When 'Who Touched The Data' Is No Longer A Person

Ariel Zamir is Co-Founder & CEO of Ray Security.

getty

Ask any security leader what the most fundamental question in data protection is, and the answer is always the same: Who touched the data?

Every audit, incident investigation and compliance review begins there. Access logs exist to answer it. Regulators demand it after a breach. When something goes wrong, boards want to know exactly who accessed sensitive information, when it happened and why.

For decades, the question carried an assumption so obvious it was rarely stated. “Who” meant a person, an employee, contractor or partner with credentials tied to an identifiable individual. Data security programs were built around that assumption.

That assumption is now breaking.

The most consequential shift in data security today is not a new attack technique. It is that the definition of “who” has changed, and many security programs have not yet adapted.​

A New Class Of Actor

Agentic AI refers to autonomous systems capable of retrieving information, making decisions and executing multistep tasks without continuous human direction. Unlike chat-based tools, these systems act. They query databases, access documents, call APIs and move data between systems to complete workflows.

They are already embedded in enterprise environments, supporting research, automating financial processes and coordinating operations. Their activity is often larger in scale, and faster in execution, than that of human users.

Research from Obsidian Security found that AI agents can move significantly more data than humans. In one documented case, a single agent downloaded over 16 million files, while all other users and applications combined accounted for a fraction of that volume. The activity went undetected, not because of negligence, but because existing controls were never designed to observe it.

This gap between what AI agents are doing and what security teams can see is emerging as a central challenge.​

Why 'Who' Was Always Human

Modern data governance is built on human accountability. Individuals can be identified, audited, disciplined or held legally responsible. Frameworks such as GDPR and HIPAA assume that someone is ultimately responsible for how sensitive data is accessed and used.

AI agents do not fit that model. They have no employment contract, no role on an organization chart and no legal standing. When an autonomous system exposes or misuses data, responsibility becomes diffuse, shared across developers, operators and vendors.

That ambiguity creates a structural gap in accountability.​

Where Existing Controls Fall Short

AI agents challenge several core assumptions in current security architectures.

They weaken the link between identity and accountability. Many operate through shared service accounts or API keys, making it difficult to attribute actions to a specific system or trigger.

They expose the limits of permission-based models. Traditional controls answer a binary question: Does this entity have access? They do not account for how much data is accessed. An agent can operate within its permissions while retrieving data at a scale no human would reasonably need.

They also evade behavioral detection. Monitoring tools are tuned to human patterns, such as unusual login times, spikes in activity and deviations from routine. An AI agent executing large-scale data operations at consistent intervals may appear entirely normal.

Individually, these gaps are manageable. Combined, they create a blind spot.​

A Measurable Readiness Gap

Adoption is moving faster than governance. Research from McKinsey & Company shows that enterprises expect the adoption of AI agents to more than double in the coming years, with nearly half anticipating AI embedded across the cybersecurity stack.

At the same time, security models are still catching up. As autonomous systems begin to operate at machine speed, risk is shifting beyond authentication into what happens after access is granted, within multistep workflows executed independently by agents.

This is not a new pattern. Security has repeatedly lagged behind technological adoption. What is different here is the pace. Agentic systems are being deployed across enterprises in months, not years.

Redefining 'Who'

Addressing this shift begins with updating a simple definition. When organizations ask “Who touched the data,” the answer may now include a human, an autonomous system or a chain of systems acting on a human’s behalf.

Security programs that cannot distinguish between these actors are increasingly incomplete.

Three practical changes follow. First, AI agents need to be treated as first-class data actors, subject to governance and audit controls similar to those applied to human users. Second, their identities must be individually attributable, replacing shared accounts with traceable system-level identities. Third, monitoring must extend beyond permissions to actual data usage, including what is accessed, at what scale and whether that aligns with intended behavior.​

A Familiar Pattern, A Deeper Shift

Enterprise security has evolved through definitional changes. Zero trust emerged when organizations recognized that being inside the network no longer implied trust. Cloud security matured when the perimeter stopped aligning with physical infrastructure.

Agentic AI introduces a similar shift, one that operates at a deeper level. It changes not where data lives, but who or what interacts with it.

Until security models reflect that reality, organizations will retain a structural blind spot at the center of their data protection strategies.

The question has not changed.

Who touched the data?

Increasingly, the answer will not be a person.

Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?