Security Teams Struggle to Track Data as AI Expands
Some 82% of cybersecurity professionals report visibility gaps in tracking sensitive data, exposing enterprises to growing cybersecurity risks. This comes from a new report from Bedrock Security, “The 2025 Enterprise Data Security Confidence Index.” It highlights organizations’ challenges in managing AI-driven data growth across complex cloud environments.
“Organizations now generate, copy, and store data across multiple environments—including IaaS, PaaS, and SaaS—creating numerous blind spots,” said Bruno Kurtic, CEO and co-founder at Bedrock Security. “This survey shows this problem is widespread and likely getting worse.”
A Librarian With No Catalog
Think of a cybersecurity team as librarians trying to manage a massive library without a catalog. They know data exists but don’t know where it is; who has access to it; or even how valuable it is. A lack of information like this makes it almost impossible to protect sensitive data and respond to security incidents quickly.
The survey, conducted among 530 cybersecurity professionals, found that most security teams need days or even weeks to locate critical data. With cyber threats evolving rapidly, these sorts of delays create serious vulnerabilities.
AI Responsibilities Are Expanding, but Security Lags Behind
The study reveals that nearly 60% of security professionals took on new AI data responsibilities in the past year. However, only 48% of organizations express confidence in controlling the sensitive data used for AI/ML training.
Security professionals face four key challenges in managing AI-related data security:
- 79% struggle to classify sensitive data used in AI systems.
- 77% cannot ensure AI systems respect proper access rights.
- 64% have difficulty tracking sensitive data used for training AI.
- 57% struggle to enforce policies on AI data usage.
Beware of the new thing, it seems appropriate to add. This gap between AI adoption and security oversight increases the risk of data breaches, compliance failures, and AI model corruption.
Metadata Lakes Could Solve the Data Visibility Crisis
Here’s what the study found: pretty overwhelming support:
- 88% of cybersecurity professionals see metadata lakes as “critical” or “very valuable” for improving visibility.
- 84% believe metadata lakes ensure accurate, real-time data inventories.
- 78% say they enhance security tools with better data awareness.
“Security teams just can’t keep up with the complexity created by the speed and volume of data generation,” said Kurtic. “Without effective automation and comprehensive visibility, they’re going to continue facing increased risks.”
Security Leaders See the Challenge Differently
The report uncovered key differences in how various security roles approach AI and data visibility challenges:
- CISOs/CSOs/CTOs (70%) are focused on AI data usage governance.
- Security Managers (55%) prioritize AI training data governance.
- Security Engineers (52%) are tasked with AI data discovery.
Despite the differences, they all agree (shocker) that data visibility is essential for securing AI-powered enterprises.
What’s Next for Enterprise Security?
As AI adoption accelerates, organizations plan to:
- Strengthen AI/ML data governance (70%).
- Improve policy enforcement across cloud environments (64%).
- Enhance data classification accuracy (58%).
“Organizations recognize they must know what data exists, where it lives, who can access it, and how sensitive it is,” said Kurtic. “Without this foundation, securing AI and cloud environments will remain a significant challenge.”
About the Study
The 2025 Enterprise Data Security Confidence Index surveyed 530 U.S.-based cybersecurity professionals from organizations with 1,000+ employees. Respondents included CISOs, security managers, and security engineers. The survey was conducted in February 2025.
