Key point: AI assistants frequently ignore existing permission structures when accessing enterprise data, exposing sensitive information that should not be accessible to individual users.
Many enterprise-owned AI assistants and generative AI platforms do not consistently respect existing permission structures, thereby exposing sensitive information that individual users should not have access to. The problem often goes unnoticed and represents a central risk in AI implementations within enterprises.
Enterprises are increasingly deploying AI assistants to support employees with rapid answers based on internal documents, emails, and files. However, practice reveals a significant security problem: the AI systems analyze large volumes of data centrally and generate answers without consistently adhering to existing access restrictions. While classic IT infrastructure such as Active Directory or SharePoint enforces strictly defined permission structures built up over years, these boundaries are partly lost in AI platforms.
The core technical problem lies in the architecture of modern cloud AI systems. Data from various sources are consolidated in so-called vector indexes to enable faster searches. During this process, permission structures are frequently transferred only incompletely or not at all. This results in situations where an employee gains access to salary information, internal evaluations, or strategic planning that were not actually intended for them. Microsoft itself warns of oversharing as one of the greatest implementation risks for Copilot for Microsoft 365. Concentric AI points out that in many enterprises, a substantial portion of business-critical files are shared too broadly. Additionally, delays arise in updating permissions within AI systems, which can lead to temporary data leaks even after formal rights adjustments.
Particularly critical is the fact that these processes typically remain unnoticed – there are no warning messages and no visible indication of unauthorized information disclosure. As a solution approach, local AI systems are being promoted that do not redefine permissions but automatically and directly inherit them from source systems such as Active Directory or LDAP. This would result in two employees receiving different answers to the same question, depending on their respective access rights – the AI would present content only if the user is authorized to access it.
Source: www.it-daily.net · Published June 3, 2026
Lumi AI News — AI-assisted curation pursuant to Art. 50 EU AI Act. Paraphrasing and classification by Lumi News Pipeline v1.2.9.