As scaling up AI deployments can increase data risk, organisations need the ability to classify, govern and continuously monitor all of their data and AI.
This is according to Veeam data trust experts speaking during a webinar hosted by Veeam in partnership with ITWeb. They noted that many organisations are trying to scale AI without full visibility into where sensitive data resides, how it is classified, and who or what has access to it.
They emphasised that this lack of visibility increases privacy and compliance risk, slows adoption and reduces stakeholder confidence.
Tahir Latif, chief trust officer, EMEA, Securiti.ai at Veeam, said risks are increasing as agentic AI enters enterprise environments.
“Agents are fantastic, but the risks are real,” he said. “Agents do not simply generate answers. They make decisions, take actions, and can modify data and workflows. Agentic AI is the inflection point. When an AI agent acts across enterprise systems, can you see what it touched, why it touched it, whether it was authorised, and how to undo what it has done?”
Latif said because of this, the AI governance conversation must move beyond prevention. “When something goes wrong, can the organisation detect, contain, investigate, restore and improve?” he asked.
“We tend to assume AI outputs have no upstream impact. But recent incidents have shown that autonomous AI can directly affect organisational data. In one high-profile case, it deleted an entire production database and backups.
“It is no longer enough to have an AI policy. Organisations need continuous control loops to govern AI actions in real-time. They must be able to understand what AI has done to their data and assets, both upstream and downstream.”
A poll of attendees found their highest priorities when it comes to AI data readiness are locating sensitive, regulated and high value data (29%) and understanding which AI systems, copilots and agents can access that data (27%).
A further 22% prioritise tracking agent actions and approvals, 14% prioritise policies to allow or deny data usage, and 5% prioritise proving data recovery and control to stakeholders.
Mark Govender, manager, technical sales for Africa at Veeam, said organisations across Africa face data visibility gaps, AI trust gaps and resilience gaps.
“Organisations are challenged in identifying what data and AI assets exist across environments, what sensitive data exists in those environments, what entitlements AI agents have, and what controls are in place,” he said.
The speakers highlighted Veeam’s Data Command Graph, which maps structured, unstructured, primary and secondary data, and provides context by connecting it to every identity, AI model and system that touches it across its lifecycle.
“Veeam’s approach is a single platform, one control layer across the entire data estate. It provides full visibility into where data sits, how it is used, and who or what can access it,” Govender said.
“Once data is understood, it must be secured. Veeam applies protection at the data object level, taking into account sensitivity and risk, including identifying toxic combinations such as sensitive data in exposed environments. The third pillar is resilience, ensuring organisations can recover clean, trusted data with precision when something goes wrong,” he said.
Govender added: “The Veeam Agent Commander capability directly addresses the rise of agentic AI. It gives organisations the ability to detect AI, protect AI and reverse the impact if an agent acts incorrectly. Agent Commander discovers and catalogues every agent and model across the environment, providing full context on risk, ownership, entitlements and activity.
“It also enables organisations to restore corrupted or deleted data with precision; for example, in the event of prompt injection. Agent Commander acts as a unified control layer to operationalise data, AI security and resilience, helping ensure compliance and accelerate safe AI at scale.”
Share
