Our predictions for 2026 are grounded in what we’ve seen this year in enterprise environments: organizations struggling with data visibility as AI adoption accelerates, security teams drowning in alerts that lack context and AI leaders discovering that the infrastructure-first playbook breaks down at scale.

Below are what I, CTO Pranava Adduri and CSO George Gerchow expect in 2026. Our perspectives converge on a single operational truth: enterprises that fail to center their security and governance strategies on data will be sidelined by what next year brings.

My 2026 Predictions: The DBOM Becomes Non-Negotiable

• Post-breach liability will increase for poor data hygiene. By 2026, companies that suffer a breach without demonstrating clear understanding into their sensitive data, where it lives, how it’s accessed, and who’s responsible will face significantly higher downstream penalties. Regulators, insurers and courts will view poor data hygiene as negligence. When a breach occurs, investigators will ask what was exposed and why it wasn’t protected. If organizations can’t answer these questions, the financial and reputational damage will multiply beyond the breach itself.

• In 2026, having a Data Bill of Materials (DBOM) will emerge as a requirement for governing AI agents. Enterprises won’t be able to govern AI systems without one because they’ll need a consistent, scalable method to describe what data agents touch, under what conditions and with what risk. Without this, agent activity will remain opaque and ungovernable at enterprise scale.

• Engineering teams will own the front line of data security. In 2026, securing data begins at the point of collection or creation, not after the fact. Production systems owned by engineering will become the focal point of data security posture. Teams that monitor, tag and control data in production reduce blast radius, eliminate unmanaged exposure and provide the foundation for downstream governance. Organizations that succeed treat secure data hygiene like CI/CD hygiene: repeatable, testable and owned by engineering teams.

Pranava Adduri’s 2026 Predictions: The Retrieval Layer Becomes the Critical Control Point

• AI agents require treating data context security as the highest priority. Hyperscaler roadmaps from Microsoft to NVIDIA show the trendline for 2026 from the generative era to the agentic era, shifting from chatbots that generate text to autonomous agents that execute workflows. That means securing the logic and data that drive business decisions, not just the perimeter, will be non-optional.

• The “Autonomous Insider” threat vector requires recognizing agents as distinct operational entities, not chatbots. Security teams must treat AI agents as digital employees rather than tools. Unlike a chatbot, an agent interacts with ERPs, modifies codebases and executes financial transactions. If organizations fail to distinguish between a human user and an agent user, they will invite high-speed insider threats where an agent acts on a hallucination or prompt injection. It will compromise systems faster than a human SOC can react.

• RAG pipelines will become data supply chains requiring data classification before retrieval. The fine-tuning versus RAG debate will come to an end. Retrieval-Augmented Generation will win because agents require real-time context. However, RAG pipelines function as data supply chains. If a retrieval layer fetches a sensitive document because it was technically accessible to the user, the agent will process it. This problem only magnifies as multi-modal RAGs are onboarded where data like ID verification images and security footage are full of sensitive data and notoriously hard to detect. Data will have to be classified and filtered before it enters any agent’s context window.

• Automated data lineage will become mandatory for machine-generated data volume. Machine-generated data volume will completely exceed the ability of manual data classification to keep up. Security will have to rely on automated data lineage. When an agent reads source data marked confidential, its output will have to automatically inherit that classification. If labeling isn’t automated, a given file cannot be governed.

George Gerchow’s 2026 Predictions: Metrics and Personal Liability Define Leadership

• Data visibility will become the primary measure of security maturity. Data is no longer an afterthought protected by layers of infrastructure controls. It’s the primary security asset that demands direct visibility, classification and governance. Organizations that treat data as the foundation of their security strategy will outperform those clinging to perimeter-first models. The tipping point is already here. Organizations have already lost visibility into lower-level environments (Dev, QA, integration sandboxes) where AI-generated derivative data multiplies faster than teams can inventory it. Expect a forgotten vector database or prompt log from an AI pilot holding customer data or secrets to be left open in a development environment, causing chaos.

• Data exhaust will require Tier 1 treatment equivalent to customer data. AI-generated data will be treated with the same urgency as customer data: requiring lineage tags and time-to-live (TTL) at write, setting of 30-60 day default retention policies, use of short-lived credentials and purging of orphaned artifacts monthly.

• AI literacy will become a baseline leadership competency. Security leadership in 2026 will require fluency with AI, not just understanding AI risks but using AI to solve security problems at scale. The bifurcation will mean that leaders who turn problems into prompts and measure outcomes will thrive. Those avoiding AI tools will become unemployable. The security role itself is evolving. Leaders who see AI as a threat to their expertise will be sidelined by those who see it as a force multiplier for their teams.

• Prosecution of CSOs for AI negligence will set new accountability standards. As AI regulation increases, the primary defense against scapegoating is maintaining an auditable record of risk decisions, who owns them and how they’re being addressed. Boards will demand evidence, not promises. Criminal prosecution of CSOs for AI negligence is coming. CSOs need documented risk governance now, with clear accountability chains running to the C-suite and Board level.

Are you ready to optimize your organization’s data security initiatives for 2026? Bedrock Data helps enterprises discover, classify and govern data across their entire environment at petabyte scale. Request a demo to see for yourself how Bedrock Data enables secure, governed AI at scale.