As artificial intelligence becomes embedded across enterprise workflows, a less visible risk is beginning to surface. Organisations are generating, analysing and acting on more data than ever before, but the moment that data leaves the enterprise boundary, whether shared with partners, regulators or customers, control often weakens. In an era of AI driven decision making, that loss of control is becoming a strategic vulnerability rather than a technical oversight.
This tension sits at the heart of a newly announced partnership between Kiteworks and Concentric AI. The collaboration is focused on securing data in motion, an increasingly critical challenge as organisations rely on AI systems that consume, transform and redistribute sensitive information across cloud services, applications and external ecosystems.
The partnership reflects a broader shift in enterprise security priorities. While significant investment has been made in understanding where sensitive data resides, far less attention has been paid to what happens when that data needs to move. Yet AI applications depend on precisely this flow of information, making data sharing both unavoidable and risky.
Why AI is changing the data security equation
AI systems thrive on access to data. From training models to powering generative tools embedded in everyday workflows, the value of AI lies in its ability to operate across large, diverse datasets. However, those datasets often include regulated or sensitive information, ranging from personal data governed by GDPR to sector specific material covered by frameworks such as HIPAA or CMMC.
The challenge for enterprises is not simply discovering where sensitive data sits, but maintaining control when it must be shared externally. File sharing platforms, managed file transfer, APIs, email and data collection forms are all essential to modern business operations, yet each introduces potential exposure. Traditional security controls, often designed for static data at rest, struggle to keep pace with dynamic, AI driven data flows.
Concentric AI addresses part of this problem through its Semantic Intelligence platform, which uses AI to autonomously discover, classify and monitor sensitive data across cloud and on premises environments. Its capability extends across data at rest, data in motion and the growing range of generative AI applications that employees interact with.
What the partnership adds is enforcement. Kiteworks’ Private Data Network consumes Microsoft Information Protection labels applied by Concentric AI, allowing those classifications to directly trigger automated security policies when data is shared outside the organisation. In practical terms, this means decisions about copying, downloading, access duration and usage rights can be enforced consistently, without relying on manual intervention.
From insight to enforcement
One of the persistent criticisms of data security posture management has been that insight does not always translate into action. Organisations may know where sensitive data is and how it is classified, but still lack the mechanisms to ensure that this knowledge shapes real world behaviour.
By integrating Concentric AI’s data risk insights with Kiteworks’ automated policy enforcement, the partnership aims to close that gap. When data is labelled as confidential or tagged with compliance specific markers, Kiteworks can automatically apply appropriate controls, including encryption, access restrictions, watermarking or possessionless editing, as that data moves beyond the enterprise boundary.
David Byrnes, vice president of global channels at Kiteworks, framed the issue as one of continuity. Organisations invest in understanding their sensitive data, he said, but protection requires governance that follows the data wherever it travels. The combined approach is designed to provide continuous protection from discovery through to secure external collaboration.
Dhruv Jain, vice president of product at Concentric AI, highlighted a complementary challenge. Enterprises, he argued, struggle not only to discover sensitive data, but to maintain control once that data needs to be shared with partners, customers or vendors. Aligning classification with enforcement ensures that security decisions are reflected in day to day operations, rather than remaining abstract policy statements.
Governance as an enabler rather than a brake
The partnership also speaks to a wider recalibration of how governance is viewed in AI driven organisations. As AI systems automate decisions and actions, governance can no longer be a periodic compliance exercise. It must operate continuously, in real time, and at scale.
By automating enforcement based on data classification, organisations can reduce manual processes while improving auditability. Complete audit trails support compliance analysis and regulatory reporting, an increasingly important consideration as scrutiny of AI driven data use intensifies.
Kiteworks and Concentric AI say the partnership will focus particularly on regulated sectors such as healthcare, financial services, energy and government, where the consequences of data leakage are most acute. Support for frameworks including HIPAA, GDPR, CMMC and NIST 800-53 positions the collaboration within existing regulatory expectations, rather than attempting to redefine them.
As enterprises accelerate AI adoption, the risks associated with uncontrolled data movement are becoming harder to ignore. The partnership between Kiteworks and Concentric AI reflects an emerging consensus that AI security is not just about protecting models or infrastructure, but about governing the data that fuels them. In that sense, data in motion may prove to be one of the defining security challenges of the AI era.
