Artificial intelligence has become a boardroom priority for Indian businesses. However, as employees adopt generative AI tools and autonomous agents gain access to enterprise information, organisations are confronting a significant security challenge: they often cannot see how AI is being used.
This visibility gap is emerging as one of the biggest obstacles to responsible enterprise AI adoption.
Bikramdeep Singh, Country Manager, Proofpoint, said businesses are under pressure to ensure that governance keeps pace with adoption, particularly as India’s data protection framework raises expectations around data resilience and accountability.
The encouraging development, according to Singh, is that Indian enterprises are not attempting to stop employees from using AI.
“They want to enable it safely,” he said.
The Visibility Problem
Employees may use public generative AI platforms to summarise documents, analyse information, write code or prepare presentations. In the process, confidential business information, personal data or intellectual property could be entered into systems that have not been approved by the organisation.
“The biggest challenge we hear from organisations is visibility. Most of them don’t know which AI tools employees are using or what data is being shared with them,” Singh said.
Proofpoint’s 2026 AI and Human Risk Landscape Report claims that India leads global AI adoption, while 63% of surveyed organisations in the country have already experienced an AI-related security incident.
The finding highlights a widening gap between the speed of AI adoption and the maturity of the controls surrounding it.
Traditional cybersecurity systems were largely designed to protect applications, endpoints and networks. Generative AI introduces another layer of risk because employees interact directly with models and can unknowingly expose sensitive information through prompts, uploaded files or automated workflows.
Trusted Data Becomes The Foundation
Singh said AI security must begin with data security.
“Data is the foundation of any AI application, so AI security has to start with data security, which provides visibility into and control over sensitive data, including PII, IP and other confidential information,” he said.
As AI agents become connected to internal platforms, the challenge will extend beyond monitoring employee behaviour. Enterprises will also have to understand which information agents can access, what actions they can perform and how their decisions are recorded.
This will require a unified strategy covering people, enterprise data, AI platforms, cloud services and business applications.
Also read: AI Appreciation Day 2026: Why The Industry Is Looking Beyond Celebration
Governance should not be viewed as a mechanism for slowing innovation, Singh argued. Effective controls can instead give employees the confidence to use approved AI tools productively.
The next phase of enterprise AI will therefore depend not only on the intelligence of models but also on the ability of organisations to track how those models interact with people and data.
Enterprises that close this visibility gap could turn responsible AI adoption into a competitive advantage. Those that fail to do so may discover that their most immediate AI risk is not the model itself, but the information quietly flowing into it.
Leave a comment