TL;DR: Zero Trust implementations focus on network segmentation while ignoring data classification. AI tools are generating exponentially more unclassified data that bypasses traditional ZT controls. Organizations need data-centric Zero Trust, not just network-centric architecture.

I’ve spent the last few years implementing Zero Trust across multiple enterprise environments. The pattern is always the same: we segment the network, deploy micro-perimeters, enforce least privilege on infrastructure access, and call it done. Then someone asks “where’s our customer data?” and we realize we have no idea what data exists, where it lives, or who can access it.

Zero Trust is supposed to eliminate implicit trust. But if you don’t know what data you’re protecting, you’re still operating on assumptions. The network-first approach treats data as a static asset to be walled off. It’s not. Data moves. It gets copied, transformed, shared, and cached. NIST SP 800-207 defines Zero Trust around identity, device, network, application, and data — but most implementations stop at network.

AI is making this worse. Every organization is experimenting with LLMs for customer service, document processing, code generation, and analysis. These tools ingest data, generate new data, and produce outputs that get stored in databases, wikis, and chat logs. Most of it is unclassified. Some of it is sensitive. None of it is tagged in a way that your Zero Trust controls can see.

I’ve seen this firsthand. An engineering team spins up ChatGPT Enterprise to help with documentation. They paste code snippets, architecture diagrams, and customer scenarios into prompts. The outputs get saved to Notion. The Notion workspace is accessible to the entire engineering org. Zero Trust controls on the network did nothing to prevent this — because they operate at the wrong layer.

Data-centric Zero Trust means classification at creation. If a document is tagged as “confidential” when it’s written, that tag follows it through transformations, copies, and integrations. Access policies enforce on the tag, not the network location. Gartner’s Data Security Posture Management (DSPM) frameworks push this direction, but implementation is still immature.

The solution isn’t to ban AI tools. It’s to treat data as a first-class citizen in your Zero Trust architecture. Start with discovery: what data exists, where, and who touches it. Then classify: sensitive, confidential, public. Then enforce: access tied to classification, not network boundary. AI tools should operate within this model, not around it.

Most organizations aren’t there yet. They’re still trying to lock down the perimeter while data flows through API calls, SaaS tools, and AI integrations. If you’re implementing Zero Trust and haven’t tackled data classification, you’re building the wrong thing.

Sources