, security teams can understand what happened much faster and respond with greater confidence.

What does the future of autonomous data security look like?

These first skills represent the beginning of a broader shift in how data security programs operate.

Modern environments generate enormous volumes of operational work. Classification tuning, alert analysis, investigation and policy refinement can consume a security team's time before they ever reach strategic risk decisions.

Autonomous data security aims to change that equation.

The Autonomous DLP Analyst will continue to evolve with additional skills designed to handle more of the workflows that slow security teams down today. Each skill moves another operational task from manual effort to intelligent assistance.

The goal is to reduce operational friction so security teams can focus on protecting what matters most.

Why will autonomous data security define the next generation of DLP?

The future of data security will not be defined by more alerts or more rules.

It will be defined by systems that understand context, reduce manual effort and help security teams move faster than the threats they face.

The Autonomous DLP Analyst is an important step toward that future. And we are only getting started.

More skills are already on the way, each designed to make data security programs easier to operate and easier to scale.

Learn more about it at {children}

The AI tools built into your security stack are making decisions at a scale no human team can match. They're classifying data, scoring risk, triggering enforcement and shaping your program's posture without a line of policy being manually written. That's the promise of AI-powered security. But it also raises a question most vendors haven't been willing to answer: how do you know the AI doing that work is governed responsibly?

ISO 42001 is the answer the industry has been building toward. Published by the International Organization for Standardization in December 2023, it's the world's first international standard for AI management systems. It doesn't certify a product. It certifies that an organization's approach to developing and deploying AI, including the policies, controls, risk assessments and oversight mechanisms in place, meets a globally recognized standard.

{children}

What ISO 42001 actually requires

This isn't a checkbox audit. Certification under ISO 42001 requires an independent third-party assessment across 38 distinct controls organized into nine areas: data governance, model development, operations, security, ethics, accountability, transparency, incident response and continuous improvement. Every AI system MIND deploys has been evaluated for how it handles data quality and lineage, how it approaches adversarial testing, how it responds to incidents and how it maintains transparency with the organizations that rely on it.

The standard also requires continuous improvement. This isn't a milestone you reach and file away. It's a framework that evolves alongside the AI itself, with ongoing monitoring, documentation and governance cycles built into how we operate. That's a meaningful commitment, and one that most AI-powered vendors in this space have not made.

Why being first in data security matters

Not all AI carries the same risk. A recommendation algorithm that misclassifies a product is inconvenient. An AI system that misclassifies sensitive data in your environment, or generates false positives that erode analyst trust, has real consequences: regulatory exposure, missed incidents and the slow erosion of confidence in the program itself.

Data security tools operate on the most sensitive information in the enterprise. Intellectual property, customer records, regulated data, the files that could become a breach headline if they reach the wrong destination. The AI that governs how that data is discovered, classified and protected needs to be held to a higher standard than tools operating in lower-stakes contexts.

Achieving ISO 42001 first in data security isn't symbolic. It reflects what we believe responsible AI in this space should look like, and it sets a bar we'd encourage the rest of the industry to meet.

{children}

What this means for your program

For security leaders managing risk and reporting to leadership, this certification changes a specific conversation. When you're asked how the AI in your security stack is governed, what it's been audited against and who holds it accountable, ISO 42001 gives you a clear and verifiable answer. Not a vendor's word for it. An independent third-party assessment against an internationally recognized standard.

We've seen how the absence of AI governance frameworks creates friction, not just internally, but with auditors, regulators and boards who are increasingly asking these questions. The certification doesn't just reflect MIND's commitment to responsible AI. It gives the security leaders who rely on us something concrete to stand behind in those conversations.

That's what Stress-Free DLP looks like in 2026: not just automation that works, but automation you can trust, explain and defend. If you're ready to see how MIND's certified platform fits into your data security program, we'd be glad to show you.

{children}.

For many CISOs and security leaders responsible for Microsoft 365 security and AI risk management, it was a recognition of some exposure risks they were very much aware of.

AI assistants like Microsoft Copilot do not invent risk. They illuminate it. In this case, the Copilot DLP bypass highlighted a deeper enterprise AI security issue: data trust across Microsoft 365 and SaaS environments is not where it needs to be.

Copilot is easy to adopt. It integrates seamlessly into the Microsoft ecosystem. It promises productivity gains without heavy infrastructure changes. For organizations under pressure to move quickly into an AI-enabled future, enabling it feels natural and even necessary.

The controls were in place. The Microsoft 365 tenant was secured. DLP policies were configured.

Yet speed has a cost.

In the rush to capture AI value, many teams did not fully evaluate how sensitive data was classified, how permissions had expanded over time or how enforcement behaved under new AI-driven access patterns. What this moment exposed was not a single bug, but a broader condition: structural data fragility.

Over years, sensitive data sprawl, permission creep and incomplete classification quietly compound. The environment remains operational. Compliance boxes are checked. But structural risk accumulates beneath the surface, largely invisible until AI begins operating across it at scale.

How did the Microsoft Copilot DLP bypass reveal a data trust gap?

AI operates at machine speed. It searches, correlates and summarizes across vast volumes of content in seconds. If sensitive information is accessible within the environment, it will surface.

The core issue is not simply that Copilot bypassed DLP controls. The deeper issue is that protection depends on trust in your data foundation. Trust that you know what is sensitive, that it is accurately classified and that policies are enforced consistently across the estate.

Without that trust, controls become fragile.

For years, unstructured data has multiplied across cloud drives, SaaS, collaboration platforms and email systems. Files were shared. Access was granted. Exceptions were made. Policies were written but rarely continuously validated.

AI did not create this complexity. It revealed it.

Are AI copilots exposing hidden DLP gaps and data exposure risks?

This event may not be the last headline of its kind.

As organizations move quickly toward AI copilots, GenAI applications and agentic workflows, new edge cases will emerge. AI interacts with data differently than humans do. It traverses context. It aggregates at scale. It tests the boundaries of policy enforcement.

Unless data trust is embedded across the entire data estate, discovery, classification, detection, remediation, policy orchestration and prevention working in concert, similar exposures are a very real possibility for any company.

This is not a failure of innovation. It is a reminder that innovation amplifies whatever foundation it sits upon.

Is Microsoft ecosystem security enough without a strong data foundation?

Many leaders assumed that operating inside a trusted vendor ecosystem meant they were inherently protected. Platform security is critical, but it cannot compensate for incomplete visibility into your own data landscape. AI exposes the difference between compliance and confidence.

Compliance asks, "Do we have DLP rules?"

Confidence states, "We truly understand what matters across our data estate."

Data trust means:

• Continuously discovering sensitive data wherever it lives
• Accurately classifying it with business context
• Monitoring how it is accessed and used
• Detecting anomalous behavior in real time
• Remediating risk automatically and consistently
• Preventing data leaks and enforcing policies without relying on manual intervention

When these elements operate together, AI becomes an accelerator. When they do not, AI becomes a magnifier of existing gaps.

How can organizations build data trust and achieve DLP at AI speed?

The Copilot story should not drive panic. It should drive reflection and action.

Organizations deserve to securely innovate at the speed of AI.

Data trust is not a feature, it's an architectural commitment. It requires moving beyond static rules and fragmented tools toward a unified approach that continuously understands, prioritizes and protects what matters most.

This is where modern, AI-native data security platforms like MIND play a critical role.

MIND was built to establish data trust at scale and deliver Stress-Free DLP. It continuously discovers sensitive data and enables on-demand classification across SaaS, on-premise file shares, endpoints, emails and emerging AI tools, so protection keeps pace with change. It applies context-aware detection, prioritizes real risk and automates remediation to reduce noise and remove manual toil. The result is DLP on Autopilot, an intelligent system that understands your business and protects what matters without slowing it down.

When data trust is embedded across your environment, AI initiatives are no longer a source of uncertainty and exposure risk. They become sustainable, measurable and defensible.

Security and AI innovation do not have to compete.

But without data trust, they will.

The future of enterprise AI security will belong to organizations that move fast, thoughtfully, with clarity about what matters and confidence in how Microsoft Copilot, DLP controls and data trust are continuously protected.

Without an accurate view of the diversity and scale of sensitive data across the whole organization, it can be nearly impossible to enforce any security controls. They become either too restrictive or miss large swaths of risky file movements. In distributed, cloud-first environments, classification is no longer a preliminary step. It needs to be a continuously operating system that informs every control decision downstream. Static labels and periodic scans can’t keep pace with how data is created, modified and moved today.

At MIND, we believe classification should accurately empower effective data security. This drives how our classification engine is architected, how it operates at scale and how it connects directly to enforcement mechanisms.

MIND's 7 data classification imperatives

Our approach is anchored in seven non-negotiable principles that guide every technical decision:

1. Multi-layered by design to avoid single-model failure modes
2. Complete coverage through full-content inspection, not sampling
3. Real-time operation so classification scales with data movement
4. Location-aware execution wherever data resides or flows
5. Responsible AI applied deliberately and explainably
6. Business-risk alignment beyond generic data types
7. Direct enforcement coupling where classification drives control

1. Multi-layered classification is a technical necessity

No single technique can reliably classify all forms of sensitive data. This isn’t a philosophical stance. It’s a proven property of machine learning systems. The No Free Lunch Theorem shows that any model optimized for one class of problems will underperform on others.

MIND’s classification engine is intentionally multi-layered, combining complementary detection methods into a single decision framework:

• Structural analysis evaluates file type, encoding, schema and syntax to establish baseline understanding
• Statistical detection applies deterministic and probabilistic techniques to identify known sensitive patterns such as credentials, PII and PCI
• Semantic modeling uses small and large language models to interpret meaning, relationships and intent within unstructured content
• Contextual evaluation correlates content with user identity, access patterns, data movement and destination

Each layer independently contributes signal strength. Final classification decisions are derived from aggregated confidence, not single-model output. This design reduces false positives, improves recall and allows tuning without weakening overall accuracy.

2. Complete coverage requires full-content inspection

Sampling-based classification introduces unavoidable blind spots. Any system that inspects only a subset of files or partial content can’t guarantee coverage, especially in environments dominated by unstructured data.

MIND performs full-content inspection rather than probabilistic sampling. Files are scanned in their entirety, ensuring sensitive elements aren’t missed due to partial visibility. This approach is detailed and specific, but is made practical through:

• Parallelized scanning pipelines
• Content de-duplication and locality-sensitive hashing
• Incremental reclassification when files change

The result is comprehensive visibility without linear performance degradation. Scale is achieved through architectural efficiency, not reduced fidelity.

3. Classification must operate in real time

Data classification that runs on a schedule is already out of date. Files change. Content is appended, removed and transformed continuously. Security controls must react to the current state of data, not a historical snapshot.

MIND classifies data in real time, both at rest and in motion. When content changes, classification updates as it moves, automatically. When sensitive elements are added or removed, downstream controls respond accordingly.

This real-time model enables immediate enforcement actions such as blocking, alerting or coaching users at the moment risk is introduced, rather than after exposure has already occurred.

4. Location-aware classification reduces blind spots

Where classification occurs directly impacts accuracy and enforcement reliability. Centralized-only classification architectures introduce latency, visibility gaps and dependency on data movement.

MIND classifies data at its point of residence and as it moves through the environment. This includes:

• Endpoints
• SaaS and cloud storage platforms
• Source code repositories
• GenAI and Agentic AI interfaces
• On-premises file shares
• Email
• Messaging applications
• Wherever sensitive unstructured data resides

By classifying data where it lives, MIND maintains consistent understanding regardless of location or transport path. Classification metadata travels with the data, enabling uniform policy enforcement across heterogeneous environments.

5. Responsible AI enables precision at scale

AI is essential for understanding modern unstructured data, but unbounded AI introduces risk. MIND applies AI deliberately, using purpose-built models optimized for classification tasks rather than generic inference.

Our approach combines:

• Deterministic statistical methods where precision is required
• Small language models for constrained semantic interpretation
• Larger models only where contextual depth is necessary

All models are explainable, auditable and continuously evaluated. They are also proprietary to MIND and do not rely on publicly trained LLMs for effectiveness. AI is used to augment deterministic systems, not replace them. This ensures classification decisions remain defensible, tunable and aligned with business intent. In fact, our achievement of ISO 42001 certification demonstrates our commitment to responsible, explainable and auditable AI.

6. Classification must align to business risk, not just data types

Traditional classification systems stop at identifying data types. They answer what the data is, but not why it matters. That gap leads to overprotection in some areas and dangerous blind spots in others.

At MIND, classification is designed to reflect business risk. Sensitive data is evaluated in context of its purpose, ownership and potential impact if misused or exposed. This allows security teams to prioritize protection based on real-world consequences, not generic labels.

Additionally, MIND's classification can enhance other security measures and integrate with various tools for more effective security across the organization. For example, MIND can apply Microsoft Information Protection (MIP) labels to files, ensuring they are handled by Purview with the appropriate level of sensitivity within the Microsoft ecosystem.

By aligning classification to business risk, organizations gain clarity on what truly matters. Controls become proportional, decisions become defensible and security shifts from reactive compliance to intentional risk management.

7. Classification directly drives security controls

Classification without enforcement is observational. MIND treats classification as an active control plane.

Every classification decision feeds directly into data security actions, including:

• Blocking or allowing transfers
• Enforcing encryption or access restrictions
• Triggering user coaching or policy warnings
• Generating real-time alerts and automated remediation

There’s no abstraction layer between classification and control. This tight coupling ensures accuracy at the classification layer translates immediately into effective prevention.

Conclusion: classification as an operating system

At MIND, classification isn’t a feature. It’s an always-on system that continuously interprets data, context and risk. Multi-layered, real-time and location-aware classification enables security teams to move from reactive investigation to confident prevention.

Classification accurately empowers effective data security.

See MIND in action

To see how this architecture operates in real environments, get a demo and explore how MIND turns classification into control.

Autonomous agents now summarize, decide and act on behalf of humans. They move data across SaaS apps, endpoints and AI tools at machine speed. For security leaders, this creates a new reality: innovation depends on AI, but traditional data loss prevention wasn’t built for autonomous systems.

In fact, without the right controls, Agentic AI can be a data security nightmare.

The result is a widening gap between how fast data moves and how fast security can respond.

Why does legacy DLP fail in an agentic AI world?

Most DLP programs were designed for a human-first world.

Static rules.

Predictable workflows.

Manual review.

In an agentic environment, those assumptions no longer hold.

AI agents don’t pause for approval. They don’t follow linear paths. And they don’t generate neat, low-volume alerts that teams can triage by hand.

This leaves security teams with an impossible choice: slow AI adoption or accept blind spots.

Why does speed matter for Data Loss Prevention in AI environments?

Agentic AI changes the threat model.

Data can be accessed, transformed and shared in seconds. Risk compounds quickly. And when detection and response lag behind execution, prevention becomes a post-mortem exercise.

At AI speed, security has to move before humans can.

What does data-centric AI security look like?

As organizations race to adopt agentic AI, new security categories have emerged. While each plays a role, none are sufficient on their own to secure AI-driven business outcomes.

AI Security Posture Management (AI-SPM) helps teams understand how AI systems are configured and governed. AI runtime security monitors prompts, outputs and behavior once AI is already operating. Both are important, but both focus on the AI systems themselves.

What they don’t address is the most critical question: should this AI have access to this data in the first place?

MIND takes a data-centric approach to AI security, ensuring sensitive information is understood, governed and protected before any agentic AI can access or act on it. Instead of reacting to model behavior or configuration drift, MIND secures the data layer that all AI systems depend on.

This makes DLP fundamental to AI security. Without data-centric controls, posture and runtime protections can only respond after risk is introduced.

By putting data security at the center of AI adoption, MIND enables organizations to innovate with confidence and build a secure future for agentic AI.

That’s how security keeps up with AI.

How can you secure agentic AI without slowing innovation?

To safely adopt agentic AI, organizations need three core capabilities:

1. How Do You Know What Data AI Agents Are Accessing?
   You can’t secure what you can’t see. MIND continuously discovers and understands sensitive data across SaaS apps, endpoints and AI workflows so security teams know exactly what information AI agents are touching.
2. How Do You Know Which AI Agents Are Active in Your Environment?
   Agentic AI shows up in many forms: SaaS features, homegrown agents and third-party tools. MIND provides visibility into where AI agents operate so organizations can reduce blind spots and unmanaged risk.
3. How Do You Build the Right Controls Between Data and AI?
   MIND helps teams enforce context-aware controls that ensure data and AI interact safely. Policies are based on risk and intent, not static rules, allowing AI to operate while sensitive data stays protected.

The result is security that enables AI adoption instead of blocking it.

How do you mind what matters at AI speed?

Agentic AI isn’t slowing down. Neither is data movement.

With DLP at the speed of AI, MIND helps security teams stay ahead, protect what matters and adopt AI with confidence.

If your organization is embracing agentic AI, it’s time to rethink how DLP works.

See it for yourself!

{children}

New attack surfaces, new misuse patterns and new forms of automation require a different approach to managing risk.

That’s why NIST has stepped forward.

Through its draft AI cybersecurity profile, NIST CSF 2.0 and the AI Risk Management Framework, NIST makes one thing clear: AI security must be grounded in proven cybersecurity principles, adapted for an AI-driven world. That’s where a focus on data trust comes in.

NIST provides an effective structure that can be a helpful guide for teams. In practice, building data trust is one of the most effective steps teams can take to enable safe, effective AI usage.

What is NIST’s view of AI security?

NIST does not treat AI security as a standalone discipline. Instead, it extends existing cybersecurity frameworks to account for how AI systems consume data, make decisions and act autonomously.

Across both NIST CSF 2.0 and the AI Risk Management Framework, several themes are consistent:

• Organizations must govern AI use intentionally
• Data and system dependencies must be understood before deployment
• Risk must be measured continuously, not assumed
• Controls must adapt as behavior changes

At the center of all of these themes is a growing problem: organizations lack confidence in how their data is accessed and used. Without that confidence, they cannot meaningfully govern AI risk, because they don’t know whether data is being used safely, appropriately or at all as intended.

What is data trust?

Data trust is the degree of confidence an organization has that its systems use data safely and appropriately.

This aligns naturally with NIST’s intent. It’s not about perfection. It’s about having enough clarity and control to be confident that data use matches policy, regulatory obligations and business intent.

In an AI-driven environment, this matters because systems can move quickly and at scale. When data is overexposed or misunderstood, AI can spread that risk faster than most teams can react.

How NIST frameworks use data trust to secure AI systems

NIST CSF 2.0 establishes the operational backbone for data trust.

• Govern defines expectations for how data and AI systems should be used
• Identify creates visibility into sensitive data and data flows
• Protect enforces appropriate access and safeguards
• Detect validates that data is being used as intended
• Respond and Recover preserve confidence when incidents occur

The AI Risk Management Framework builds on this foundation by focusing on AI-specific risk.

• Govern aligns AI use with organizational values
• Map documents data inputs and dependencies
• Measure evaluates whether AI systems behave in trustworthy ways
• Manage adapts controls as risk changes

Taken together, these frameworks describe the path to data trust, even if they don’t always use the term explicitly.

What does data trust mean in the AI era?

Traditionally, data security focused on protecting data at rest or in transit. AI changes the model because data is now actively used and manipulated by humans, applications and other AI systems across cloud platforms, SaaS tools, endpoints and GenAI services.

In this context, a practical definition of data trust is straightforward: you can explain, with evidence, that AI systems are accessing and using data safely and appropriately.

That typically means:

• Sensitive data is identified before it enters AI workflows
• Access reflects least privilege, not convenience
• Usage aligns with organizational policy and compliance obligations
• Risk is monitored continuously, not discovered after the fact

Without this foundation, AI introduces uncertainty instead of value.

Why NIST-aligned data trust matters for AI security

AI doesn’t create new data security problems. It magnifies existing ones.

If organizations lack visibility into where sensitive data lives, AI will find it anyway. If access controls are overly permissive, AI will inherit those permissions. If teams rely on static rules, AI-driven workflows will outpace them.

NIST explicitly warns against treating AI security as an overlay bolted onto existing programs, a theme reinforced across its AI RMF guidance and broader cybersecurity publications. Instead, AI risk must be integrated into core cybersecurity practices. A focus on data trust is what makes that integration tangible.

When teams can demonstrate that data is used safely and appropriately, AI becomes easier to govern and safer to scale.

How organizations build data trust using NIST guidance

Data trust isn’t achieved through policy alone. It’s built by applying NIST principles to how data is actually used, then validating that those controls work over time.

1. Continuous data visibility: NIST emphasizes understanding assets and dependencies. For AI, that starts with continuous discovery and classification of sensitive data across SaaS, cloud, endpoints and GenAI tools. Visibility cannot be periodic. AI usage evolves too quickly.
2. Context-driven risk evaluation: NIST calls for improved signal quality and risk measurement. Context provides that signal. Understanding who is accessing data, what they are doing and whether behavior aligns with normal patterns reduces noise and surfaces real risk.
3. Data-centric enforcement: NIST frameworks assume controls follow risk. In AI environments, risk follows the data. Enforcing policy based on data sensitivity rather than application boundaries enables safe AI adoption without adding friction.
4. Responsible use of AI for security: NIST also highlights the defensive potential of AI. With trusted data and strong context, AI can help prioritize risk, detect anomalies faster and reduce manual remediation. Used this way, AI strengthens security instead of undermining it.
5. Continuous verification of appropriate data use: NIST frameworks emphasize that trust must be continuously validated, not assumed. In practice, this means organizations must regularly verify that data is being accessed and used in ways that remain safe, appropriate and aligned with policy as AI systems, users and workflows evolve.

The impact on data security and the business

Organizations that apply NIST guidance with a data trust focus often see benefits that extend beyond AI initiatives.

Security teams gain better visibility into real risk, fewer false positives and faster response times. The business gains safer AI adoption, reduced risk of data leakage and greater confidence in AI-driven outcomes.

Most importantly, security evolves from a reactive compliance function into an enabler of innovation.

Why NIST and data trust matter now

AI adoption is accelerating whether organizations are ready or not. Employees are using AI tools. Adversaries are exploiting automation. Regulators are paying close attention.

NIST provides the framework for navigating this shift. A deliberate focus on data trust is a practical way to put that framework into action.

If AI is going to deliver real value, organizations need confidence that their systems use data safely and appropriately. That confidence is built through governance, visibility and continuous verification.

In the AI era, NIST shows the way. A disciplined approach to data trust is one of the clearest paths to follow it.

Data loss prevention (DLP) has never been a question of if it’s needed. For most security leaders, the real question is what it’s actually costing them to manage and operate.

• Not in license fees.
• Not in shelfware.
• But in valuable time, critical headcount and constant tradeoffs.

Security teams know the feeling well. Alerts pile up faster than they can be triaged. False positives drown out real risk. Coverage gaps quietly become accepted as “good enough.” And the unspoken reality sets in: most teams are only able to investigate a fraction of the alerts they generate. In fact, most teams {children}.

This is where confidence erodes. Not because teams don’t care, but because the math doesn’t math. There are just not enough analyst FTE hours in a year to get to them all.

That’s why we built the {children}. Not as a marketing gimmick, but as a way to make the invisible visible. To help security leaders understand what it really takes to mind what matters and what changes when DLP works differently.

What is the hidden cost of alert volume?

Traditional DLP models assume infinite analyst time. In practice, teams operate with finite resources and escalating demand. In fact, some checkbox-driven DLP programs even pride themselves on the sheer number of alerts they generate, as if volume alone were a measure of security value rather than a signal of noise.

• Every user generates alerts.
• Every alert requires context.
• Every investigation takes time.

Even when alerts are legitimate, the manual effort adds up quickly. When they’re not, the cost compounds. Hours are spent chasing noise. Analysts burn cycles validating false positives. Coverage quietly drops, not by design, but by necessity.

Independent research reinforces this reality. In {children} Enterprise Strategy Group found that most organizations struggle with alert noise, manual remediation and the operational burden of maintaining DLP programs at scale. The research revealed a sobering fact: nearly 50% of DLP alerts are false positives. Reducing alert volume and gaining context awareness consistently ranked among the top priorities for security leaders.

For many organizations, this results in a hard truth: full alert coverage with traditional DLP typically requires additional headcount.

The estimator is designed to surface this reality. By starting with a simple input, your user count, it models the downstream impact of alert volume, triage time and analyst cost. The result is a clear view of how much effort is required just to reach full coverage.

What assumptions did we use to build this estimator?

We’ve all seen ROI calculators that feel disconnected from reality. That’s not the goal here. Every input in the estimator is visible and adjustable, because every environment is different. You can tune:

• The average number of data security alerts generated per user each month
• Analyst compensation assumptions
• The average time required to triage a single alert

Each default value is grounded in direct CISO feedback, but none are locked. The point isn’t to tell you what your environment looks like. It’s to let you reflect it accurately. This transparency matters. Because operational savings only mean something if they’re credible.

This estimator also projects the amount of resources needed to build out your team to handle 100% of DLP alerts. Since most teams are not

What changes with MIND?

Once the baseline is established, the estimator shows what happens when DLP stops behaving like a volume problem and starts behaving like a prioritization problem.

MIND reduces total alert volume by an average of 67% (SOURCE: MIND customer installations and CISO interviews) through smarter data classification, automated remediation and user-guided enforcement. Fewer alerts and false positives mean fewer investigations. Better context means faster decisions. Automation means less manual effort across the board.

Instead of asking, “How many analysts do we need to keep up?” the model shifts the question to, “What could we do if we didn’t have to?”

The savings shown aren’t theoretical. They represent labor cost reductions driven by lower alert volume, shorter triage time and less repetitive manual work. More importantly, they reflect a different operational outcome: the ability to reach full alert coverage without adding headcount.

How do you go from compliance to confidence?

When teams are forced to choose which alerts to investigate, DLP becomes a compliance exercise. Boxes get checked but risk remains unmitigated. Confidence is hard to come by.

When alert volume drops and context improves, something changes. Teams can investigate everything that matters. They can trust what they see. They can make decisions proactively instead of reactively.

That’s the outcome the estimator is meant to clarify.

It doesn’t promise perfection. It doesn’t assume zero effort. It simply shows what it really takes to mind what matters today and how that equation changes when DLP runs on intelligence instead of noise.

Why did we build this?

Security leaders are under constant pressure to justify spend, headcount and tooling. At the same time, they’re expected to reduce risk, enable the business and prepare for what’s next.

We built the MIND DLP Savings Estimator to support that reality. To replace vague assumptions with clarity. To ground conversations in data. And to give teams a way to evaluate DLP not just by what it detects, but by how it operates.

Because stress-free DLP isn’t about doing more work faster. It’s about doing the right work effectively.

If you’re ready to see what that looks like in your environment, the estimator is a good place to start.

👉 {children}

Each type addresses a different part of the data lifecycle. Understanding how they work and where they fit helps teams make more informed decisions about protecting sensitive information.

What are the main types of DLP Solutions?

Network DLP

Network DLP is one of the earliest forms of data loss prevention. It focuses on monitoring and controlling data as it moves across the network perimeter. These solutions typically inspect traffic leaving the organization through email gateways, web proxies or network appliances.

The core strength of network DLP is visibility into outbound traffic. It can detect sensitive data being sent via email, uploaded to external websites or transferred through network protocols. When a policy violation occurs, the system may block the transmission, quarantine the content or alert security teams.

However, network DLP relies heavily on traffic inspection and predefined rules. It often struggles with encrypted traffic, which now represents a large portion of network activity. It also has limited insight into user intent or business context. A file transfer that looks risky on the network may actually be a legitimate business process.

Network DLP is most effective in environments where data flows through controlled gateways and where encryption and cloud usage are limited. In modern environments, it often serves as one layer of protection rather than a complete solution.

Endpoint DLP

Endpoint DLP focuses on protecting data directly on user devices such as laptops, desktops and servers. Instead of watching traffic at the network level, it monitors actions performed by users and applications on the device itself.

Endpoint DLP can see when a user copies data to a USB drive, uploads a file to a web app, prints a document or pastes content into a browser. Because it operates at the device level, it can enforce controls even when the user is off the corporate network.

This visibility makes endpoint DLP valuable for understanding how data is used in daily workflows. It allows organizations to apply controls closer to the point of action and respond in real time.

At the same time, endpoint DLP can be challenging to manage. Agents must be deployed and maintained across many devices. Policies can become complex and overly restrictive if they are not carefully tuned. Without strong classification and context, endpoint DLP can generate false positives that frustrate users and overwhelm security teams.

Endpoint DLP works best when organizations need direct control over user actions and when they can support agent deployment and policy management at scale.

Cloud-Based DLP

Cloud-based DLP emerged as organizations moved data into SaaS platforms and cloud infrastructure. Instead of focusing on networks or devices, this approach protects data where it lives and moves in cloud environments.

Cloud DLP solutions typically integrate with SaaS applications, cloud storage platforms and sometimes AI tools. They scan data at rest, monitor sharing and access controls and detect risky activity such as public exposure or excessive permissions.

One of the key advantages of cloud-based DLP is visibility. It helps teams understand where sensitive data exists across cloud services and how it is shared. This is especially important as collaboration tools and third-party integrations become more common.

Cloud DLP can also struggle if it relies solely on pattern matching or static rules. Without context, it may flag benign sharing as risky or miss subtle misuse. Coverage can vary depending on the depth of integration with each platform.

Cloud-based DLP is essential for organizations that rely heavily on SaaS and cloud infrastructure. It provides insight that network and endpoint tools cannot reach on their own.

How do different types of DLP work together?

No single type of DLP covers every risk. Network, endpoint and cloud-based solutions each see a different slice of data activity. Network DLP watches traffic leaving the environment. Endpoint DLP observes user actions at the source. Cloud DLP provides visibility into data stored and shared in cloud services.

Modern data environments require a more connected view. Data may originate on an endpoint, move through a SaaS app and eventually leave the organization through an integration or API. When DLP tools operate in isolation, gaps appear. Alerts lack context and teams struggle to understand what truly matters.

That’s why many organizations now look for ways to combine signals across these layers. When content, context and behavior are considered together, DLP becomes less about blocking and more about understanding risk.

How do I choose the right mix of DLP coverage?

Selecting DLP solutions is not about picking a single category. It’s about understanding where your data lives, how it moves and which risks matter most to your organization.

Network DLP can still play a role in controlling outbound traffic. Endpoint DLP helps protect data at the point of use. Cloud-based DLP brings visibility to SaaS and cloud environments. Together, they form a more complete picture.

The goal is not more alerts or stricter rules. It’s clarity. When teams understand how data is used across the organization, they can protect it in a way that supports people, workflows and the business itself.

AI has changed how work gets done and how risk materializes. What once felt experimental is now operational: GenAI in the hands of employees, autonomous agents executing workflows and sensitive data moving across SaaS and GenAI apps, clouds, on-prem systems, endpoints and emails at machine speed.

As we look toward 2026, security leaders will be forced to confront a hard truth. In an AI-driven world, treating data and identity as isolated silos will break all the models we know, creating blind spots that are easy to miss and hard to manage.

Historically, identity and data lived in separate domains. Different teams. Different tools. Different success metrics. Identity answered who could access systems. Data security focused on what was being accessed. Together, they defined when and where access occurred.

AI breaks that model.

AI agents operate across identity and data simultaneously. They act, generate, analyze and transmit sensitive information, sometimes without a human in the loop. Risk no longer fits neatly into IAM or DLP alone.

Looking ahead to 2026, I think we will see 5 trends in cybersecurity. Each points to the same imperative: security must become more unified, more adaptive and more context-aware.

2026 predictions

1. Security will return to first principles: identity and data

As environments grow more complex, security will come full circle.
In 2026, organizations will realize that most modern controls are abstractions layered on top of two foundational truths: who or what is acting and what data is being used. Networks, perimeters and destinations will matter less than identity and data context.

Identity defines intent and accountability.

Data defines value and risk.

Everything else becomes an implementation detail.

This shift won’t be nostalgic. It will be pragmatic. AI introduces too much speed and autonomy for surface-level controls to keep up, forcing security teams to rethink what they anchor on.

2. AI will break deterministic, rule-based risk models

Traditional security assumes predictable behavior. But AI is a 'non-deterministic' wild card.

AI agents and systems learn, adapt and evolve. They introduce risk that static policies and Boolean logic can’t keep up with. Rules like “if X, then block Y” will generate more noise than signal as AI-driven workflows accelerate.

In 2026, organizations will move away from rigid policies toward adaptive risk models. These models will evaluate behavior, identity (human, non-human, AI systems, agents) and data sensitivity in real time, factoring in context rather than relying on predefined assumptions.

Instead of guessing risk based on patterns, column headers or lineage alone, security systems will understand content and intent and respond accordingly.

3. CISOs will shift from gatekeepers to enablers of trusted autonomy

The role of the CISO is definitely changing and this will only accelerate in 2026.

For years, security leaders were positioned as gatekeepers, responsible for saying no to risky behavior. In the era of AI, that posture won’t scale. The mission won’t be to stop everything. It’ll be to guide innovation safely.

In 2026, effective CISOs will focus on designing trust into systems that enable their business to thrive. That means embedding policy awareness into AI workflows, enabling agents to operate autonomously while respecting data sensitivity, compliance requirements and ethical boundaries.

Security will become a design discipline, not just a control function.

4. Agentic AI adoption will outpace its reliability

Agentic AI will move from experimentation to execution faster than most organizations expect.

Next year, AI agents won’t just assist users. They’ll provision access, move data, generate content and make decisions on behalf of the business and its people. Adoption will accelerate because the value is real.

Reliability will lag.

Early deployments will suffer from over-privileged agents, incomplete context and weak guardrails. The result won’t always be dramatic breaches. It’ll be frequent, subtle failures: unintended data exposure, policy drift and autonomous actions that violate intent without malicious behavior.

The problem won’t be AI itself. It will be the lack of sufficient context or understanding of how a non-deterministic system operates at scale in the organization.

5. AI regulation will arrive, imperfect but unavoidable

In 2026, AI regulation will become a reality.

It won’t be elegant. It won’t be uniform. But federal, state and local governments will introduce guidelines focused on accountability, explainability and data protection. These rules won’t dictate architectures, but they’ll demand clearer answers to basic questions: Who acted? What data was used or exposed? Why was a decision made?

Organizations relying on opaque, siloed controls will struggle to respond, especially as regulatory expectations continue to evolve.

The bottom line: Automation is the future of security

As we move into 2026, the lines between user and agent, access and action, data content and context and traditional IT environments will continue to blur.

What matters isn’t visibility or control in isolation. It’s understanding risk continuously and in real time. Identity and data are no longer separate problems. They’re part of the same challenge and must be part of the same solution.

Companies that embrace convergence and enable innovation with trust will unlock a new era of resilience, productivity and innovation for their overall business.

And in 2026, security leaders will be at the helm of this transition.

For security leaders, the challenge isn’t just knowing where data lives. It’s ensuring that data is handled correctly wherever it goes. That’s where Data Loss Prevention policies come in.

DLP policies are the rules that define how sensitive data should be stored, used and moved. When designed and enforced correctly, they help organizations reduce risk, meet compliance requirements and protect what matters most without slowing the business down.

What is a DLP policy?

At its core, a DLP policy is a set of conditions and actions. The conditions define what data matters and what risky behavior looks like. The actions define what should happen when that behavior occurs.

A typical policy answers three key questions:

• What type of data are we protecting?
• Where is that data allowed or not allowed to go?
• What action should be taken if the policy is violated?

For example, a policy might state that files containing personal data shouldn’t be shared externally or uploaded to public AI tools. If that action occurs, the policy can trigger an alert, block the action or guide the user with a warning.

How do DLP policies identify sensitive data?

DLP policies can only work if the system understands what data is sensitive in the first place. This starts with data discovery and classification.

Modern DLP platforms scan data across environments to identify sensitive content such as personal information, financial data, credentials or intellectual property. Instead of relying only on simple pattern matching, more advanced approaches analyze context and content to understand meaning.

This step is critical because inaccurate classification leads to false positives or missed risk. When policies are built on a clear understanding of data, enforcement becomes more precise and trustworthy.

How do DLP policies define acceptable data use?

Once sensitive data is identified, DLP policies define how that data can be used. This is where business intent is translated into enforceable rules.

Policies typically focus on common risk scenarios, including:

• Data exfiltration, such as uploading sensitive files to unsanctioned websites or AI tools
• Data exposure, such as sharing files publicly or with the wrong users
• Improper access, such as employees accessing data outside their role

The goal isn’t to lock data down completely, it’s to align protection with business context. Finance teams need different access than engineering. Vendors need different access than employees. Effective DLP policies reflect these realities.

How do DLP policies monitor data in real time?

With policies in place, DLP continuously monitors data activity. This includes data at rest and in motion.

As users share files, send emails, collaborate in SaaS apps or interact with GenAI tools, the system evaluates each action against defined policies. When a risky event is detected, the policy is triggered.

This real-time monitoring is what allows DLP to move from a reactive audit tool to an active security control.

How do DLP policies enforce actions to reduce risk?

Detection alone doesn’t stop data loss. Enforcement is where DLP policies deliver value.

Depending on severity and context, a policy can trigger different responses:

• Blocking the action outright
• Allowing the action with a user justification
• Alerting security teams
• Coaching users with in-the-moment guidance
• Automatically remediating exposure, such as removing public access

The most effective policies use graduated responses. Low-risk behavior might warrant education. High-risk behavior might require immediate prevention. This balance helps protect data while maintaining productivity.

How do DLP policies improve over time?

DLP policies aren’t set-and-forget. As data, tools and workflows evolve, policies must adapt.

Modern platforms use risk signals and behavior patterns to refine enforcement. This reduces noise, cuts down false positives and helps teams focus on what truly matters. Over time, policies become more aligned with how people actually work.

Why do DLP policies matter more than ever?

Traditional DLP often failed because policies were static, noisy and disconnected from context. Today’s environments demand something smarter.

When policies are built on accurate data classification, applied consistently across environments and enforced with context, DLP becomes a strategic asset. It shifts security from reactive compliance to proactive protection.

For CISOs and security leaders, the outcome is confidence. Confidence that sensitive data is protected. Confidence that teams aren’t buried in alerts. Confidence that security enables the business instead of slowing it down.

That’s the real purpose of DLP policies. Not just to check a box, but to mind what matters.

Artificial intelligence is no longer a future concern; it’s today’s governance challenge. As AI systems become more deeply embedded in business operations, regulators across the United States are racing to establish frameworks that protect individuals, ensure fairness and preserve trust.

For security leaders, that means one thing: compliance complexity is about to grow.

Below, we’ve outlined the key AI security and privacy laws coming into effect in 2026, at a national level and broken down by geography. Knowing what’s ahead gives you a head start on preparation and helps you mind what matters before enforcement begins.

Federal Outlook: Unified Executive Order on AI controls

At the national level, there is some movement towards an Executive Order (EO) defining the limits of AI governance and regulation. While the U.S. legislature has yet to enact any federal rules, this Executive Order is expected to have jurisdictional authority and pave the way for any future regulation.

What to watch:

• Upcoming Executive Order, once signed, will need to be evaluated by companies to ensure any compliance requirements.
• The White House Executive Order on Safe, Secure, and Trustworthy AI (2023) continues to influence agency rulemaking and standards.
• NIST AI Risk Management Framework (RMF) is becoming the de facto baseline for responsible AI practices. Expect increasing pressure for organizations to demonstrate RMF alignment during audits and vendor reviews.
• Federal agencies including the FTC, EEOC and CFPB have all issued warnings on AI bias, consumer protection and data handling, signals of stronger enforcement to come.

The takeaway: This Executive Order is intended to make it simpler to understand and comply with a single set of regulations instead of a shifting mosaic of state-level guidance. However, some states are concerned that this EO won’t go far enough in protecting their people. Expect confusion around AI regulations as this plays out in the court system and legislative bodies across the country.

State-Level Regulations: The current front lines

States are leading the charge for AI regulation, each introducing distinct laws to govern AI development, deployment and data use. Here are the most significant to watch in 2026:

California

The AI Transparency Act (SB 942)

Effective: January 1, 2026

California expands its privacy leadership into AI. The new law mandates:

• Clear notice when consumers interact with AI systems
• Documentation of AI functionality and data sources
• Disclosure requirements for generative and conversational AI platforms

New York State

The Responsible AI Safety and Education (RAISE) Act

Effective: January 1, 2026

This bill targets “frontier” or “high-risk” AI models that could influence safety, financial systems or civic operations. It introduces:

• Independent audits and incident reporting
• Safety plans and documentation of model intent
• Public transparency reports for large AI developers

Texas

The Responsible AI Governance Act (TRAIGA)

Effective: January 1, 2026

Texas focuses on accountability and governance, requiring:

• Documented AI lifecycle management
• Red-teaming, transparency reporting and oversight for “high-impact” systems
• Annual internal reviews to validate compliance

Colorado

The Colorado AI Act (SB 205)

Effective: February 1, 2026

Colorado became the first state to pass a comprehensive AI accountability law. It defines “high-risk” AI systems and requires:

• Impact assessments for systems influencing employment, education, finance or healthcare
• Transparency disclosures to users
• Risk mitigation and bias monitoring obligations for developers and deployers

Local and Municipal: NYC leads the way

NYC Local Law 144 – Automated Employment Decision Tools

In effect since 2023, continuing enforcement into 2026

This law regulates the use of automated hiring and promotion tools. It requires organizations to:

• Conduct independent bias audits annually
• Notify candidates and employees when AI tools are used in decision-making
• Publish summaries of audit results for transparency

While not new, its continued enforcement and the expansion of similar policies in other cities mark a pivotal shift: municipalities are no longer waiting for federal action.

What’s next: The NYC AI Action Plan (2023) sets the stage for additional oversight of how city agencies and contractors deploy AI, establishing a framework other municipalities are likely to follow by 2026.

Why This Matters: AI, privacy and data security converge

Every one of these laws ties back to a shared principle: AI systems can’t be trusted unless data is protected, traceable and governed intelligently. For CISOs, compliance officers and data protection teams, 2026 isn’t just about checking regulatory boxes, it’s about building defensible systems that demonstrate control.

What leaders should do now:

1. Map your AI footprint: Know where AI systems exist across the organization.
2. Document data flows: Understand what data AI models access, store, and generate.
3. Automate compliance evidence: Use intelligent DLP and classification to track sensitive data, AI usage and risk posture in real time.
4. Stay adaptive: Treat each state/local law as a building block toward a unified, responsible AI governance model.

Mind what matters

Regulation will continue to evolve at the federal and state levels, along with being contested in the legal system, but readiness doesn’t have to wait. MIND helps organizations stay ahead of AI-driven data risk with intelligent discovery, automated policy enforcement and real-time compliance visibility.

As AI transforms how we work, MIND ensures your organization stays compliant, secure and confident, automatically.

Ready to prepare for 2026? Let’s turn compliance complexity into clarity.

Request a demo at mind.io

Why protecting CUI is harder than you think

Handling CUI isn’t simply a matter of putting a locked file cabinet around your most sensitive documents. Several factors make it uniquely difficult:

1. Visibility is inherently difficult. CUI must be shared across finance, legal, underwriting, project management and other teams essential to contract delivery. As it spreads across network shares, cloud tools, vendor environments and even generative-AI inputs, visibility fragments quickly. Without a clear, continuously updated inventory of where CUI lives and who touches it, organizations operate with critical blind spots.
2. Control is widely distributed. In government contracting, large groups legitimately need access to CUI to support complex projects. Restricting access to a few individuals isn’t realistic. Instead, we need precise, autonomous controls that govern how CUI moves across devices, identities, networks, clouds and partners, because the data moves and our protections must move with it.
3. Proof is now mandatory. Under frameworks like CMMC 2.0, organizations must justify why each person needs access, not just rely on project association. The “need-to-know” principle must be enforced and documented. This requires complete auditability: who has access to every piece of CUI, why they have it and how those controls are maintained over time.
4. The threat environment has evolved. Advanced persistent threats, supply-chain attacks, insider risks and real-time exfiltration raise the bar for what effective protection must look like today.

In short: you’re dealing with where the data is, who has access, how it’s used and whether you can show you’ve secured it. That complexity demands a modern, holistic approach rather than a checkbox.

Why NIST 800-171 Rev. 3 matters

CMMC 2.0 Level 2 maps to the 110 controls of NIST SP 800‑171 Rev. 2 framework. For organizations that are subject to it, the latest standard from the National Institute of Standards and Technology (NIST SP 800-171 Rev. 3) signals the future of CUI protection. While Rev. 2 remains the enforced baseline for now, Rev. 3 offers insight into the trajectory of expectation.

Here are some of the key takeaways:

• Rev. 3 aligns the security requirements more closely with the controls of NIST SP 800‑53 Rev. 5 and the moderate baseline of SP 800-53B.
• The number of security requirement families expands (with new families like Planning (PL), System & Services Acquisition (SA), Supply Chain Risk Management (SR)).
• The standard introduces “organization-defined parameters” (ODPs) so that controls can be tailored, but also demands that to be defined and measurable.
• It removes ambiguity: the older “basic vs derived” categorizations are gone and wording like “periodically” has been eliminated to drive specificity.

The implication for you: if you’re already pursuing CMMC Level 2 (i.e., full NIST 800-171 Rev. 2 compliance), you’re on the right path. But Rev. 3 gives you a view into how the standard will evolve and how your controls must evolve to stay ahead.

What achieving CMMC Level 2 really means

If your organization is working toward or has achieved CMMC 2.0 Level 2, you’ve committed to the full set of NIST 800-171 Rev. 2 controls: 110 security requirements across 14 families. That means not just writing policies, but operationalizing access control, auditing, incident response, configuration management, media protection and more.

Level 2 certification qualifies you to work with CUI, but it’s not a point of completion. Long-term success depends on your ability to continuously uphold that standard and anticipate future obligations.

How MIND helps you bridge the gap, from compliance to continuous assurance

This is why organizations turn to autonomous DLP like MIND. We understand the practical challenges CISOs face, securing complex environments amid tight budgets, limited headcount and an evolving threat landscape. Our approach is to deliver Stress-Free DLP and help you mind what matters.

1. Discover and classify CUI where it lives
   We begin by discovering sensitive information across SaaS apps, on-premise file shares and endpoints. While most organizations have designated and highly controlled environments for CUI, the real risk lies in CUI elements stored outside of these areas. MIND can accurately classify CUI using our multi-layered classification engine and we alert if any CUI is found outside of the controlled storage areas. We classify it using context: who accessed it, where it came from and how it’s used. This ensures that the CUI you’ve contracted to protect is visible and, thus, protectable.
2. Enforce policy aligned to your controls
   Once CUI is visible, MIND applies controls aligned with your NIST 800-171 requirements: controlling access, enforcing encryption, blocking risky activities, monitoring media transfers, restricting network egress and integrating with identity systems for least-privilege.
   For example, you can define policies that block sensitive documents from syncing to unapproved collaboration tools or prompt users when a potential violation occurs, turning the policy into a real-time action.
3. Automate audit-ready evidence
   Under CMMC Level 2, you must show auditors proof, not just that you wrote policies, but that they work. MIND’s dashboards capture access events, data movement, policy violations and remediation workflows. Your next assessment is no longer a scramble - it’s a status report.
4. Continuously validate and improve
   Because threats evolve, so must your controls. MIND gives you continuous monitoring, analytics and risk scoring, identifying when a control drifts, when user behavior changes and when a vendor rises in risk. With these insights, you maintain a posture of assurance rather than just compliance.
5. Align to where the standard is heading
   With NIST 800-171 Rev. 3 on the horizon, your investments today matter. MIND helps you build controls that are not just “enough for today’s audit” but scalable for tomorrow’s requirements, supply-chain risk management, planning controls, acquisition controls and measurable organization-defined parameters. You’re ready when the standard shifts.

Why this matters

Contractors in the defense supply chain are under increasing scrutiny. With major national security implications, the U.S. government expects non-federal systems processing CUI to meet robust standards. Failing to secure CUI isn’t just a regulatory issue; it puts your reputation, business and the mission at risk.

When you bring visibility, enforcement and proof together, you shift from a “compliance firewall” to a strategic data-protection posture. That’s what MIND helps you achieve.

Final thought

CUI is more than just secrets; protecting it helps ensure the integrity of the mission. Meeting NIST SP 800‑171 Rev. 3 (and by extension CMMC 2.0 Level 2 today) is more than a tick-box. It’s about transforming how you view, control and prove the protection of your most important data. With MIND, you can move from “we hope it’s protected” to “we know it’s protected.”

If you’re ready to move from reactive checklists to proactive assurance, and to ensure your CUI is truly under control, let’s talk. Because when you mind what matters, compliance becomes confidence.

Artificial intelligence is no longer a future concern, it’s today’s governance challenge. As AI systems become more deeply embedded in business operations, regulators across the United States are racing to establish frameworks that protect individuals, ensure fairness and preserve trust.

For security leaders, that means one thing: compliance complexity is about to grow.

Below, we’ve outlined the key AI security and privacy laws coming into effect in 2026, broken down by geography. Knowing what’s ahead gives you a head start on preparation and helps you mind what matters before enforcement begins.

Federal Outlook: The Framework Phase

At the national level, the U.S. has yet to enact a comprehensive AI or privacy law with a firm 2026 start date. Instead, we’re seeing guidance, frameworks and executive actions that pave the way for future regulation.

What to watch:

• The White House Executive Order on Safe, Secure, and Trustworthy AI (2023) continues to influence agency rule-making and standards.
• NIST AI Risk Management Framework (RMF) is becoming the de facto baseline for responsible AI practices. Expect increasing pressure for organizations to demonstrate RMF alignment during audits and vendor reviews.
• Federal agencies including the FTC, EEOC and CFPB have all issued warnings on AI bias, consumer protection and data handling, signals of stronger enforcement to come.

The takeaway

Federal law isn’t here yet, but accountability already is. Companies deploying AI must treat these frameworks as compliance prerequisites, not suggestions.

State-Level Regulations: The New Front Lines

States are leading the charge, each introducing distinct laws to govern AI development, deployment, and data use. Here are the most significant to watch in 2026:

Colorado – The Colorado AI Act (SB 205)

Effective: February 1, 2026Colorado became the first state to pass a comprehensive AI accountability law. It defines “high-risk” AI systems and requires:

• Impact assessments for systems influencing employment, education, finance, or healthcare
• Transparency disclosures to users
• Risk mitigation and bias monitoring obligations for developers and deployers

California – The AI Transparency Act (SB 942)

Effective: January 1, 2026California expands its privacy leadership into AI. The new law mandates:

• Clear notice when consumers interact with AI systems
• Documentation of AI functionality and data sources
• Disclosure requirements for generative and conversational AI platforms

Texas – The Responsible AI Governance Act (TRAIGA)

Effective: January 2026Texas focuses on accountability and governance, requiring:

• Documented AI lifecycle management
• Red-teaming, transparency reporting, and oversight for “high-impact” systems
• Annual internal reviews to validate compliance

New York State – The Responsible AI Safety and Education (RAISE) Act

Effective: January 1, 2026This bill targets “frontier” or “high-risk” AI models that could influence safety, financial systems, or civic operations. It introduces:

• Independent audits and incident reporting
• Safety plans and documentation of model intent
• Public transparency reports for large AI developers

Local & Municipal: New York City Leads the Way

NYC Local Law 144 – Automated Employment Decision Tools

In effect since 2023, continuing enforcement into 2026This law regulates the use of automated hiring and promotion tools. It requires organizations to:

• Conduct independent bias audits annually
• Notify candidates and employees when AI tools are used in decision-making
• Publish summaries of audit results for transparency

While not new, its continued enforcement and the expansion of similar policies in other cities marks a pivotal shift: municipalities are no longer waiting for federal action.

What’s next:

The NYC AI Action Plan (2023) sets the stage for additional oversight of how city agencies and contractors deploy AI, establishing a framework other municipalities are likely to follow by 2026.

Why This Matters: AI, Privacy and Data Security Converge

Even if your organization is not headquartered in one of these jurisdictional areas, it is likely that if your company does any business there, these rules will apply to you. This means most of these rules and guidelines will be applicable to most organizations.

Every one of these laws ties back to a shared principle: AI systems can’t be trusted unless data is protected, traceable and governed intelligently. For CISOs, compliance officers, and data protection teams, 2026 isn’t just about checking regulatory boxes, it’s about building defensible systems that demonstrate control.

What leaders should do now:

1. Map your AI footprint: Know where AI systems exist across the organization.
2. Document data flows: Understand what data AI models access, store and generate.
3. Automate compliance evidence: Use intelligent DLP and classification to track sensitive data, AI usage and risk posture in real time.

Stay adaptive: Treat each state law as a building block toward a unified, responsible AI governance model.

MIND What Matters

Regulation will continue to evolve, but readiness doesn’t have to wait. MIND helps organizations stay ahead of AI-driven data risk with intelligent discovery, automated policy enforcement and real-time compliance visibility.

As AI transforms how we work, MIND ensures your organization stays compliant, secure and confident, automatically.

Ready to prepare for 2026? Let’s turn compliance complexity into clarity.

{children}.

Classification is the practice of identifying and categorizing different types of data across an organization. This includes understanding what the data is, how it is used, where it resides and how sensitive it is. Done well, classification provides a reliable foundation for enforcing security policies, enabling data governance and reducing risk exposure.

Despite its importance, many organizations still lack a clear view of their data because their classification strategies are incomplete or overly reliant on narrow techniques. True classification must scale across environments and data types, adapting to both context and risk.

This isn’t about labeling a few files, it’s about building a consistent, organization-wide view of your data landscape, so you can take informed action to protect what matters most.

This piece breaks down the primary classification methods used in data security today and explains how MIND's Multi-Layer Classification approach categorizes and protects sensitive data across all environments.

Why do organizations need accurate classification?

Without accurate classification, DLP breaks down. A single mis-classification can set off a cascade of failures: a confidential file goes unflagged, an alert never fires, a user shares it externally and no one knows until it’s too late. Every policy, alert and enforcement action depends on it.

How do you find sensitive data?

Before data can be classified, it needs to be extracted, transformed and loaded (ETL) into a classification workflow.

Two common approaches dominate this phase:

1. Sampling
   Sampling takes a lighter-touch approach. It looks at a subset of files and often just portions of a file. This reduces workload, but it also reduces visibility, creating blindspots that allow sensitive data to slip through undetected.
2. Bit-by-Bit Scanning
   This method processes every file in a given location, scanning each one in full. It’s accurate and thorough, but can be slower, resource-intensive and often impractical for modern environments or endpoints.

Most vendors pick one path or the other.

How is sensitive data classified?

After ETL, data is analyzed and classified using one or more techniques. These typically fall into three categories:

Rule-Based Techniques

These rely on known patterns and human-defined rules.

• Regular Expressions (RegEx): Detect known formats like SSNs or credit card numbers
• EDM (Exact Data Matching): Match against predefined values (e.g., a list of patient IDs)
• Policy-Based Classification: Use logic rules or boolean conditions to label content

Strength: High precision on known formats
Weakness: Easily bypassed, brittle, high false positives

Statistical & Probabilistic Techniques

These methods use math to infer likelihoods.

• Statistical Analysis: Estimate the probability that content belongs to a given category
• Predictive Models: Apply statistical features and learned behaviors to new data
• Hashing & Signature Matching: Check against known sensitive data fingerprints

Strength: Useful at scale, can flag novel instances
Weakness: Can miss nuanced or complex content

Semantic & Machine Learning Techniques

These systems learn patterns over time or from context.

• Vector Similarity (Categorization): Compare content to known examples via embeddings
• Machine Learning: Classify content based on trained models using labeled data
• SLMs/LLMs (Language Models): Understand data based on meaning, not just metadata

Strength: Adaptive, powerful on unstructured data
Weakness: Often expensive, opaque, and hard to tune

The problem with most vendors

Most classification engines today suffer from the same issue: they rely too heavily on a single method or rigid sequences for analysis.

• DSPM vendors lean heavily into visibility, but rarely go beyond structured data found in spreadsheets. For classification, they tend to rely on LLMs that do not scale and suffer from inconsistent results when asked the same question multiple times. These scale issues require them to default to a data sampling approach, limiting their effectiveness.
• Traditional DLP vendors rely on RegEx and rules, which has significant manual effort and staffing overhead. These techniques fail to interpret the intent or context behind the data which generate an enormous amount of false positive alerts. Some bolt on machine learning, but lack the architecture to apply it at scale, in context, or in real-time.

The result? Security teams get fragmented, inconsistent signals. Sensitive data goes undetected. Alerts pile up. And nobody trusts the output.

Classification, done poorly, becomes just another checkbox without delivering real security value.

The MIND approach: Multi-layered, context-aware, scalable

MIND reimagines classification from the ground up. It uses a multi-layered engine that applies the right technique in the right context, guided by environmental signals and risk posture.

MIND’s Differentiators:

• Risk-First Ingestion Strategy: MIND uses a bit-by-bit, full-file scanning approach that targets the sensitive data locations with the highest risk to the organization.
• Proprietary AI Models: MIND doesn’t outsource classification to public LLMs. We've built dozens of tailor-made Large & Small Language Models for the specific tasks required. This approach scales with your environment and understands the nuance of enterprise data
• Multi-Modal Analysis: Where it makes sense, we combine our proprietary trained LLMs, SLMs, EDM, RegEx pattern matching, statistical tests, vector similarity and proprietary ML for high-fidelity classification
• Beyond Structured Data: MIND is file type agnostic, allowing us to classify sensitive elements found in images, archives, documents, and rich media, not just .csvs and databases
• Autonomous Categorization: Instead of tagging individual data points, MIND categorizes entire datasets by meaning, usage, format and location, enabling policy by category (e.g., “PII in HR Reports shared externally”)

Why it matters

With a layered classification engine that scales across cloud, endpoint, on-premise file shares, email and GenAI apps, MIND reduces false positives, enhances the effectiveness of automated controls and builds lasting confidence in the integrity of data security workflows.

Instead of focusing on isolated identifiers like Social Security Numbers, MIND identifies entire categories of risk such as "regulated data shared in collaborative tools" or "sensitive contracts accessed by third parties."

When classification is done right, everything downstream, from detection to response, becomes more accurate, scalable and effective. That’s the argument we opened with, and it holds true across any environment, industry or data type. MIND’s layered, risk-aware classification engine was built to meet that standard.

If you're evaluating how to improve fidelity, coverage and automation in your data protection program, our team is available to explore how this approach fits your environment.

The airport hums with noise. Rolling suitcases bump over tile floors, boarding announcements echo through speakers and the line at TSA snakes endlessly ahead. You shift your weight from one foot to the other, clutching your laptop bag and thinking about all the places your data could be exposed. Every checkpoint feels like another manual and tedious friction point. But this trip is necessary. You’re heading to Stress-Free DLP, and it’s a journey worth taking.

You know you need to get on the plane, but it’s a long flight and it would be nice if the travel experience could be better somehow. You check your phone again, just to see. Maybe, this time, there’s an upgrade.

Then it happens. The notification lights up your screen. You refresh your airline app and the tension you didn't fully realize you were carrying eases as your hopes come true.

The terminal noise fades. You walk to the gate with a lighter step, a new boarding pass pulled up on your device, ready for a different kind of experience.

You settle into your seat. The cabin lighting is soft, the hum of the engines low. A favorite beverage appears as if by instinct. The seat is plush and comfortable, the world quiets and for the first time in a long time, you exhale. It's amazing how one upgrade can change the entire tone of your experience. Everything feels calm, effortless and under control. This is how travel was meant to be.

That’s the feeling you get as MIND upgrades your seat to Business Class on your journey to Stress-Free DLP.

Welcome to Business Class

In the enterprise today, the endpoint is where work happens, and where risk often begins. Endpoint DLP has been clunky, hard to manage and intrusive. More like a middle seat somewhere towards the back of the plane, with neighbors who don’t share the armrest.

That’s why MIND reimagined endpoint protection from the ground up, delivering clarity, control and confidence at every altitude. This is more than a seat upgrade, it’s how Endpoint DLP should be. Smooth, efficient and designed to actually protect sensitive data without compromising the user experience.

Now you can have an upgraded way to provide DLP on your endpoints, one that is like an upgrade to Business Class from that middle seat in the back.

Let’s prepare for takeoff

The boarding doors are closed, the pilots have finished their pre-flight safety checks and we're getting ready to push back from the gate. Now is a good time to take a deeper dive into the specific elements that MIND is releasing into our platform.

Upgraded endpoint DLP

MIND’s endpoint expansion brings enhanced controls to its unified platform. As the most immediate and active touchpoint for sensitive data, the endpoint plays a pivotal role in the data security lifecycle. This upgrade brings some new and advanced features to the MIND endpoint agent.

• Full Data Lineage: Follow each file’s complete travel itinerary across every device and destination, ensuring sensitive data never deviates from its approved flight plan or ignores Air Traffic Control directions.
• Native App Protection: Keep data secure within locally installed applications, providing peace of mind and seamless protection for critical leak vectors without disrupting the work journey.
• USB and Peripheral Controls: Enforce limits on what’s carried on and off your endpoint, ensuring no sensitive information leaves the environment without the proper clearance.
• Evidence Collection: Just like a plane selfie, now you can record key moments during every trip, capturing user actions, file movement and screenshots to ensure accountability and investigation readiness.

Key enterprise application integrations

The ground crew loads fuel, checks systems and stocks the cabin and MIND connects to the critical systems that power modern business. These integrations unify visibility, synchronize identity and data controls and ensure every system is fully prepared for flight, keeping your journey to Stress-Free DLP smooth and uninterrupted.

Okta integration

Integrating identity signals from Okta allows MIND to align users and data with precise security policies, ensuring protection always follows the person, not just the device.

Security teams can now tailor enforcement actions based on user attributes such as department, role, risk level and location, offering precision protection at machine speed and at scale. The solution provides enhanced protection against insider threats by evaluating user context and behavior in tandem with data sensitivity and activity.

Salesforce integration

MIND discovers, classifies and protects data within Salesforce, reducing risk in one of the most sensitive repositories for customer and business information.

Additional classification techniques

While turbulence can be unexpected, a seasoned pilot can identify risk based on the weather report. MIND's multi-layer AI classification engine discovers, labels and protects sensitive information wherever it travels. From standard identifiers to entirely custom patterns, advanced classification ensures every piece of data is seen, understood and secured before the journey begins.

Protected Health Information (PHI)

MIND continues to advance the discovery and protection of novel PHI data types across industries, even those beyond healthcare, reducing exposure and helping organizations stay compliant automatically.

Passwords

Identify and secure stored credentials across your environments, eliminating one of the most overlooked and dangerous forms of data exposure and risk to your systems.

Controlled Unclassified Information (CUI)

Find and manage CUI from multiple agencies, simplifying compliance and ensuring consistent protection wherever this data appears.

Remediation options

When exposure is detected, swift and intelligent response is critical. MIND automates remediation to contain risk immediately, correcting permissions, labeling data and securing files before leaks occur. These features ensure that protection systems respond instantly, keeping sensitive data safely within policy.

Microsoft Information Protection (MIP) Labels

Write and read Microsoft sensitivity labels directly on files, strengthening integration with Microsoft’s native data protection tools.

Google Data Security Tags

Read/write Google-native security tags for better enforcement within Workspace environments.

Auto-adjust file permissions

Modify or revoke permissions, or delete files entirely, through automated actions that prevent data exposure before it happens.

All together, these capabilities expand MIND’s capabilities to secure your data journey, empowering organizations to navigate complex, multi-cloud environments without turbulence or friction.

A new paradigm of data security

We will be taking off shortly for our non-stop flight to Stress-Free DLP, where data security runs smoothly, automation does the heavy lifting and your team can focus on what matters most.

The future of DLP isn’t about control, it’s about confidence. It’s about giving teams freedom to collaborate, innovate and move fast, knowing protection travels with them. While other DLP and data security solutions detect and alert. MIND learns, acts and automates. Every policy is context-aware. Every enforcement is intelligent. Every outcome is intentional.

Welcome aboard! Sit back, relax and enjoy your flight.

You’ve been upgraded to Business Class.

Check in for your upcoming flight!

We will be sharing even more product release details in this webinar:

Reserve your seat on MIND Flight 1021 today!

Data loss prevention (DLP) has a reputation for being painful. False positive alerts overwhelm teams and lead to alert fatigue, especially with regex-only pattern matching that misses nuanced data types like source code or subscriber IDs. Poorly tuned rules sprawl, policies are brittle and managing them is time-consuming. Even then, coverage gaps abound across SaaS, on-prem file shares, endpoints, emails, GenAI and collaboration tools. Worse, motivated insiders can often bypass traditional DLP with minimal effort.

The industry needed a new approach to stopping insider threats.

To address these pain points, we are announcing our integration with Okta, the leading independent identity partner. By bringing Okta’s user identity intelligence into the MIND platform, it becomes much harder for malicious or inadvertent insiders to leak sensitive data.

With this integration, MIND will ingest identity insights directly from Okta’s APIs to supercharge our data security engine, reducing false positives, simplifying brittle rule management and hardening defenses against risky or malicious insiders.

Together, MIND and Okta are delivering something new: a smarter, identity-aware approach to data loss prevention.

How do identity and data security work together?

MIND has long used identity signals to inform and enforce data security. With Okta as the trusted source of truth for user identity, we now provide a new level of detail and precision. Okta bridges security across all your users, apps and APIs, while MIND secures data at rest and in motion, autonomously. Together, we create a powerful foundation for modern security teams: data protection that knows who’s behind every action, and why it matters.

Here’s what happens when identity and data security work together:

1. Data security policies dynamically adapt with identity risk signals
   Not all users are created equal, and not all data events deserve the same level of scrutiny. A developer downloading source code may be normal. That same activity by a contractor logging in from an unmanaged device may be a red flag.
   
   With this integration, MIND ingests Okta’s identity context and risk indicators, such as group membership, role, geolocation, device trust and authentication method. Data security policies in MIND can then automatically adjust based on identity risk posture.
   
   That means security teams no longer need to rely on static rules which develop an enormous amount of alert noise and false positives. Instead, they can let the system adapt in real time, ensuring sensitive data stays protected.
2. Identity and context-aware data security policies can be enforced
   Most DLP solutions look only at the data, what file is being moved, what keyword is inside it, what channel it’s going to. But data alone doesn’t tell the full story.
   
   By combining Okta’s identity insights with MIND AI, policies now consider who is accessing the data, when and where it’s happening and whether it makes sense. This makes enforcement more precise and less disruptive.
   
   For example, if an authenticated employee in the finance group downloads payroll data to a managed laptop, that may be permitted. If the same file is downloaded to a personal device or shared externally, MIND can automatically block, coach the user or escalate for review.
   
   And all of this sensitive data should be prevented from being sent into an unsanctioned GenAI app.
   
   This level of nuance isn’t just smarter security, it’s a better experience for employees who can work without unnecessary friction.
3. Risky insiders can be autonomously prevented from leaking sensitive data
   Insider risk remains one of the most difficult challenges for security teams. Whether malicious or accidental, users with valid credentials can cause enormous damage if sensitive information leaves the organization.
   
   With MIND + Okta, insider threats are easier to spot and stop. Okta provides the identity signal — a user logging in from an unusual location, elevating privileges, or failing MFA. MIND provides the data signal — an attempt to move large volumes of sensitive files, upload customer records to a GenAI tool, or share source code with an external party.
   
   Together, these signals allow MIND to autonomously prevent high-risk actions. Security teams can enforce progressive controls, from coaching users in real time to fully blocking data exfiltration. The integration ensures that sensitive data stays where it belongs.

What does this mean for security leaders?

For today’s security leaders, the mandate is clear: secure the business without slowing it down. But with sprawling data environments and complex identity ecosystems, the task can feel overwhelming.

MIND is the first-ever autonomous DLP platform. With Okta as the trusted source of truth for user identity, that promise goes even further. This integration removes the guesswork and brings a much finer identity lens, delivering the advanced precision of identity-aware data security policies, the efficiency of automated enforcement and the assurance that insider risks are under control.

The result is a DLP program that isn’t just reactive, it’s proactive, adaptive, intelligent and far easier to manage.

How can you integrate identity and data security?

Identity and data security no longer need to be separate. They are two sides of the same coin and combined they can deliver true protection.

MIND + Okta provides exactly that: a unified approach that helps organizations mind what really matters; their sensitive data, people and reputation.

Security teams gain:

• Dynamic protection that adapts policies based on identity risk
• Context-aware enforcement that reduces false positives and friction
• Autonomous insider risk mitigation that keeps data safe in real time

The outcome is peace of mind for CISOs, productivity for employees and resilience for the business.

{children}

FAQ

1. How does the Okta MIND integration address coverage gaps?
   Legacy DLP relies on regex-only detection, creating volumes of alert noise and false positives. MIND + Okta reduce noise by aligning data alerts with real identity context.
2. Why is traditional DLP hard to manage?
   Rules are brittle and tuning is painful. With Okta as the source of identity truth, MIND simplifies policies and automates enforcement, easing ongoing management.
3. How does this integration address coverage gaps?
   MIND extends protection across SaaS, endpoints, on-prem file shares, emails, GenAI and collaboration tools. Okta's identity insights ensure consistent coverage across all environments.
4. Can insiders still bypass DLP controls?
   Traditional DLP is easy to evade. MIND + Okta combine identity and data signals to autonomously block risky actions in real time, preventing sensitive data exfiltration before it happens.
5. How does the Okta MIND integration improve user experience?
   Instead of blanket blocking, context-aware controls allow safe activity while only interrupting risky behavior. Employees stay productive without constant security roadblocks.
6. What about context in DLP policy decisions?
   Legacy tools lack awareness of who, what, when, where and why. Okta provides role and authentication data so MIND can enforce smarter, context-rich policies with confidence.
7. How does DLP automation help?
   MIND automates data discovery, classification, detection, remediation and prevention. Combined with Okta identity and risk context, security teams save hours on manual tasks and focus on high-value risk reduction.

Glossary

• DLP (Data Loss Prevention)
  A security strategy and set of tools designed to prevent sensitive data from being leaked, misused or accessed by unauthorized users.
• False Positives
  Alerts triggered by DLP systems that flag benign activity as risky, leading to wasted time, alert fatigue and missed true incidents.
• Identity Context
  User-specific signals such as role, group membership, authentication method and device trust, which help determine the risk behind a data event.
• Insider Threat
  Risk posed by employees, contractors or partners who may intentionally or accidentally leak sensitive data using valid credentials.
• Context-Aware Policies
  Data security rules that factor in who is accessing information, why and under what circumstances, rather than relying solely on static keywords or patterns.
• Coverage Gaps
  Blind spots in traditional DLP solutions that fail to monitor SaaS apps, endpoints, GenAI tools or collaboration platforms, leaving sensitive data unprotected.
• Stress-Free DLP
  MIND’s approach to making data loss prevention simpler to manage, reducing noise, false positives and policy sprawl through automation and identity integration.
• Source of Truth
  A reliable system, like Okta for identity, that provides accurate and authoritative data to guide policy enforcement and reduce complexity.

In B2B SaaS, especially in cybersecurity, there’s a common instinct to lead with features. You build for technical buyers, prioritize enterprise checklists and assume more capabilities lead to more value.

But more functionality can sometimes create more friction. Complexity slows adoption and confusing setup leads to the platform becoming shelf-ware. And when users can’t intuitively operate the tools meant to protect them, security risks multiply.

At MIND, we’ve learned that simplicity isn’t the opposite of advanced features, it’s what unlocks them. A product that delivers immediate value, without onboarding hurdles or lengthy documentation, builds trust from day one. When users can navigate on their own, without relying on specialists or support, they engage more deeply. And that’s when DLP starts to work as intended.

That’s why we made usability a core product principle, not a polish phase or a post-launch fix. We treat simplicity as a growth-driving feature.

What this practically looks like

Smart defaults play a key role in delivering early value. Most users never modify settings, so we designed our out-of-the-box experience to serve 80% of use cases with no configuration required. Every decision is shaped by that mindset. Before building anything new, we ask: will this create friction? If the answer is yes, we reconsider. Sometimes we hide complexity behind advanced settings and other times, we eliminate the feature entirely.

We also know that powerful tools need intuitive access. That’s why our AI assistant exists to bridge the gap between intent and execution. Users can describe what they want in plain language, and the system interprets and responds accordingly. But we don’t rely on AI as a magic solution, it’s grounded in clear logic, fallbacks and controls. We also test relentlessly with real users. If someone gets stuck, confused or slows down, we refine the design. Our goal is always the same: to create clarity without compromise.

5 principles we follow at MIND

1. Build for 80%, not 100%
   Prioritize the most common use cases. Make sure those users who need that use case succeed quickly. Advanced needs can be served, but they shouldn’t weigh down the experience for everyone else.
2. Measure usability like a feature
   We track time-to-value. We measure how many customers succeed without changing defaults. We review the volume of support tickets tied to core flows. Usability isn’t subjective, it’s measurable.
3. Design around user outcomes, not features
   Instead of starting with functionality, we map the journey. What’s the user trying to achieve? How can we reduce steps, friction and context-switching along the way?
4. Watch users fail and then fix it
   Failures are feedback. We observe users trying to complete tasks. If they stumble, it’s not a user error, it’s a design opportunity.
5. AI is powerful, but not magic
   It should reduce cognitive load, not introduce new ambiguity. We use it to streamline, guide and educate, without replacing thoughtful design.

How does usability impact product adoption and growth?

Usability isn’t just about aesthetics, it’s about impact. It drives faster implementation, increases retention and reduces support costs. It amplifies the value of every feature you ship. In fast-moving organizations, this can be the difference between a product that earns trust and one that gets replaced. Customers aren’t asking for more features. They’re asking for fewer obstacles.

Usability is how you deliver that.

Why is PHI so difficult to classify?

Unlike traditional identifiers like social security numbers or credit card data, PHI is not always a single, standardized field. Instead, PHI is often a combination of personal identifiers and medical context, and that context is everything.

• A name on its own? → PII
• A name with a lab result? → PHI

That distinction is subtle but critical, especially in regulated industries. Add to that the challenge that PHI can appear across formats and systems: in emails, HR files, shared drives, PDFs, EHR exports and even Slack. And because every healthcare system formats medical record numbers differently, with their own prefixes, lengths and conventions, creating a classifier that works across environments without generating noise is uniquely difficult.

PHI isn’t just a concern for hospitals or healthcare providers. With this new classification capability, we’re identifying PHI across a wide range of industries, from financial services and insurance to retail and tech. Sensitive health-related data often surfaces in unexpected places, like employee records, support tickets or internal messaging platforms. Our classifier allows organizations to uncover and manage PHI even if they aren’t in a regulated healthcare environment. This means that businesses once unaware of their PHI exposure can now detect it, define policies around it and take action to prevent sensitive health data from leaking or being mishandled.

How does MIND help with PHI classification?

To address this, we built PHI classification from the ground up by researching how different health systems structure medical record numbers, collecting public datasets and collaborating with customers to understand real-world formats, and training our engine to identify not just keywords but the relationships between personal identifiers and medical data.

The result is a new PHI classification capability that recognizes medical record numbers, claims data, diagnostic imaging, electronic health records and more with high precision, reduces false positives and gives customers the ability to:

• Differentiate PHI from PII across dashboards and policies
• Filter, detect and act on PHI with more confidence
• Find and monitor PHI across all the environments it may live in

We also made it easy to build policies specific to PHI, whether to block, alert or educate, and to distinguish PHI exposure events from broader data incidents.

MIND brings everything together, discovery, classification, policy enforcement and remediation, into one unified platform. That means organizations can define and enforce PHI-specific policies, track issues across systems and respond faster with less effort. No switching tools. No stitching together workflows. Just one clear, automated way to keep sensitive health data safe, everywhere it lives.

What's coming next

This release is just the beginning. We’re actively expanding our PHI taxonomy to include imaging data, diagnosis codes, billing and claims information and other health-related identifiers required for HIPAA compliance and healthcare workflows.

With every update, we’re aiming for the same outcome: to help our customers confidently detect and prevent the leakage of sensitive health information, wherever it lives.

Now you can confidently keep your PHI data safe, no matter where it lives or how it moves.

There’s a stat that stopped me in my tracks this week. According to a new Bitdefender survey, nearly 70% of CISOs have felt pressured to cover up a security incident. Let that sink in.

Not downplay. Not delay.
Cover up.

And it’s not theoretical pressure. It’s real. It’s increasing. And it’s becoming institutional.

This isn’t just a cybersecurity issue. It’s a culture issue. A leadership issue. And if we’re not careful, it could become a systemic failure that undermines every improvement we’ve made in modern security over the last decade.

The human cost of silence

I had a conversation with Eran Barak, our CEO at MIND, and Landen Brown, our Field CTO, we broke down what this pressure really means for security teams.

He’s right. The complexity of hybrid environments, the expansion of GenAI, the fragmentation of data flows, it’s never been harder to define the boundaries of an incident. And in that ambiguity, pressure thrives.

Executives ask for “more time to validate.”
Legal suggests “it might not be material.”
PR prepares for “minimal disclosure.”

Meanwhile, the CISO sits in the middle not only managing risk but absorbing it.

Liability is no longer theoretical

Let’s be honest. The Uber case changed the conversation.
When a CISO is held personally liable, it becomes clear: this job can cost you more than your career.

Eran put it simply:

And that’s the quiet part no one wants to say out loud: when your job, your reputation and your legal safety are all on the line, the natural human instinct is to protect yourself. And in that moment, even the most ethical leaders might hesitate.

That’s not a flaw in character.
That’s a failure of culture.

What we’re losing

When CISOs are pressured into silence, the cost isn’t just personal. It’s strategic.

• We lose the opportunity to learn
• We lose the trust of regulators
• We lose credibility with our peers, customers and users
• And most dangerously, we lose visibility into patterns that could help prevent the next breach

Transparency isn’t just about compliance. It’s about progress. It’s about building better systems, faster.

What needs to change

1. Organizations must de-risk transparency
   Executives can’t expect CISOs to be open while threatening them with liability or career consequences. Boards need to establish safe reporting frameworks, not just incident response plans.
2. We need to treat breach disclosure like incident medicine
   As I mentioned during our discussion, healthcare has long used “sentinel events” to proactively learn from near misses, without blame. Cybersecurity needs the same mindset. No-fault learning. Cross-functional review. Psychological safety.
3. We need tools that give clarity, not chaos
   Part of the problem is that most security teams still fly blind during an incident. As Landen pointed out, very few organizations practice real tabletop exercises or know how to quickly assess impact. This needs to change.

Final thoughts

I hope we build a future where transparency is normalized, not punished. Where CISOs aren’t scapegoats, but strategic advisors. Where security leaders can speak plainly, backed by clear policy and strong culture. And where we see incidents not as failures, but as feedback.

Because when CISOs feel they have to choose between doing what’s right and keeping their job, we all lose.

Security isn’t just about defending systems.
It’s about defending trust.

The moment we start hiding the truth, even for understandable reasons, we risk losing the very thing we’re trying to protect. Let’s not let that happen. Let’s mind what matters.

When headlines broke about the recent breaches involving Salesforce integrations, many leaders felt a familiar pang of worry: If one of the most trusted platforms in the world can be compromised, what chance do we have?

The truth is more nuanced. Salesforce itself wasn’t the weak link. The breach happened through third-party integrations, such as Salesloft Drift, that organizations rely on every day to drive sales, marketing and customer success.

This incident isn’t just about what went wrong. It’s a reminder of what’s at stake, and why protecting data inside Salesforce and its connected ecosystem requires a fresh approach.

Salesforce: The beating heart of the business

Salesforce isn’t just another SaaS app. It’s where relationships live. Inside Salesforce you’ll find:

• Customer and prospect contact information
• Contracts, proposals and revenue forecasts
• Support case histories and sensitive conversations
• Intellectual property and development life cycles

It’s the backbone of growth. And it doesn’t exist in isolation.

Salesforce offers thousands of third-party integrations through its AppExchange. Marketing platforms, sales enablement tools, data enrichment services, collaboration apps – the list goes on. These integrations make Salesforce more powerful, but they also dramatically expand the attack surface.

Even if Salesloft, the integration that caused the incident in this case, isn’t part of your stack, the broader issue remains: any integration can become the weak link because it has access to sensitive data from Salesforce.

What we learned from the incident

The Salesloft Drift incident exploited OAuth tokens to access Salesforce environments across hundreds of organizations, including well-known names in tech and security. According to BleepingComputer, companies like Cloudflare proactively rotated over 100 API tokens after discovering exposure.

This wasn’t about Salesforce vulnerabilities. It was about attackers abusing the trust placed in a connected application. And while the stolen data was largely business contact details, that information is still sensitive and valuable in the wrong hands.

The challenge of securing your data source of record

Security teams know this story well:

• Salesforce environments grow complex fast, with countless users, apps and permissions
• Legacy DLP tools drown teams in false positives without context
• Most competitors stop at scanning – they can tell you sensitive data is there, but not prevent it from leaving

The result? Blind spots that attackers can exploit. Leaders are left asking: How can we empower teams to use Salesforce and its integrations without exposing our most sensitive data?

Knowing isn’t enough. Protection is what matters

This is the critical difference. It’s not enough to simply know that sensitive data exists in Salesforce. It should be reasonably assumed that there is a lot of sensitive data elements inside your SFDC instance. Data discovery and classification is just step one. Data must also be protected with policies that work at rest and in motion:

• At rest: Control exposure inside Salesforce and across integrated apps, ensuring sensitive files and records aren’t over-shared or left accessible.
• In motion: Enforce policies when data is being shared, exported or synced to connected tools, blocking or remediating risky behaviors before leaks occur.

Don't just scan SFDC. Secure it with MIND

That’s where MIND stands apart. With MIND’s Salesforce integration, you can:

• Discover and classify sensitive data automatically (customer PII, contracts, credentials, proprietary files)
• Understand context (who has access, what’s being done, how data flows across integrations)
• Protect with policies at rest and in motion (block risky actions, enforce compliance, remediate in real time)

Instead of stopping at visibility, MIND delivers true protection. We don’t just scan, we safeguard Salesforce and its ecosystem.

Stress-Free DLP for SFDC

The Salesforce breach was a wake-up call. But it doesn’t need to be a cause for panic. It’s a chance to rethink how we approach security in the systems most critical to business.

That’s why we’re offering organizations a free Salesforce Risk Assessment:

✅ Connect MIND directly to your Salesforce environment

✅ Automatically discover and classify your sensitive data inside Salesforce

✅ Protect that data with policies at rest and in motion, where it lives and as it moves

It’s stress-free DLP for Salesforce, built to protect what matters without adding complexity.

👉 See how it works in your own environment. {children}

For years, data loss prevention (DLP) relied on a simple assumption: if you could identify content as sensitive, you could stop it from leaking. But in reality, that approach triggered endless false positives, slowed down users and overwhelmed security teams because it relied on manual effort to identify the sensitive content.

Eventually, content-first models gave way to context-aware tools, those that look at behavior, user identity and destination. This shift reduced noise but created a new blind spot: these tools still didn’t understand the details of whether the data is sensitive or not.

You need both perspectives to act with precision.

Real-world examples

• Consider a PowerPoint presentation uploaded to Dropbox. Alone, the context tells you little. But content inspection reveals it contains board meeting notes and projected acquisition targets - business-critical intel headed to an unmanaged account.
• Or take an email sent via Outlook. The context suggests low risk - it’s internal. But the attachment includes hundreds of customer tax IDs pulled from an ERP export. The content changes the risk assessment dramatically.
• Then there's an engineer committing code to GitHub. Context flags the public repository. Content confirms it includes AWS access keys. That’s a serious policy violation.
• Now imagine the opposite: a flagged document from SharePoint. Context raises alarms. But content analysis reveals it’s just a blank contract template, with no proprietary terms or client data. That’s noise you can silence.

Content alone is no longer enough

Trying to prevent a data leak by only inspecting the content is an incomplete lens.

Sensitive content today is varied and complex, often unstructured and includes everything from personally identifiable information like social security numbers, addresses and phone numbers, to payment details such as credit card numbers and bank account information.

It also covers authentication credentials including usernames, passwords and API keys, as well as intellectual property like source code, product schematics and proprietary research. Legal and regulatory documents, contracts, compliance reports, business-critical communications like board minutes and internal memos, protected health information, and operational assets such as engineering drawings, supply chain data and facility blueprints all fall within the scope.

This is nuanced. A string of numbers might be a credit card or just placeholder text. A schematic might be core IP, or just a template. Even a benign-looking spreadsheet could hide columns of customer payment details.

Without understanding content, traditional security systems such as {children}, static content filters and rules-based scanners fall short. They fire off alerts without knowing if something truly matters, leaving security teams overwhelmed by noise and missing the threats that count.

Context alone falls short too

Now flip the scenario. You assume anything leaving Salesforce is high-risk. That’s helpful, but imprecise. What about content shared from Box, or downloads from a Git repository? Are all files from these locations equally sensitive? Definitely not.

Not all file activity is high-risk. A PDF sent from an HR folder might be a company policy doc, or it might be a resignation letter with salary information and other PII. Context without content is a half-built map.

Context can help answer: Who moved the file? When did they access it? Did they upload it to Dropbox, email it to a vendor or copy it to a USB drive? Was the user flagged as risky due to recent behavior?

But without knowing what’s in the file, you’re still guessing. Guesswork leads to inefficiency, alert fatigue and the kind of blind spots that leave gaps in your data protection posture.

Content + Context = Confidence

At MIND, we believe modern DLP must understand both content and context equally and in concert.

We go deep on content. Our multi-layer AI classification engine recognizes real-world business data: secrets, financials, PII, contracts, regulatory content and more. We classify sensitive material across document formats, from PDFs and spreadsheets to zip archives and image-based scans.

We enrich that insight with contextual signals: where the file originated, who interacted with it, whether it was shared externally, sent to a personal email, uploaded to a GenAI app or accessed from an unmanaged device.

This dual-layer understanding powers a smarter, more intuitive DLP approach. One that:

• Eliminates false positives
• Detects the incidents that matter
• Automates meaningful, risk-aware remediation
• Enables visibility without obstructing productivity

Effective DLP isn’t about blocking everything.

It’s about blocking the right things intelligently and automatically.

That's what MIND delivers.

CSPM, DSPM, ASPM, SSPM, ESPM — the alphabet soup of Security Posture Management (SPM) tools promises visibility into risk. They map misconfigurations, surface exposure paths and highlight policy gaps. That can be useful. But let’s not confuse awareness with action.

They don’t block threats.
They don’t enforce controls.
They don’t prevent breaches.

SPMs detect, then delegate. A ticket. A Slack alert. An integration call. Protection is someone else’s problem.

To compensate, many posture tools claim to orchestrate security. They integrate with enforcement tools like DLP, CWPP, EDR and WAF. But wiring systems together doesn’t make the system secure.

Coordination ≠ Protection
Visibility ≠ Control
Monitoring ≠ Security

So why is there an abundance of SPM vendors?

Because posture is easier.

• Easier to build. Cloud-only, read-only, event-driven. No need to support endpoints, on-prem, hybrid or inline enforcement. Just scan, analyze, alert.
• Easier to sell. No rip-and-replace. Posture tools bolt onto the existing stack, not replace it. That also means customers end up managing yet another vendor, another dashboard, another integration.
• Easier to adopt. No agents, low friction, fast time-to-value. Good enough to show progress, but not strong enough to stop attacks.

Yes, posture matters. But let’s not mistake issue tracking for actual security.

Security requires action — not just awareness.

False confidence, real consequences

There’s an illusion of progress that posture tools can create. Dashboards look active. Tickets are assigned. Metrics suggest movement. But beneath that layer of perceived control, many organizations remain dangerously exposed.

In fact, {children}. Visibility alone isn’t moving the needle—security teams are still drowning in noise while real risks slip through. That's the difference between knowing something's wrong and doing something about it.

It’s why so many breaches still happen in environments that were “monitored.” The problem wasn’t a lack of alerts, it was the inability to respond in time.

And the results? Stolen IP. Leaked customer records. Compliance violations. Brand damage. Leadership churn.

The stakes aren’t theoretical. And yet too many teams are trapped in a cycle of detection without defense.

It’s time to rethink what protection means

The right approach isn’t a patchwork of posture tools and point integrations. It’s a unified system — deep within a specific domain — that doesn’t just highlight problems but solves them in real time.

Whether you’re focused on data, identities or assets, true security means:

• Continuous classification of what’s sensitive: Modern DLP starts by building a living inventory of sensitive data — constantly discovering and labeling information across SaaS apps, endpoints, on-premise file shares and emails. It ensures you always know what you're protecting, even as your data changes and moves.
• Real-time monitoring of how it’s accessed and shared: Visibility into who’s touching your data, when, and how allows security teams to identify risky behavior instantly — not after the fact. This creates accountability and supports both proactive defense and forensic insight.
• Contextual enforcement that prevents misuse: It’s not enough to just watch. Real-time protection at the endpoint means applying intelligent controls based on business context — blocking or coaching users when behavior looks risky, not just flagging it.
• Automated remediation that closes the loop: When policies are violated, MIND acts. From revoking access and deleting shared links to educating users in near real time, the loop is closed automatically — without requiring tickets, escalations or delays.

This isn’t a wishlist. This is what modern DLP — done right — can and should deliver.

Enter MIND: Posture & Prevention

That’s what MIND was built to do.

MIND combines the context-aware insights of DSPM (posture) with the automated enforcement of modern DLP (prevention).

We help security teams move beyond alert fatigue to actual control. Beyond passive monitoring to meaningful action. Beyond fractured tools to full-spectrum protection.

Our AI-powered classification engine understands your data in context—whether it’s source code, contracts, financial records, credentials, passwords, or PII. And it enforces your policies wherever data lives: SaaS and Gen AI apps, endpoints, on-premise file shares, emails and beyond.

We don’t just surface issues. We solve them.
We don’t just map risks. We mitigate them.
We don’t just warn you. We stop the leaks.

Security leaders are overburdened, not underinformed. With limited resources, increasing complexity and high expectations, they need solutions that deliver results, not just more dashboards.

Stop scanning. Start securing.

Mind What Matters.

But something is shifting. According to {children}, 60% of organizations say innovation in the category is “excellent.” Security teams are no longer settling for complexity disguised as control; they’re rethinking how DLP should work. They want more clarity. More intelligence. More confidence.

And they’re finding it in platforms like MIND.

The DLP dilemma

Let’s get specific: modern security leaders face a massive volume of unstructured data across SaaS, Gen AI, endpoints and emails. Their DLP alerts? More than 90% go unremediated or ignored. And nearly half are false positives.

That creates three critical problems:

• Teams are overwhelmed. Manual workflows and redundant tools sap resources that could be better spent.
• Security is reactive. Most incidents are addressed after the damage is done.
• Innovation stalls. Teams are afraid to enforce policies that might block productivity or trigger alert fatigue.

The result? An industry trapped in a compliance checkbox, not empowered to deliver real security outcomes.

Today's data security needs intelligent, automated DLP

Where traditional DLP ends, MIND begins. As the first complete data security platform – built from the ground up – to automatically discover, fix and prevent data leaks, MIND is designed for how data actually moves today.

Our approach combines posture management and real-time prevention in one unified platform. It's a holistic approach that redefines how data protection should operate in modern environments. MIND's data protection starts by discovering sensitive data, then classifying and protecting it using AI. It evaluates risks and triggers actions to prevent potential leaks and monitors data in use to ensure real-time protection. This layered approach safeguards sensitive information at rest, in motion and in use.

This end-to-end model allows teams to fix what matters and protect what’s next.

Rather than react to alerts, MIND helps organizations proactively understand what sensitive data they have, where it lives and who has access. That’s Posture, and MIND helps to remediate the sensitive data at rest. From there, we apply smart policies to prevent leaks as they happen, in motion and in use – without disrupting the business. That’s Prevention.

From friction to flow

OpenWeb and Noname Security are just two examples of companies that made the leap from legacy to modern DLP with MIND.

For OpenWeb, a digital community platform handling data from over 100 million users monthly, traditional DLP was a black hole of alert fatigue. MIND helped them reduce DLP resource allocation by 80% and eliminate false positives almost entirely.

At Noname, a leader in API security, DLP alerts had become background noise. Their security team was numb to constant false alarms. After switching to MIND, they gained accuracy, context and control, cutting incident response time in half.

What’s consistent in both cases? Clarity. Confidence. And security that scales without slowing anything down.

The future is context-aware

The future of DLP must include fewer alerts. That’s why 91% of organizations say reducing alert noise is their top priority – and why 43% are prioritizing AI/ML-powered {children} in their next investment cycle. It’s clear that the key to reducing is by embracing tools that understand the sensitive data you’re trying to protect and provide the right context about it.

MIND is leading that charge

{children}, our multi-layer AI classification engine, goes way beyond regular expression (RegEx) pattern matching. It understands context, differentiating between valid and inactive AWS keys, a source code file and a spreadsheet template. Only MIND AI can uniquely categorize sensitive file types (e.g. agreements, configuration files, scripts, board minutes, medical records, bank statements, contracts, tax forms, payroll reports and so much more) and classify specific sensitive records within those files (e.g. PCI, PII, PHI, credit card numbers, social security numbers, cloud keys, credentials, etc.). That’s how we enable real-time policy enforcement without disrupting work.

And by putting DLP on autopilot, MIND frees teams to focus on higher priorities, not endless manual triage.

MIND: Built for what’s next

Our mission is to help digital organizations thrive in this AI era. That means helping them innovate securely. Collaborate safely. And move fast without compromising data protection. We believe DLP shouldn’t be a barrier to innovation – it should be the engine that drives it forward.

With MIND, security leaders don’t just manage risk. They understand it. They fix it. And they prevent it before it becomes a problem.

Because when you mind what matters, the rest falls into place.

Read {children} to understand the DLP innovations security leaders are demanding and looking forward to.

Ready to reimagine DLP? {children} and see how effortless data security can be.

Modern security teams are overworked, under-resourced and constantly playing catch-up. Despite the best intentions – and budgets – data loss prevention (DLP) tools are falling short. And not just by a little.

According to {children}, a staggering 78% of organizations say it's challenging to administer and maintain their existing DLP solutions​. These are seasoned teams. Smart professionals. But the tools they’ve been given are outdated, fragmented and frustrating.

So if you're feeling like your DLP program is a patchwork of policies and products that never quite delivers, you're not alone.

The Problem: DLP Is a full-time job that doesn’t work

Legacy DLP wasn’t built for today’s complexity, including the emergence of Gen AI and large language models (LLMs). These technologies expand the data security risk by introducing new vectors for leaking sensitive data and raising questions about data ownership and compliance. You’re juggling:

• Multiple point tools that don’t talk to each other
• Overlapping or conflicting policies
• Hours of manual work for investigation, tagging and remediation
• And yet… false positives still flood your dashboards

What’s worse? All that effort still doesn't stop sensitive data from leaking. In fact, organizations report an average of 4.2 known data loss events per year, even when they have multiple DLP tools in place​.

That’s because traditional DLP tools don’t accurately and comprehensively discover, classify or remediate sensitive data. Most DLP products enforce static policies, which are often ineffective. These solutions lack the context to differentiate between actual threats and benign activity, leading to a high volume of false positives. This lack of context, combined with a lack of automation, burdens security teams with manual investigation and remediation tasks, hindering their ability to respond proactively to real threats.

The Hidden Cost: False positives, missed alerts and burnout

The data paints a clear picture:

• 92% of DLP alerts are false positives or ignored​
• Only 8% are actual issues that get remediated
• Security teams spend hours reviewing each alert only to find they are irrelevant

This alert fatigue leads to burnout. Time is wasted. Confidence erodes. And critical issues, like insider risk or data exfiltration, slip through the cracks.

It doesn’t have to be this way

DLP should work for you, not the other way around.

That’s why MIND reimagined data loss prevention from the ground up. Not as a patch or plug-in, but as a fully integrated, AI-powered data security platform that unifies discovery, classification, detection, prevention and remediation.

MIND delivers both posture and prevention to companies by providing them with complete visibility and understanding of their data landscape and the ability to enforce contextually-aware policies that support, not hinder, the business.

MIND goes beyond enforcement. It understands.

Why MIND is the modern alternative

• Discover and classify automatically
  MIND AI is a multi-layer classification engine that identifies sensitive data across all environments, including Saas and Gen AI apps, on-premise file shares, endpoints and emails, without manual tagging or relying solely on regular expression (RegEx) pattern matching.
• Remediate data security issues autonomously
  MIND can autonomously discover and remediate issues with sensitive data at rest, such as PII, PHI, PCI, financial information, credentials and so much more.
• Context-aware, risk-based insights
  Alerts are enriched with context and prioritized by severity, so teams can focus on what really matters.
• Real-time protection and response
  MIND actively stops sensitive data leaks across data in motion and in use. And when a violation occurs, it can autonomously prevent, notify users or apply custom policies in the moment.
• Fewer tools, fewer policies, fewer headaches
  MIND consolidates functionality into a single, seamless data security platform, cutting out swivel-chair security.

And it doesn’t take an army to manage.

DLP is a challenge for most organizations. Conventional DLP tools are often fragmented, time-consuming and ineffective, leading to alert fatigue and missed threats.

The MIND platform offers a modern alternative. By automating discovery, classification, detection, prevention and remediation, MIND provides organizations with the visibility, control and confidence they need to protect their sensitive data.

Ready to rethink data security?

You’re not alone. Don't remain stuck – MIND can help.

👉 {children}
See what over 100 CISOs are saying about the future of data security – and how to finally make DLP work for you.

For many organizations, compliance mandates drive data protection more than actual data security best practices. {children} from ESG and sponsored by MIND underscores a growing concern: compliance-driven security strategies create a false sense of protection while exposing organizations to real threats.

The Problem: Security that meets the minimum standard

Regulatory frameworks and cybersecurity insurance policies establish essential baselines for protecting sensitive data. However, the report highlights a significant disconnect between what compliance requires and what effective data security demands. The majority of security leaders surveyed identified compliance-driven data security as a major issue, with 14% ranking it as their single biggest challenge—making it the top concern among all reported issues.

Simply put, many organizations prioritize checking compliance boxes rather than implementing meaningful security measures that prevent sensitive data loss. This approach results in policies that look effective on paper but fail in practice.

The Disconnect: Why compliance alone isn’t enough

While compliance frameworks are critical in enforcing baseline security standards, they often fail to address modern data risks. Some of the key pain points security teams experience include:

• False sense of security: Organizations may assume that meeting compliance standards equates to comprehensive data security, but 53% of enterprises in the study experienced multiple data loss incidents in the past year, proving otherwise.
• Static and outdated controls: Compliance mandates often rely on policies that do not adapt to evolving threats, leaving businesses vulnerable.
• Alert fatigue and manual workloads: Legacy DLP solutions generate excessive false positives, requiring security teams to sift through noise rather than focusing on real risks.
• Limited visibility and context: Traditional compliance-driven solutions fail to provide a holistic view of sensitive data movement, making it difficult to differentiate between harmless activities and real threats.

The real cost of compliance-only security

A security strategy built solely around compliance not only increases the likelihood of data breaches but also has direct business consequences. The report found that organizations still struggle with insider risk management, cloud data security and protecting unstructured data despite following regulatory frameworks. When security policies are designed to satisfy auditors rather than proactively mitigate risk, companies face increased exposure to data breaches and leaks, higher operational costs due to inefficient security workflows, potential regulatory fines and legal liability, and reputational damage that erodes customer trust.

A Smarter Approach: Compliance + real security

Organizations need security solutions that bridge the gap between compliance and actual risk reduction. This is where MIND comes in. Unlike traditional DLP tools that focus solely on compliance requirements, MIND provides a context-aware, AI-driven approach that protects sensitive data before a breach occurs.

• Accurate discovery and classification: MIND continuously scans, classifies and protects sensitive data across SaaS apps, endpoints, on-premise servers and cloud environments. Compliance mandates were developed to secure the bare minimum of sensitive data for PII, PCI, PHI and others, and don’t cover those that can matter most to many organizations including intellectual property, credentials, cloud keys, financial statements and so much more.
• Context-aware protection: Instead of relying on rigid rule-based policies, MIND understands how and why data moves, ensuring smarter threat detection.
• Automated risk mitigation: Security teams spend 80% less time managing false positives, freeing them to focus on real threats..
• Seamless compliance and security: MIND ensures businesses meet regulatory requirements while also proactively and reactively protecting their data without adding unnecessary complexity.

The Bottom Line: Data security shouldn’t be just a compliance exercise

Compliance is essential, but it should be the floor, not the ceiling, of a strong data security strategy. The results from The State of DLP report confirm that organizations relying solely on compliance-based security are still experiencing data leaks, breaches and inefficiencies.

MIND helps companies go beyond compliance checkboxes to implement effective, intelligent DLP that actually protects sensitive data while ensuring regulatory alignment. Don’t settle for the illusion of security – ensure your organization is truly protected.

{children} and see how you can rethink your approach to data security.

It’s time to cut through the noise

It’s 2:00 AM. Your security team is staring at an endless stream of alerts, trying to separate real threats from false positives. Critical risks are buried in the clutter. Frustration is mounting and focus is slipping. Sound familiar? You’re not alone.

Data Loss Prevention (DLP) tools were designed to protect sensitive information, yet for many organizations, they generate more noise than signal. In fact, 91% of cybersecurity professionals agree: it’s time to cut through the noise, according to {children} report from the Enterprise Strategy Group™ (ESG) and sponsored by MIND™.

The numbers are stark. In a survey of 100 senior cybersecurity and IT leaders, we found:

• 47% of DLP alerts are false positives, wasting countless hours.
• Manual inspection is the top challenge for security teams.
• Outdated DLP tools hinder rather than empower teams, leading to inefficiency, burnout and missed threats.

It’s time to reimagine how DLP can help—not hinder—your security efforts.

The hidden cost of alert fatigue

For security teams, the stakes couldn’t be higher. Every wasted minute chasing a false positive is a minute not spent addressing real risks. The fallout from noisy DLP solutions goes beyond operational inefficiencies - it takes a human toll.

Endless alerts drain morale, stretching work hours and eroding focus. As critical risks slip through the cracks, buried in a sea of irrelevant notifications, the fear of missing something crucial becomes ever-present. Time that should be spent on strategic priorities is instead wasted on acting as human filters, leaving teams frustrated and burned out. Over time, trust in the tools evaporates, forcing teams to resort to inefficient workarounds just to stay afloat.

Far from streamlining data security, many DLP systems become bottlenecks, turning what should be an essential safeguard into a source of daily frustration.

Why traditional DLP falls short

Legacy DLP systems were built for static, on-premises environments. But today’s dynamic, hybrid infrastructures demand tools that can adapt. Traditional DLP falls short in three key ways:

1. Static Policies: Rigid rule-based configurations can’t keep up with rapidly evolving data environments.
2. Manual Processes: Teams are stuck inspecting alerts instead of addressing threats, slowing response times.
3. Fragmented Tools: Disjointed systems overwhelm teams with irrelevant alerts and competing dashboards across multiple IT environments.

More tools don’t mean better protection. They mean more noise, more inefficiency and more risks.

MIND: Cutting through the noise

It doesn’t have to be this way. MIND is a purpose-built solution that transforms how organizations approach DLP. Designed for clarity and precision, MIND uses advanced AI to deliver meaningful insights and streamline workflows.

Here’s how MIND changes the game:

• Accurate alerts: MIND eliminates false positives so your team can focus on real threats.
• Context-aware intelligence: By analyzing sensitive data in context, MIND prioritizes risks that matter most.
• Streamlined workflows: Simplified processes reduce complexity, empowering your team to act confidently.
• Time savings: With intelligent automation, MIND frees your team from manual inspections, allowing them to focus on proactive strategies.

MIND isn’t just another tool. It’s a smarter, more mindful way to secure your sensitive data.

Empowering security teams to Mind What Matters

The biggest problem with DLP isn’t the concept—it’s the execution. Noise, inefficiency and outdated tools have turned traditional solutions into liabilities. MIND redefines DLP, offering a clear path to stronger security without the clutter. Built from the ground up with simplicity, advanced AI and context-awareness, MIND discovers and classifies your sensitive data, fixes data security issues and stops sensitive data leaks.

It’s time to give your security team the clarity and confidence they need to focus on what truly matters: protecting your organization’s most sensitive data.

Ready to take control of your data security?

{children} to learn how organizations are overcoming the limitations of legacy solutions—and how MIND is leading the way.

In the fast-paced world of cybersecurity, protecting sensitive data has never been more critical. Yet paradoxically, many organizations find themselves entangled in a web of multiple data loss prevention (DLP) tools and policy sets, creating a complex environment where sensitive information can easily slip through the cracks.

The challenge: Too many tools, too much noise

According to {children} from the Enterprise Strategy Group™ (ESG) and sponsored by MIND™, 68% of organizations maintain policies across their IT environments using multiple DLP tools. This complexity raises a crucial question: Are these tools providing the protection they promise? Unfortunately, the answer is often no. Seventy-eight percent of organizations indicated that administering and maintaining existing DLP technology solutions and policies is a significant challenge.

Multiple tools and policy sets do not translate to better security. Instead, they create confusion and fragmentation, leading to inefficiencies that can leave sensitive data vulnerable. Security teams are left juggling different dashboards, each with its own alerts and configurations. This lack of integration can result in critical data being unprotected while regulatory compliance becomes a daunting task.

The real pain: Frustration and fatigue in security teams

The emotional and mental impact on security teams is profound. Constantly managing numerous tools and policies leads to frustration and burnout as they battle against an avalanche of alerts. In fact, forty-seven percent of DLP alerts are false positives, causing teams to waste valuable time chasing down non-issues instead of focusing on real threats.

Imagine a security analyst exhausted from sifting through countless alerts, trying to distinguish between legitimate threats and false alarms. The weight of this responsibility can be overwhelming. Each false positive is not just a distraction; it represents hours of work that could have been spent on proactive security measures. Compliance audits often turn into last-minute fire drills, and the fear of a potential breach looms large as critical data remains unprotected.

The lack of innovation: A stagnant landscape

While many vendors offer DLP as a feature, the lack of innovation prevents real progress in securing sensitive data. Traditional DLP solutions often rely on static rules and manual processes that are ill-equipped to handle the complexities of modern data environments. As organizations embrace cloud-first and hybrid infrastructures, the need for intelligent, adaptive solutions has never been more apparent.

The traditional approach to DLP has become a compliance checkbox rather than a proactive security measure. As security teams struggle with outdated methodologies, they find themselves flying blind, unable to accurately classify, prioritize and protect sensitive data.

A smarter approach: MIND as the solution

It doesn’t have to be this way. MIND redefines the DLP landscape by offering a DLP solution built from the ground up that addresses the complexities of today’s data environments. Unlike traditional tools that create additional noise, MIND's AI-powered platform autonomously scans your entire data ecosystem—whether in SaaS and Gen AI apps, on-premise file shares, endpoints and emails—to classify and protect your sensitive information in real-time.

MIND streamlines the process with intelligent automation, reducing the need for multiple tools and disparate policies. With MIND, security teams can expect accurate alerts with virtually no false positives, freeing up their time to mind what truly matters—protecting sensitive data and responding to genuine threats swiftly and effectively.

The future of DLP

Data security shouldn’t be this hard today, but the traditional approach to DLP is broken. More tools and policies are not the answer; organizations must simplify and streamline their DLP programs with intelligent, purpose-built solutions. By doing so, they can regain control over their security posture and ensure that sensitive data is protected without the overwhelming burden of managing multiple disconnected systems.

Are you ready to take your data security to the next level? {children} to learn how organizations address gaps in their DLP strategy and how MIND is changing the game.

Sensitive data is at the heart of every modern organization. It drives innovation, fuels strategic decisions and is the cornerstone of trust between you and your customers. But despite its critical importance, a staggering 73% of this vital data remains undiscovered, unclassified and vulnerable, according to a recent research report, {children}, of 100 senior cybersecurity and IT leaders, conducted by the Enterprise Strategy Group™ (ESG) and sponsored by MIND™.

The truth is, data security can’t succeed without full visibility into where sensitive data lives, what it contains and the context around it. In today’s fast-paced digital world, the constant growth of unstructured data—projected to double every 2.2 years—makes it even harder to stay on top of what matters. Without clear data classification, your security strategy is left in the dark, facing immense challenges:

• Prioritizing Protections: When you don’t know what data is most critical, your security efforts become scattered, leaving your organization’s most valuable assets exposed.
• Enforcing Data Security and Compliance: Without classification, data protection and compliance becomes guesswork, risking costly penalties and reputational damage.
• Responding to Threats: In the event of a data leak or breach, not understanding what’s at risk leads to slow, ineffective responses, amplifying the damage.

The gold standard for data security

Discovery and classification are the foundation of modern data security. With clarity into your sensitive data, your team can proactively protect what matters most, streamline compliance processes and respond swiftly to emerging threats.

This shift from reactive to proactive security allows organizations to stay ahead of risks and safeguard critical assets. Discovery and classification aren’t just important—they’re the gold standard in data security. In today’s increasingly complex, data-driven landscape, these efforts are no longer a luxury; they’re essential to the long-term success of a comprehensive security and compliance program.

The fuzzy problem with today’s DLP tools

According to the research report, an alarming 73% of unstructured sensitive data remains undiscovered and unclassified. That’s three-quarters of your organization’s most valuable assets left unprotected because the data is unknown.

Why does this happen? Traditional data loss prevention (DLP) tools and systems weren’t designed to tackle today’s rapidly evolving data environments and diverse sensitive data types specific to each organization. These outdated solutions rely on integration with a limited number of data sources, simple and inaccurate data classification schemes, static policies and manual oversight, struggling to keep up with:

• Sprawling cloud infrastructures
• Dynamic hybrid workforces
• Unpredictable data movements
• Rapid unstructured data growth
• Sensitive data beyond just credit card and social security numbers

Instead of providing clarity, these tools leave big gaps in sensitive unstructured data discovery with today’s modern apps and data sources, leading to data slipping through the cracks, unaddressed.

Unclassified data: A hidden threat

When sensitive data goes unclassified or misclassified, the consequences reach far beyond missed alerts. Security teams feel it the hardest:

• Wasted time: Hours are spent chasing false positives and a flood of trivial alerts, draining teams of focus and energy.
• Increased risk: Real threats remain undetected, and teams live in constant uncertainty about what they’ve missed.
• Compliance checkbox: DLP programs become compliance checkboxes since teams can’t precisely classify sensitive data that matter, such as cloud credentials, secrets, board minutes, M&A agreements, bills of materials and so much more that organizations need to protect.

Many security leaders believe this is the cost of doing business with legacy DLP tools. But it doesn’t have to be this way. Alert fatigue, endless manual oversight and sleepless nights don’t have to be the price of protecting sensitive data.

Unclassified data isn’t just a vulnerability—it’s a source of constant stress, wasted effort and avoidable risk. It’s time to stop accepting the unacceptable.

A smarter alternative

MIND redefines data security by delivering both Posture (data discovery and classification) and Prevention (data loss prevention and remediation). Unlike traditional tools, MIND:

• Scans your entire data ecosystem—whether in SaaS apps, endpoints, on-premise files shares and emails—in real-time.
• Eliminates noise and false positives, by classifying your sensitive data that matter most (think beyond credit card and social security numbers) with precision.
• Reduces the burden on your security team by automating workflows, using MIND AI to classify with precision and minimizing manual effort.

With MIND, you gain the clarity to see what matters, act on risks and threats faster and ensure that no sensitive file is left unprotected.

See the full picture

This report delves into the DLP challenges facing security leaders today and how modern solutions, like MIND, are helping organizations reimagine their data protection strategy.

{children} to explore how MIND’s approach to DLP can transform your data security efforts and drive better outcomes for your organization.

In my conversations with cybersecurity leaders, last year was a watershed moment – a stark reminder that data security is no longer a back-office concern – it's a critical business imperative. Protecting sensitive data is top of mind for these CISOs and, in 2025, the stakes are higher than ever. Organizations across every industry are grappling with a complex web of challenges – the explosive growth of generative AI, an endless stream of data security alerts and the persistent struggle to balance security with user productivity.

So, what lies ahead? What key insights will shape the data security landscape in 2025? Based on my decades of experience building and leading cyber companies and current conversations with industry leaders, here are my 5 key data security imperatives for this year:

1. It’s Time for Posture AND Prevention

Organizations are realizing the limitations of managing a patchwork of tools, each with its own interface, set of policies, reporting structures and potential for gaps in coverage. In 2025, we'll see a strong shift towards fewer data security solutions that consolidate essential capabilities – data discovery, classification, risk detection, remediation and loss prevention to name a few. This consolidation will not only streamline security operations but also reduce costs and improve overall effectiveness.

Expect to see DSPM (Data Security Posture Management) fully absorbed by more comprehensive, modern DLP (Data Loss Prevention) solutions, offering a complete lifecycle of data protection. Posture without prevention is interesting but not nearly sufficient for CISOs. Prevention without proper posture that includes accurate data discovery and classification is what plagues traditional DLP tools today. With these two Ps in a pod, security teams will get comprehensive security with visibility and classification along with detection and prevention of data leaks for structured and unstructured data at rest, in motion, and in use.

2. AI: Force (& Risk) Multiplier

Artificial intelligence is a present-day powerhouse in the realm of data security; it’s also the bane of cyber leaders with the rise of Gen AI apps like Microsoft Copilot, Google Gemini and Glean that businesses are adopting rapidly, and others like DeepSeek and Grok that consumers – and your employees – are using.

In 2025, DLP systems will go beyond stale algorithms and RegEx pattern matching for data classification and simple automations. They will use specifically trained AI and large language models (LLMs) to classify novel sensitive data types beyond credit card and social security numbers, categorize sensitive file types (think contracts, intellectual property, bill of materials and so much more), analyze user behavior, detect risks and anomalies and prevent data leaks.

This is critical because the explosive growth of generative AI platforms for business and personal use presents significant challenges by creating massive volumes of new data and opening up new avenues for data leakage and insider risks. Organizations need to be vigilant in implementing safeguards to prevent sensitive information from being inadvertently exposed through these platforms, with a focus on educating employees about the risks and implementing robust controls to limit access and monitor usage. Modern DLP solutions will be key in stopping these leaks through Gen AI apps.

3. Automation, Finally

For years, the promise of automation in data security has been tantalizingly close, yet just out of reach. The lack of trust in underlying data classification algorithms and static policies, and the resulting flood of false positives, have led to valid concerns about automation that prevent companies from even attempting it. This situation has led many organizations to rely on manual processes, draining valuable time and resources.

However, with advancements in AI-powered DLP, that's about to change. In 2025, CISOs will finally embrace AI and automation for data security, confident that these systems can accurately classify the sensitive data that matters, detect and get context around potential issues and proactively respond to risks without overwhelming security teams with false alarms. This shift will free up analysts to focus on strategic initiatives and proactive data – and business – risk mitigation.

4. Renewed Data-Centric Security Mindset

Data security is no longer an isolated function within the IT department; it's a core business imperative. In 2025, we'll see a growing adoption of a data-centric security mindset, where data protection is embedded into every aspect of the organization. Emerging tools will empower security teams to accurately manage their sensitive data, which results in the ability to keep pace with all the data the business operates with. This shift requires a collaborative approach, with security teams working closely with business units and individual users to understand data flows, identify critical assets and implement appropriate safeguards.

This shift to a data-centric security mindset is a move away from the prevailing security tool mindset, where teams look to a new system or technology to secure their data. With a data-centric approach, even specific business units will be able to enforce security on their unique forms of sensitive data. By distributing the security for these sensitive assets, enforcement happens at the point where it can be most effective; where the data is stored, sent or used.

5. Striking a Balance in DLP

The traditional approach to DLP, characterized by rigid rules, draconian controls and complicated tools, is giving way to a more nuanced strategy. Organizations recognize that overly restrictive policies usually get turned off anyway when business units complain about how much they hinder their legitimate work. Additionally, the cost/benefit analysis will swing away from complex tools that might provide a wide swath of features towards nimble tools that better protect the sensitive data that matters.

In 2025, we'll see a greater emphasis on finding the right balance between security and usability. Right-sized DLP solutions, focused on protecting critical assets while minimizing disruption to workflows, will become the preferred choice for many businesses. They won’t have to endure complex programs or tools when a more purpose-built solution can get the job done. With businesses reviewing the cost of their security programs and tools, finding ways to provide more benefits while spending less money will be key. And many legacy DLP tools won’t make the cut, with companies realizing they can achieve their data security goals with an effective and nimble strategy.

Time to balance proactive and reactive data security

2025 promises to be a pivotal year for data security. By understanding and embracing these key trends, organizations can navigate the evolving data risk landscape and safeguard their most valuable assets. It's time to move beyond just reactive measures and build a proactive, data-centric security posture that supports innovation and drives business growth.

In this rapidly evolving environment, simply reacting to threats is no longer enough. We need to adapt and proactively safeguard our most valuable assets. This requires a fundamental shift in our approach to data security, one that embraces innovation, prioritizes efficiency and effectiveness, and fosters a culture of shared responsibility.

See our {children} to learn more about how we're already helping customers with these critical imperatives.

FBI's PSA of North Korean IT workers

The digital age has blurred geographical boundaries, allowing businesses to tap into a global talent pool. But this interconnectedness also brings new risks, as flagged by the Federal Bureau of Investigation (FBI) about North Korean IT workers. These individuals, dubbed "IT warriors," increasingly use fake identities to secure remote IT jobs at US-based companies, not to contribute but to steal sensitive data and intellectual property. This warning by the FBI highlights potential external threats and bad actors working as insiders to exfiltrate sensitive data, demanding a robust and modern approach to data protection for organizations.

These workers appear legitimate and often have the surroundings of an IT outsourcing company. These companies are as fake as the workers they provide. Authorities are working to take down these fraudulent companies' websites, but you can be sure more will pop up. The FBI recommends data monitoring and data loss prevention (DLP) controls to detect, identify and stop data leaks from these types of threats.

Impact of malicious insiders

Once inside, they can exfiltrate code, proprietary data, and even customer information, potentially leading to:

• Financial losses: Data breaches can be incredibly costly, involving extortion, ransom payments, regulatory fines, legal fees and remediation efforts.
• Reputational damage: Losing sensitive data can erode customer trust and negatively impact a company's brand image.
• Intellectual property theft: Competitors could gain an unfair advantage if trade secrets or proprietary technology are stolen.
• Disruption of operations: Significant data loss events can disrupt business operations, leading to downtime and lost productivity.

Legacy DLP and DSPM are not enough

Traditionally, companies have relied on {children} to mitigate these risks. However, legacy DLP tools are struggling to keep pace with today's complex threat landscape. They often fail to:

• Discover all sensitive data: Legacy DLP tools often rely on predefined rules and patterns, making them ineffective at identifying sensitive data that doesn't fit these parameters.
• Accurately classify data: Manual classification is time-consuming and prone to errors, while automated classification in legacy tools can be narrow and unreliable, leading to numerous false positives.
• Enforce policies effectively: Cumbersome policies and enforcement workflows can lead to users finding workarounds, rendering the legacy DLP tools ineffective.

While data security posture management (DSPM) solutions have emerged to help locate and classify sensitive data, they typically lack the ability to find and classify unstructured data (e.g. business files), enforce policies and prevent data leakage. This leaves a critical gap in a company's security program.

A new approach to DLP and Insider Risk

To effectively combat evolving insider threats, a new approach is needed. MIND's modern {children}offers a comprehensive suite of capabilities to protect critical data from malicious insiders:

• Complete sensitive data discovery: MIND connects to all your data sources (SaaS apps, endpoints, on-premise file shares and emails) to identify sensitive data, regardless of format or location.
• Accurate and automatic classification: {children} is a multi-layer AI engine that classifies and categorizes sensitive data with high accuracy, significantly eliminating the need for manual intervention and the flood of false positives experienced with legacy DLP tools.
• Effective policy enforcement: MIND enforces policies in real time, preventing data leakage and ensuring compliance with regulations. It can also interact with end-users directly (within policy) to help educate and steer them toward the right data security actions.
• Complete audit trail: MIND provides a detailed lineage and audit trail of all data activity, enabling security teams to monitor and investigate potential threats. It can also highlight anomalous users with a consistently high risk of data leakage for closer inspection.

By combining these capabilities, MIND empowers organizations to proactively protect their data from malicious insiders without hindering productivity or stifling collaboration.

Modern DLP made for future risks

The threat of malicious insiders is real and growing. North Korean IT warriors are just one example of the sophisticated tactics being used to compromise sensitive data. Companies must adopt a proactive and comprehensive approach to data security.

MIND's modern DLP solution offers a powerful combination of advanced technology and user-friendly features to protect critical data from all types of insider threats. With MIND, businesses can embrace the benefits of a global workforce without compromising their security posture. By investing in robust data protection, organizations can create a secure future for themselves and their stakeholders.

Vulnerability of browser extensions exposed

In a widespread phishing campaign, attackers gained access to the source code of several Google Chrome extensions and injected malicious code. While not a targeted attack, this breach prompted affected companies, including data security vendors, to swiftly patch their extensions.

Legitimate business tools compromised

Browser extensions are indispensable tools, often used for legitimate business purposes. On average, a business user might have around 10-15 browser extensions installed for various productivity, security and utility purposes. However, their access to sensitive data, such as usernames, passwords and cookies, makes them an attractive target for cybercriminals. The goal of the most recent publicized attack was clear: to harvest credentials and session data for future exploitation.

MIND's best practices for our browser extensions

At MIND, we recognize the critical role our browser extension plays in sensitive data loss prevention (DLP) within SaaS applications and on endpoints. That’s why security is always top of mind.

Here are the best practices we employ to make sure our MIND browser extensions are safe and secure:

• Source code review: Our source code is reviewed to ensure it’s free from malicious code injection.
• Privileged access controls: A very small number of people have access to our source code and we follow strict privileged access controls.
• Rigorous deployment workflow: The entire MIND browser extension deployment workflow is written as code and audited, and deploying a new version requires manual approval.
• Security awareness training: Our employees regularly engage in active phishing education and testing.
• Penetration testing: Routine penetration tests help us proactively identify and remediate potential security issues.

Vigilance is key to protecting customers

While this attack highlights the dangers of phishing and compromised browser extensions, it also underscores the importance of robust security practices. At MIND, we remain vigilant, ensuring that your data stays protected, even in the face of evolving threats. {children}how MIND stops data leaks on endpoints and web browsers.

The Next Chapter

I joined Armis at the start of the COVID pandemic when it was already a thriving company with a talented team and a growing customer base. Since then, Armis has grown exponentially - crossing the $200M ARR mark, expanding to 800+ employees and partnering with many Fortune 500 companies.

The journey has been rewarding, and I’m grateful for the lessons learned in shaping product strategy and driving growth. After leading product teams through this exciting phase, I’ve decided to take on a new challenge: building and leading a product organization at an early-stage cybersecurity startup with an innovative vision and strong momentum.

Why Data Loss Prevention?

As I considered my next move, I spent a lot of time analyzing emerging market trends and opportunities in cybersecurity. There’s no shortage of buzzwords and new acronyms in this space - many promising to address unmet needs, while others are already crowded with competing startups that struggle to differentiate themselves.

But one area stood out: data security, specifically data loss prevention (DLP).

DLP is not a new concept. In fact, traditional data protection products have been around for years. Yet, surprisingly, many of these solutions remain complicated to implement and resource-intensive to manage. Moreover, they tend to focus more on compliance than true security.

What’s more, traditional DLP systems struggle to adapt to the way modern organizations manage and use data today. With data now dispersed across cloud environments, SaaS applications, AI-powered tools, endpoints, on-premise file shares and email, and accessed from almost anywhere, these legacy solutions simply aren’t built to handle the complexity.

On the flip side, newer entrants into the data security space often don’t go far enough. Instead of proactively preventing sensitive data leaks, many focus on issue discovery or posture management without actually blocking leaks at the source.

It was clear to me that DLP needed a major upgrade. I’m excited to tackle that challenge.

Why MIND?

When I first met the founders of MIND - Eran, Itai, and Hod - I knew I had found something special. Their blend of deep technical expertise, successful business experience and a shared vision for a bold future was compelling. It wasn’t just about a great idea; it was about execution.

MIND’s approach to data security resonated with me immediately. The team not only understands the challenges of securing sensitive data in today’s fast-paced, highly distributed environment but is also committed to solving these challenges head-on. With a {children}, they’re building a solution that doesn’t just identify risks but actively prevents data leaks, all while being intuitive, easy to use and simple to operate.

In short: MIND is developing a {children} that actually works - and works for you.

I’m thrilled to be joining MIND at this exciting time in its journey. I look forward to contributing to the vision of advancing DLP to meet the needs of the modern enterprise.

One of the most transformative periods of my early career was the nine years I spent in the Israeli Military Intelligence Unit 8200. At the time, there was a lot happening in cybersecurity innovation, and the 8200 was at the forefront. The projects I worked on were complex and challenging—they were also groundbreaking. We were part of building very exciting new technologies.

After my military service, I worked at startups as a software engineer and product management leader, and was the first employee at Dazz, specializing in real-time vulnerability detection and remediation. This time in my career solidified my belief in the power of a strong team, and the importance of staying adaptable in the face of every challenge. As a co-founder of {children}, these beliefs have guided me.

Building powerhouse teams

The majority of my years in the 8200 were spent as a team leader, and I became very adept at seeing ability and building powerhouse teams. In recruiting, there are certain qualities you look for. Of course, first everyone needs to be able to function as part of a team. This means respecting each other’s strengths and skills, communicating, and being adaptable.

Beyond that, I’ve found that the best teams have a balance of different kinds of thinkers. You can’t have a team of all humble people the same way you can’t have a team of all risk-takers. The most exciting and successful innovation happens when there’s a push-and-pull dynamic of different personality types.

I also look for people who are optimistic. It’s too easy to be discouraged in the face of adversity, especially when solving very complex problems. Being in the mindset of building things means having a clear vision and not being afraid of the past. Whatever happens, even when things don’t work as planned, the whole team has to stay optimistic and keep moving forward.

Lastly, I look for people who are driven by curiosity. Someone who’s curious and really, really hungry to learn is going to constantly find new ways to be creative. This person is far more valuable to the team than someone who thinks they’ve seen it all and knows it all. I’m always trying to nurture that spark of curiosity in the people around me.

Always solving something

I’m interested in a lot of different things, and I enjoy solving all kinds of problems in my head. Even something as simple as crossword puzzles, my mind will keep thinking about it until I get the answer. It’s like a natural instinct for me, I just really enjoy figuring things out.

When it comes to technology, I want to know every aspect of it. I’m curious about how it works, how it was made, and how I can break it. I’m immediately taking it apart in my mind and thinking about how to make it better.

Embodying ‘just do it’

My absolute favorite philosophy is ‘don’t wait.’ This mantra has guided me in both my personal and professional life. There will always be problems. But there are solutions everywhere, and you need to be able to go forward and try things. It’s important to me that I empower people with the confidence to take immediate action. As long as they know the shared vision, they’ll move in the right direction.

Sure, there will be times when you need to sit with something. You might think for a week, or more, or however long it takes while you figure out certain aspects in your mind. But then there’s a point when you need to be hands-on. Make a decision. Just go.

Sometimes the ‘aha’ moment will come when you’re planning. Sometimes when you’re building. And sometimes it will come after you’ve been working on it for some time. Whatever the problem, I try to begin with something that will give me feedback. This way you can be sensitive and respond to whatever’s happening.

There have been many situations when I didn’t know what the end solution would look like. I made a choice to move forward despite the uncertainty and figured it out. The journey is part of the process.

Starting a company

Many of my peers in the 8200 knew from a young age they wanted to start a company, and it was really important to their identity. I never really shared that same kind of ambition. I just knew I wanted to build things.

It took me a while to realize that starting a company was the best way to do this. It’s an incredible opportunity to start from the beginning. To build the vision, the team and the technology. Once I realized this was my path, I started to think like a founder. I watched other founders and learned from them.

Taking on data loss prevention

With MIND, one of the early unexpected challenges was the market we were targeting. You might think that going into an established space like data security would be easier, especially when there was such an obvious need for improvement. But that wasn’t the case. We were entering a market that hadn’t evolved for three decades.

For me, the most exciting part of starting MIND was going from zero to one. That’s where the most unknown was, where we asked the biggest questions and encountered the hardest problems. My co-founders, Eran (CEO) and Itai (CTO), and I were never discouraged by setbacks. We focused on what was important and figuring things out. We have the resources to experiment and find what’s exactly the product that will be able to take us to the next level in data security, especially in data loss prevention (DLP).

Whether it’s starting a company or building something new, if you want to do something, just do it. Don’t waste energy thinking about reasons why you shouldn’t. If it’s important, then it’s worth doing. Don’t postpone, just start.

Before co-founding MIND, I worked in cybersecurity at the prestigious Israeli Military Intelligence Unit 8200. After that, I worked at Axonius and then Torq, both remarkably innovative companies who were early in pioneering AI-driven operations. At both places I was also among the first employees, giving me rare insight and experience in building and scaling companies from the ground up.

Building from the ground up

At Torq, I had the unique opportunity of being the first employee. Starting a company from zero is such an incredible experience. When you first come in there’s nothing—no code at all, no processes, no culture. To be accurate, there were three of us first employees who started at the same time, so we did this together. I vividly remember sitting in the room and saying, ‘ok, let’s start.’

Even before, when I was at Axonius, it was a similar experience because I was such an early employee. We were so small and the technology was so early. It’s incredible to see where the company is today. Now it’s a successful business with nearly 700 employees and a cybersecurity unicorn in its market.

People ask me what it’s like to start a startup. To be honest, it’s not scary to start. It’s the day-to-day that’s very intense. There are so many different things you need to be thinking about, and each of those is equally big and equally important. From hiring to marketing and sales, to obsessing over the customer. And it’s a startup, so nothing is set.

Now at MIND, I’m bringing along with me everything I learned. One thing that’s a little different is our transparency with the team. We’re very open about what’s happening with the company. We record meetings and provide summaries for everyone to see. The engineers putting the work in and building the product deserve to know why certain decisions are being made. I do my best to do right by them.

Inspired by relentless dedication

I’ve always believed that success is earned through hard work, perseverance and a commitment to constant improvement. From a young age I’ve been surrounded by exceptional minds. Many of my own family members are some of the smartest people I’ve ever known. Some of my closest peers from the 8200 have founded their own successful companies, and I’m inspired by their brilliance. I’ve also seen firsthand the level of discipline and effort it takes.

Being around greatness is its own kind of motivation. I think this gave me a special power: I practice, put the work in and don’t give up until I succeed. For me, mediocrity has never been an option. I’ll relentlessly work on a problem until I figure it out.

And I love it—this work ethic is part of who I am. I have an innate desire to do the hardest things. I find myself seeking out the biggest and toughest challenges, wanting to solve the unsolvable. My co-founders {children} and Hod share this sensibility. We knew our vision for MIND was big and ambitious. We knew it would be really, really hard. But we knew we could do it.

Learning from mistakes

Whenever you do hard things, there will be things that inevitably go wrong. Early on in my career I learned how important it is to acknowledge failures. I’ve watched other people try to hide from failure, and they point to which factors had been out of their control. To me, that’s missing out on a crucial opportunity to learn. Don’t just say ‘oh that didn’t work so let’s do something else.’ Instead, fully own and honestly evaluate what happened. Mistakes do happen. That’s okay. Because they make us better.

The reality is, no matter how much effort you put into your work, you’re going to fail from time to time. There will always be things we can’t control. Don’t take these things for granted. Confront what you’re good at—or not good at—so you know where to ask for help. It will prevent you from repeating the same mistake, and you’ll be a better person for it.

Finally doing data security right

When you look at the cybersecurity industry as a whole, there are five or six categories that are essentially the core building blocks for everything else. But data security has always been an outlier because it’s extremely hard to execute. This is a really, really important domain, but it’s very challenging. Until we came along, nobody seemed interested in solving it.

Before MIND, the building blocks of data security hadn’t meaningfully changed in decades. It’s always been the same players with the same technology that was developed in the 1990s. Every data security vendor since then has been plagued with the same issues: false positives and untrustworthy results. Not to mention expensive, cumbersome, manual and draining on time and resources.

It’s no wonder CISOs have been asking themselves if it’s even worth the effort. Under the surface, meaningful innovation just wasn’t taking place. Not only was it a really difficult problem, but the domain wasn’t seen as exciting. Customers didn’t like their data loss prevention (DLP) options. Vendors weren’t evolving. And everyone just kept using the same tools anyway for compliance reasons rather than for cybersecurity and risk reduction. Meanwhile, analysts were already starting to call data security an obsolete and unsolvable category.

The Dr. Jekyll and Mr. Hyde of AI in cybersecurity

We saw early on that artificial intelligence would be a Dr. Jekyll and Mr. Hyde scenario in cybersecurity. On the one hand, Generative AI was increasingly being leveraged for amazing business productivity, but on the other, it was an emerging source of sensitive data leaks by employees using it. We actually saw an opportunity to innovate with next-generation AI technology to transform how DLP is done.

{children} is the result of years of perseverance and hard work. We finally built a solution that understands sensitive data based on context. Once we taught our AI engine how to learn to accurately decipher and classify the information, we could tailor algorithms and policies, enabling the entire solution to ultimately run on autopilot.

For years, conventional DLP tools have been widely regarded as mediocre. I don’t believe in mediocrity, and organizations shouldn’t have to settle for it. That’s why we created MIND. My co-founders and I knew we could solve this problem. So we relentlessly worked on it until we figured it out.

Minding the Gaps

MIND isn’t just an incremental upgrade; it’s a reimagining of DLP. Traditional DLP solutions have been clinging to outdated client-server models, struggling to keep pace with the needs of today’s multicloud and SaaS environments. Designed for static, on-premises setups, these tools often miss the mark on accuracy and efficiency, resulting in frustratingly high false positives and missed threats.

A Fresh Mindset
MIND bridges old DLP gaps with real-time accuracy and adaptability. That’s already a major step up. But what truly sets MIND apart is its use of {children}. The platform’s real-time, contextual visibility allows security teams to pinpoint data risks and respond to genuine threats with far greater precision than we’ve had before.

Mindful Innovation

MIND’s launch underscores the critical need for continuous innovation–even in cybersecurity’s dustiest corners. There are a lot of lessons to be learned from how their fresh thinking and application of new technology is finally breaking through persistent challenges and transforming tired, longstanding practices. MIND’s success serves as a powerful example of how core issues need constant rethinking. This proactive and forward-thinking approach is essential for staying ahead in an ever-evolving threat landscape.

Keeping Minds Aligned

This marks our second collaboration with {children}, CEO of MIND. Our previous partnership was with Hexadite, which was successfully acquired by Microsoft. Eran brings a wealth of experience from his roles at Microsoft and as a seed investor in cybersecurity. Joining him at MIND is CTO Itai Schwartz and VP of R&D Hod Bin Noon, both highly impressive technologists with particularly distinguished experience in building massively successful products from the ground up.

At YL Ventures, we seek out founders who are not only highly skilled but also deeply committed to tackling critical challenges. With MIND, we have found a team dedicated to advancing the field of DLP. Our partnership has been characterized by mutual respect and a shared vision, and we are excited to support this groundbreaking solution.

Working with Eran, Itai and Hod has been a privilege. The team’s visionary approach and dedication to enhancing data protection have been key to bringing MIND to fruition. As we continue to back MIND, we eagerly anticipate how their innovative solution will drive progress in data security and set new benchmarks for the industry. This collaboration exemplifies how visionary leadership and cutting-edge technology can transform cybersecurity and push the boundaries of what’s possible.

Hello world!

I’ve always had an entrepreneurial spirit. Even from an early age, I knew I wanted to build something of my own. My career began in the Israeli Defense Forces (IDF) Intelligence Unit, where I oversaw critical technological defense operations. Later, I co-founded Hexadite, the pioneering startup to tackle Automated Incident Response that became known as Security Orchestration, Automation, and Response (SOAR).

At Hexadite, we created a fully automated solution that enabled organizations to automatically investigate and remediate cyber-alerts. By revealing hidden threats and helping them remediate breaches through automation, we played a crucial role in helping companies be more secure. Looking back, where our platform added the most value was from data loss prevention (DLP) alerts. I’d say more than half of the alerts the platform investigated came from DLP tools, and a majority of those were false positives.

Building a startup from the ground up is no small feat, and having worked tirelessly to build and scale Hexadite, it was exciting yet bittersweet when the company was acquired by Microsoft in 2017. As CEO, I was responsible for choosing the right partner and negotiating the acquisition. What helped me was having deep knowledge of the industry, along with a natural instinct for knowing when timing is right.

After the sale of Hexadite, I founded and led the Microsoft Intelligent Security Association (MISA) program, working closely with hundreds of security vendors, including the Microsoft Information Protection (MIP) team. I saw firsthand the challenges of data security solutions, and in particular DLP tools. Since leaving Microsoft I’ve continued to invest in cybersecurity startups with a focus on data security, which I always found extremely interesting. So when I was thinking about what to build next, I knew it would be in this space.

Mind meld

However, the full picture of MIND wasn’t clear until I met my co-founders Itai and Hod. Together, we spoke with more than a hundred CISOs, and it was obvious that innovation was needed in DLP. Even to this day, false positives continue to plague conventional tools, which leads to a host of major problems for companies. They’re a drain on budgets and resources, and are becoming increasingly ineffective with today’s explosion and sprawl of data.

Plus, people are now putting sensitive data into Gen AI tools, which is a cause for concern when it comes to data security. But innovation in AI has also been good for us at MIND. The maturity of AI has enabled our technology to achieve its potential, specifically with our proprietary {children} engine that autonomously monitors billions of data events 24x7 in real-time, classifies and categorizes sensitive data with precision to dramatically reduce false positives and noisy alerts, and remediates issues and risks with insightful action.

Time is now to scale

This moment coming out of stealth is definitely sweet after 18 months of hard work developing our product, delivering value to early customers and building our go-to-market engine. Now, we're completely ready for scale. At the beginning, building the early team was so important. Today, we have the right people and the go-to market plan. Plus we’re constantly developing the team so they can continue to build and scale.

I believe that everything happens for a reason, and everything that happens is meant to be. I’ve seen this play out many times, both in business and life. There will always be setbacks, but we need to understand these as opportunities—stepping stones to something greater. Throughout my career, this belief has been my fuel. Everyone who wants to make an impact in this world will need to do hard things. The path will never be easy, but how we walk it makes a huge difference. And today we are ready to run and help our customers truly mind what matters.