Get your free personalized podcast brief
We scan new podcasts and send you the top 5 insights daily.
The operational plan for secure data control involves "Trusted Research Environments" (TREs). In this model, researchers bring their code to the data's secure location to run analyses, rather than downloading the sensitive data itself. This allows for valuable research while preventing leakage.
Related Insights
To meet strict enterprise security and governance requirements, Snowflake's strategy is to "bring AI to the data." Through partnerships with cloud and model providers, inference is run inside the Snowflake security boundary, preventing sensitive data from being moved.
To manage security risks, treat AI agents like new employees. Provide them with their own isolated environment—separate accounts, scoped API keys, and dedicated hardware. This prevents accidental or malicious access to your personal or sensitive company data.
Traditional AI security is reactive, trying to stop leaks after sensitive data has been processed. A streaming data architecture offers a proactive alternative. It acts as a gateway, filtering or masking sensitive information *before* it ever reaches the untrusted AI agent, preventing breaches at the infrastructure level.
To address security concerns, powerful AI agents should be provisioned like new human employees. This means running them in a sandboxed environment on a separate machine, with their own dedicated accounts, API keys, and access tokens, rather than on a personal computer.
Using public AI models leaks sensitive corporate data, as prompts and agent traces are sent to model providers. To protect proprietary information and maintain control, enterprises may revert to costly but secure on-premise infrastructure, reversing a 20-year trend of cloud migration.
For maximum security, run different AI agents on separate physical machines (like Mac Minis). This creates a hard barrier, preventing an agent with access to sensitive data (e.g., finances) from interacting with an agent that has external communication channels (e.g., scheduling via iMessage), minimizing the risk of accidental data leaks.
A single AI agent can provide personalized and secure responses by dynamically adopting the data access permissions of the person querying it. This ensures users only see data they are authorized to view, maintaining granular governance without separate agent instances.
As autonomous agents become prevalent, they'll need a sandboxed environment to access, store, and collaborate on enterprise data. This core infrastructure must manage permissions, security, and governance, creating a new market opportunity for platforms that can serve as this trusted container.
To balance security with agility, enterprises should run two AI tracks. Let the CIO's office develop secure, custom models for sensitive data while simultaneously empowering business units like marketing to use approved, low-risk SaaS AI tools to maintain momentum and drive immediate value.
Dell's CTO acknowledges the Model Context Protocol (MCP) is powerful for agent tool access but isn't yet enterprise-grade. To manage this risk, Dell centralizes all its MCP servers into a single controlled environment, allowing them to wrap the immature protocol with robust security controls.
