At the start of this year, companies were asking “Should we deploy AI?” By December, it became “How do we govern the AI systems we’ve already deployed?” I’ve had hundreds of conversations with CISOs and security leaders, and the shift was fast and unmistakable. It showed up everywhere - board meetings, customer and prospect calls, regulatory inquiries, breach post-mortems.

The urgency is real. Enterprises know they need visibility into what data their AI systems use, where it lives and whether their documented controls prevent sensitive information from being exposed in practice. Yet over 8 out of 10 security teams still can’t find or classify their organizational data, even as 60% of them now own AI governance.

The Year Data Security Moved from Theory to Operations

The momentum we’ve experienced at Bedrock Data in 2025 reflects this massive shift. In November we announced our $25 million Series A led by Greylock Partners with participation from Mangusta Capital, Mantis Venture Capital, Pier 88 Investment Partners and others to accelerate putting data at the center of security operations at cloud and AI scale. OKThe funding is just one part of the story. What really matters is the accelerated growth and execution the funding enables on top of what we delivered to meet market demand this year.The products we shipped address what enterprises said they need:

• In March, we launched the Metadata Lake, the foundation of everything we do. It’s a centralized, continuously updated repository that automatically catalogs all enterprise data: where it lives, who can access it, its sensitivity level and more.
• We also released Bedrock Copilot to let teams interact with the Metadata Lake in natural language, and Bedrock Free for Snowflake to democratize enterprise-grade data discovery and classification for organizations’ largest data stores.
• In August, our Model Context Protocol (MCP) Server became generally available. It allows agentic AI systems to access metadata context for autonomous governance. Why? Because enterprises realized they couldn’t manually govern systems operating at machine speed. The only way to govern AI at AI speed is to give those systems real-time access to accurate data context.
• We launched ArgusAI and Natural Language Policy in November. ArgusAI automatically links AI models to their underlying datasets, performs guardrail gap analysis and enables policy enforcement in plain English. It originated directly from demand. Multiple customers repeatedly asked for it.

Hiring for High Growth

This year, we brought on Jon Engler as Vice President of Sales, Bryan Liberator as Vice President of Finance and Operations and John Coyle as Vice President of Business Development. These are hires with depth of domain expertise and breadth of experience scaling companies. Jon brings many years building sales operations in the data security space. Bryan brings the operational rigor needed to scale operations and financial discipline. John brings partnership acumen and a large network in the enterprise tech ecosystem.

I also want to recognize Jason Risch joining our board from Greylock. Jason’s experience across security, infrastructure and AI-native platforms is exactly what we need as we grow.

The common thread across these additions is operational excellence paired with strategic vision. Speed is important, but accuracy is essential when you’re building infrastructure that enterprises depend on.

Market Validation Through Industry Awards and Partnerships

This year, Bedrock Data was named to Fortune’s Top 50 Cybersecurity Companies, selected as a SINET16 Innovator and received the 2025 CODiE Award for Best AI Powered Startup. We also earned multiple Global InfoSec Awards and recognition from Intellyx and others.

We’ve established strategic partnerships with Sysdig, Wiz and Panther and will be announcing many more next year. These companies are integrating Bedrock Data’s data context from metadata lake into their platforms to extend governance across the security stack. This signals something fundamental: data context is foundational infrastructure that every security tool needs. It goes well beyond being useful for one tool or one team.

Looking Ahead

Data is what enterprises protect. It always has been. Cloud, AI and multi-environment sprawl just made that truth impossible to ignore. We’re not inventing a problem; we’re solving one that's been there all along so that enterprises can move fast without sacrificing security or compliance.

What became clear in 2025 is that periodic governance doesn’t work at cloud scale. Your data sprawls continuously and entitlements change daily. AI systems access datasets in unpredictable ways. The old model of auditing once a year leaves massive gaps in between. By the time you discover a problem in an annual review, sensitive data has likely already been exposed or misused.Our focus in 2026 is to enable enterprises with a different approach:

• Operationalize governance at the data layer - Make data visibility operational, not aspirational
• Build continuous visibility into what’s at risk - Know what's sensitive and where it’s exposed right now
• Make that visibility available to every tool and team that needs it, at petabyte scale At petabyte scale, across the entire security stack

This requires three things working together: knowing where your data is and what it contains, understanding who can access it and who should and tracing how data moves through your organization including into AI systems. Most enterprises are doing one or two of these in isolation. Rarely are all three integrated and continuous and we’re changing that.

For security leaders, this is the shift from reactive fire-fighting to proactive risk management, the kind that holds up in a breach post-mortem. For AI initiatives, it’s the difference between deploying models and deploying them responsibly.

That’s the work ahead. Let’s get to it.

Request a demo to understand your data risk and operationalize governance in 2026.