New capabilities extend governance across AI agents, data access infrastructure and enterprise data, helping organizations scale AI while proactively containing exposure

Bedrock Data’s analysis of this Snowflake Cortex AI Agent shows that several sensitive data types related to marketing and sales are exposed to the model and could be returned as a response to user queries.

SAN MATEO, Calif.--(BUSINESS WIRE)--Bedrock Data, the platform provider for data-centric security, governance and management, today announced a significant expansion of Bedrock Data ArgusAI. Originally launched to map AI systems to their data and validate guardrails, ArgusAI now governs what Bedrock Data defines as the enterprise AI risk surface, the full exposure chain created across three core components: the AI agents enterprises are deploying, the Model Context Protocol (MCP) servers and connectors that broker their access to enterprise systems and data, and the sensitive data those systems can retrieve, index and act upon. As part of this expansion, Bedrock Data is also releasing its own MCP server that gives enterprise AI workflows direct access to data risk context from the Bedrock Metadata Lake.

Bedrock Data ArgusAI gives teams a complete map of the AI footprint so they can govern the AI risk surface end to end and scale innovation without increasing exposure.
Share

“AI introduces non-deterministic data access patterns that traditional security tools weren’t built to govern. Organizations need a clearer view of how AI systems interact with enterprise data to manage emerging risk,” said Jason English, Director and Principal Analyst, and CMO at Intellyx.

Gartner predicts that by 2028, 25% of enterprise breaches will be traced back to AI agent abuse, yet most security teams still have no systematic way to see what their agents can reach, through which services or with what entitlements. According to Bedrock Data’s 2025 Enterprise Data Security Confidence Index, 60% of security teams have taken on AI governance responsibilities while 53% still lack real-time visibility into their sensitive data assets. Without a clear map of the AI risk exposure chain, security teams cannot reliably limit the blast radius as AI adoption accelerates.

“As enterprises operationalize AI, risk is defined by what those systems can access,” said Bruno Kurtic, CEO and co-founder of Bedrock Data. “If you don’t know what data your agents can access, through which MCP servers, under which identities and with which entitlements, you can’t govern them. ArgusAI gives teams a complete map of the AI footprint so they can govern the AI risk surface end to end and scale innovation without increasing exposure.”

ArgusAI Maps and Governs the Full AI Risk Surface

Traditional security and DSPM tools were built before AI agents began accessing enterprise data at scale. They may discover sensitive data, but they were not designed to map the relationships among agents, access paths and permissions into a unified view of the AI risk surface.

Built on Bedrock’s Metadata Lake, ArgusAI maps agents, infrastructure, entitlements and enterprise data into a unified exposure map, allowing organizations to understand and contain the risk created by enterprise AI systems. At the core of this capability is Bedrock's Data Bill of Materials (DBOM), a continuously updated inventory of every data asset connected to an AI system, including its categorization, sensitivity classification, entitlement chain, regulatory context and lineage. The DBOM provides the evidentiary foundation that transforms AI governance from assumptions into verifiable, auditable intelligence.

Governing the AI Data Access Infrastructure: ArgusAI MCP Server Discovery

The data access infrastructure determines how AI agents connect to enterprise systems and permissions govern their access to data. MCP is rapidly becoming a connective backbone between AI agents and enterprise data. As MCP adoption grows, so does the potential for unintended exposure through misconfigured roles, shadow MCP servers and over-permissive access paths.

ArgusAI MCP Server Discovery governs this access through three core capabilities:

• Automated MCP infrastructure discovery and exposure mapping automatically identifies MCP endpoints across cloud environments and enriches that discovery with data sensitivity classification and entitlement analysis. ArgusAI maps agent-to-MCP-to-role-to-data relationships so security teams can see what AI systems can actually access.
• Sensitive data exposure detection with prebuilt policies correlates MCP infrastructure with underlying data permissions to surface exposure paths traditional cloud or identity reviews often miss. Prebuilt policies detect when MCP-connected services can access regulated, proprietary or customer-sensitive data.
• Continuous monitoring of infrastructure and permission drift continuously monitors emerging exposure paths as AI usage expands, new MCP servers are created and data environments evolve, helping security teams proactively manage the AI risk surface before exposure becomes an incident.

“AI risk isn’t defined by a single endpoint or service, it’s defined by the chain of connectivity between agents, infrastructure, roles and data,” said Pranava Adduri, CTO and co-founder of Bedrock Data. “ArgusAI synthesizes those layers into a unified exposure model so security teams can see not just what’s deployed, but what it can actually access. That architectural context is what makes governing the AI risk surface possible.”

Governing the Enterprise Data Used By AI Systems: ArgusAI for Snowflake Cortex

Snowflake Cortex Search and Cortex Analyst enables organizations to build semantic search and retrieval experiences over data stored in Snowflake providing data to AI agents, copilots and AI assistants. As teams index new datasets, sensitive data can enter AI retrieval pipelines without security review.

Building on Bedrock Data’s existing Snowflake data classification, lineage and entitlement analysis, ArgusAI now extends that intelligence directly to the managed Snowflake Cortex Search services. As part of a broader strategic relationship with Snowflake, also announced today, ArgusAI now expands governance to Snowflake Cortex Search and Cortex Analyst. The platform discovers Snowflake Cortex Search services, applies data sensitivity and access context to those retrieval systems, and gives security, governance and AI teams clear visibility into what enterprise data AI services can retrieve and return. Initial capabilities include:

• Discovery of managed Snowflake Cortex Search and Cortex Analyst services and Indexed Data automatically discovers Snowflake Cortex Search and Analyst services and identifies the datasets indexed into AI data retrieval systems, providing visibility into which warehouse data is within scope of AI-powered search and RAG applications.
• Entitlement and access correlation correlates Snowflake Cortex services with role-based access and underlying data permissions to reveal which users, agents or applications can indirectly access sensitive data through AI search – exposure that standard access reviews do not surface.
• AI Data exposure detection and continuous monitoring flags overexposure or entitlement gaps so teams can remediate access paths and ensure appropriate controls are in place. By continuously monitoring new services, indexing changes and permission shifts, governance scales alongside AI adoption.

In one case, a global retailer expanded its internal AI search assistant by indexing additional datasets to improve results, including customer analytics tables. Over time, the security team realized they lacked a systematic way to track which datasets were being incorporated into AI retrieval services and whether sensitive customer information was now within scope. During a posture review, ArgusAI's Data Bill of Materials (DBOM) revealed that a Snowflake Cortex-powered Search service had indexed customer loyalty tables containing PII that were never intended to be surfaced in AI responses. The DBOM provided the classification, entitlement and lineage context needed to adjust indexing scope within hours. Rather than pausing the AI search initiative, the team adjusted indexing scope within hours reducing potential exposure while continuing to scale AI adoption.

“Boards are demanding rapid AI adoption. Security teams are the ones accountable for the risk it creates. Security leaders aren’t worried about one model or one project. They’re worried about not knowing which datasets are being indexed, surfaced or connected to AI systems across the enterprise. Without continuous visibility into that exposure, organizations are scaling AI while flying blind on risk. ArgusAI brings governance to that data layer so teams can eliminate blind spots so security teams can make risk-informed decisions about what to enable, for whom and under what conditions,” continued Kurtic.

Bedrock Data MCP Server Makes Data Risk Context Accessible to Enterprise AI Workflows

As enterprises embed AI into internal workflows such as access reviews, incident response, remediation and data operations, those systems increasingly make decisions that affect the enterprise AI risk surface. Without authoritative data risk context, AI-driven automation operates without full awareness of where sensitive data resides or how it is permissioned.

Bedrock Data’s MCP Server allows organizations to embed governance directly into those AI-powered workflows. It exposes the Bedrock Metadata Lake, data categorization, classification and exposure intelligence through a standard MCP interface that AI systems can query directly.

This enables enterprise AI workflows to access trusted data risk insights in real time, understanding where sensitive data resides, how it is classified and which roles can access it, before taking action. By making governance intelligence programmatically available, organizations move from reviewing AI-driven decisions after the fact to embedding exposure awareness directly into automated processes. The result is consistent, organization-wide data awareness across AI-powered workflows without adding new operational overhead.

“AI is increasingly making operational decisions within the enterprise, including access reviews, remediation, incident response, and more. MCP is the interface those systems use to access enterprise data. If the workflows on the other side of that interface don’t understand where sensitive data lives or how access is structured, they’re automating without guardrails. By making data risk intelligence directly consumable through MCP, Bedrock Data ensures governance is embedded in the workflow itself rather than bolted on after the fact,” said Harold Byun, Chief Product Officer at Bluerock.

ArgusAI MCP Server Discovery, Snowflake Cortex governance and the MCP Server are available now within the Bedrock Data platform.

Industry Recognition and Availability

The Bedrock Data platform continues to gain industry accolades with its latest recognition from the CUBE Tech Innovation Award for Most Innovative Data Protection Solution. ArgusAI was separately awarded theCUBE Tech Innovation Award for Most Innovative AI-Powered Data Protection Solution.

Additional Resources

• Meet with Bedrock Data at RSAC 2026
• Request a Bedrock Data platform demo
• Visit the Bedrock Data blog
• Follow Bedrock Data on LinkedIn, X and Bluesky

About Bedrock Data

Bedrock Data delivers continuous, context-driven security and governance for enterprise data across private cloud, IaaS, PaaS, SaaS and AI environments. Powered by its patented Metadata Lake and Serverless Outpost architecture, Bedrock Data autonomously discovers, classifies and contextualizes data in place without moving it outside customer boundaries. Its open, API-first design integrates with existing platforms and enables natural-language policy enforcement, AI governance and automated remediation at enterprise scale. Global leaders in technology, finance, healthcare and biotech rely on Bedrock Data to make data security operational. Learn more at bedrockdata.ai.