Need a little productivity boost? Join our monthly newsletter and we'll go/link you to the latest tips and trends in tech!
There’s a question that keeps surfacing in boardrooms, security reviews, and vendor evaluations across the enterprise world — and it has nothing to do with which AI model is smartest or which product has the best interface.
The question is simpler, and far more consequential: Who can see what?
As AI becomes woven into the daily fabric of enterprise work — surfacing documents, answering questions, executing tasks — the old assumptions about data access are breaking down. Legacy systems were built to control what humans could reach. Now AI agents are reaching, too. And the organizations that don’t architect their AI around permissions from day one are discovering the hard way that a powerful AI with the wrong access controls isn’t an advantage. It’s a liability.
Across our AI Innovators series, leaders with deep enterprise experience have arrived at the same conclusion: data access architecture isn’t a technical detail. It’s the foundation that enterprise AI either stands on or collapses under.
The Question Security Teams Are Really Asking About Enterprise AI Permissions
Enterprise AI adoption has a bottleneck, and it isn’t budget or enthusiasm. It’s security. As organizations race to deploy AI across their workflows, security teams have become the critical checkpoint — and many AI products aren’t built to pass it. They promise productivity gains, but carry a question no one wants to answer: what happens to the data? Enterprise AI permissions — who sees what, when, and why — have become the critical variable.
For AI innovator Jorge Zamora, CEO & Founder of GoLinks and GoSearch, the insight into why so many tools fail at that checkpoint didn’t come from a product roadmap. It came from time spent sitting on the side of the table that decides whether a product gets approved or rejected.
That vantage point offers something most AI builders never get: a direct window into how security organizations actually think, what keeps them up at night, and exactly where deals fall apart.
“Competition isn’t brand versus brand. The real question is, who understands enterprise data, permissions, and security well enough to build AI that works in the real world?”
— Jorge Zamora, CEO, Founder at GoSearch
The pattern is consistent. Enterprise tools don’t fail security reviews because the underlying idea is wrong. They fail because the implementation doesn’t respect how security organizations actually operate. Permissioning models that look clean in a demo unravel when tested against the messy, layered reality of how large enterprises manage access across dozens of systems and thousands of users.
The goal: AI that mirrors the exact access a user already has, in real time, without asking security teams to make uncomfortable compromises.
“Real-time” matters more than it sounds. Most enterprise search tools take a permissions snapshot — indexing documents once and locking in access rules at that moment. But access rights change constantly. Employees come and go. Projects end. Deals close. A snapshot from last week can be dangerously out of date today. Real-time permissioning means the AI always reflects who should actually see what, right now.
The Data Replication Trap
Romain Sestier, co-founder and CEO of StackOne, knows this problem from both sides. As an integration platform, StackOne must earn the trust of security-conscious enterprise customers — while also evaluating the tools his own team relies on. That dual perspective has made him sharply attuned to where enterprise AI creates hidden risk.
His concern centers on a practice that has become surprisingly common in enterprise AI search: data replication. Many tools work by pulling data from connected systems and creating an internal copy — the logic being that a centralized index makes search faster and more comprehensive. The problem is that a third party now holds a replica of your organization’s most sensitive information.
“Pay attention to where your data is being replicated and its supply chain. This is especially true for your organization’s most sensitive data, such as employee, customer, and business information.”
— Romain Sestier, Co-Founder and CEO of StackOne
This is not merely a theoretical concern. When a vendor stores a replica of your data, you’ve effectively extended your security perimeter to include their infrastructure, their security practices, their incident response procedures, and their compliance posture. A breach at that vendor is now your breach. A subpoena to that vendor may reach your documents. A policy change by that vendor about how they train their models could affect data you thought was protected.
Sestier draws a direct contrast between two architectural philosophies, and argues they are not equally risky:
“The more data you connect to, the more complexity you bring to access controls. Making sure that you build your software from the ground up to be as zero-trust as possible — limiting the amount of data you replicate, access, or share — helps, versus building software that, by default, shares everything and having to restrict access.”
— Romain Sestier, Co-Founder and CEO of StackOne
In security architecture, this isn’t a new debate — it has always been safer to build toward minimum necessary access than to retroactively constrain a system designed to share freely. Enterprise AI is arriving at the same conclusion.
Sestier notes that this is increasingly not just a philosophical preference — it’s a procurement requirement. The sensitivity of enterprise buyers to data access is growing, and CISOs are asking harder questions earlier in the sales process. Tools that can demonstrate zero-data-retention by design, rather than as a policy promise, are earning trust that others cannot.
Why Enterprise AI Permissions Can’t Be an Afterthought
Vikas Bhambri, SVP, Americas at Yellow.ai, has spent three decades leading technology organizations through major platform shifts — from client-server to SaaS, from SaaS to cloud, and now into the AI era. Each transition, he notes, taught the same lesson: organizations that treated the new paradigm’s guardrails as an afterthought paid for it later.
With AI, the stakes are higher. AI systems don’t just retrieve data — they act on it. They draft communications, update records, schedule events, and execute workflows on behalf of users. When an AI agent does something with data it shouldn’t have seen, the consequences aren’t just a compliance violation. They’re a breach of the trust that AI adoption depends on.
“Security and governance can’t be afterthoughts — they need to be built into every stage of AI adoption. The key is purpose-based access, which grants AI systems only the data they need for a specific function.”
— Vikas Bhambri, SVP, Americas, Yellow.ai
Purpose-based access is a meaningful evolution beyond role-based access control. Role-based systems ask: what is this person allowed to see? Purpose-based systems add a second question: what does this specific AI function actually need to see? The answers are often different. An AI agent helping a salesperson find competitive intelligence doesn’t need access to HR records, even if the salesperson technically does. Scoping AI permissions to purpose — not just role — is how responsible deployments are built.
Emerging standards like Model Context Protocol (MCP) point toward part of the long-term solution. MCP provides a standardized way for AI systems to share context and data across tools without exposing sensitive information beyond what a given interaction requires. It’s not a complete answer to the permissions problem — but it’s a meaningful step toward an architecture where AI agents can be both capable and appropriately constrained.
“Frameworks like Model Context Protocol are helping standardize how data is shared safely between tools and agents. That’s the future — AI systems that can collaborate across platforms without exposing sensitive data. The companies that invest in strong governance now will move faster and more confidently later.”
— Vikas Bhambri, SVP, Americas, Yellow.ai
Governance isn’t a constraint on AI ambition — it’s what makes ambition sustainable. Organizations that establish rigorous AI governance frameworks early build the internal confidence and external trust to move faster over time. Those that skip governance to accelerate initial deployment often find themselves slowing down later, as incidents erode confidence and trigger remediation cycles that cost far more than the time they saved.
What Federated Actually Means — and Why It Matters for Enterprise AI Permissions
The term “federated search” has been in the enterprise vocabulary for years, but AI has given it new significance. In the context of AI-powered search, federated means queries are sent to source systems in real time, and results are returned without the underlying data ever being copied or stored by the search platform itself.
This stands in contrast to indexed search, where content is crawled, replicated, and stored centrally. Indexed search can be faster for certain query types — but it carries all the data residency and permissions risks these leaders caution against. Federated search preserves the source system as the system of record — and preserves the source system’s access controls as the authority on who sees what.
For enterprise AI, the federated approach means something additional: answers are grounded in the current state of the underlying data, with current permissions applied at query time. There’s no lag between when access is revoked and when the AI stops surfacing that content. The permission change is immediate — because the AI never held the data to begin with. It only ever had a query result, issued on behalf of a user whose access was verified at that moment.
Not a nightly sync. Not a weekly reindex. Real-time.
The Boardroom Conversation Is Already Happening
For a long time, discussions about AI permissioning and data architecture were confined to security teams and infrastructure engineers. That has changed. The leaders in our AI Innovators series are engaging these questions at the strategic level — because the stakes have risen to meet them.
The reason is straightforward: AI has made data access a business risk in a way it wasn’t before. When the worst that could happen was a human accidentally viewing a document they shouldn’t have, the exposure was limited and the remediation was clear. When an AI agent incorporates restricted information into an answer surfaced to hundreds of employees — or acts on data it was never meant to see — the exposure is harder to contain, and the trust damage is harder to repair.
Enterprise leaders are beginning to evaluate AI vendors not just on features and accuracy, but on more fundamental questions: how data moves through the system, where it lives, and whether the architecture was designed from the ground up to respect the boundaries their organizations require.
The permissions problem is no longer a niche concern for security teams. It’s a central question for anyone making decisions about enterprise AI.
And as these innovators make clear: the answer has to be built in, not bolted on.
Search across all your apps for instant AI answers with GoSearch
Emily Deuser is Content Manager at GoLinks, GoSearch, and GoProfiles, where she helps enterprise teams cut through the noise around workplace AI and find tools that actually make knowledge accessible. She specializes in turning complex productivity challenges into clear, actionable guidance that helps teams work smarter every day.
GoSearch now supports GPT-5.5 for enterprise — OpenAI's most capable model yet. Select GPT-5.5 across enterprise search, AI chat, agents, and workflows, alongside the latest Anthropic and Gemini models, in a single governed AI platform.
