Features
The DLP survival guide
AI turned the prompt box into the biggest data exit point in the enterprise, yet most security teams are still watching the door.
01 July 2026
Something you'll hear again and again in the security sector is that you cannot protect what you cannot see, and for years, that meant knowing where your data was stored and who had access to it. But the way data moves has changed, and data loss prevention (DLP) tools have not kept up. According to Zscaler ThreatLabz’ ‘2026 AI Security Report’, ChatGPT generated 410mn DLP policy violations last year, a 99.3% year-on-year increase, and these were only the violations that existing tools could detect. The problem is not that organisations have ignored DLP. Many companies have existing policies in place and have invested significantly in tooling. The issue is that DLP was designed to catch data moving into files – through email attachments, USB drives and cloud synch – so when an employee pastes a quarterly forecast or a client list into a free-tier AI account, none of those controls apply. The transfer disappears into encrypted web traffic and the security stack reports all clear.
“The biggest DLP mistake is trying to enforce control before establishing reliable visibility,” says Subhalakshmi Ganapathy, chief IT security evangelist at ManageEngine. “Many organisations roll out policies quickly, but they still don’t have an accurate, living inventory of where sensitive data actually sits.” According to ManageEngine research, unstructured data doubles every two to three years. This means that organisations still treating classification as a periodic exercise have already fallen behind. With data growing faster than the scans that are supposed to find it, Ganapathy says the answer is not more scans, but a continuous, automated approach that prioritises the highest-risk data and the most exposed movement paths rather than attempting to cover everything at once. “When discovery is incomplete, DLP controls become selective by default, and selective protection creates predictable blind spots,” she says.
ITWeb Premium
Get 3 months of unlimited access
No credit card. No obligation.
