Skip to content
Demo
Data security Product

From Architectural Break to Practical Reality: How Bonfy Brings AI‑Native Data Security to Life

Vishnu Varma
Vishnu Varma

In his recent Substack article, The Architectural Break That Creates AI Data Security, our CEO and Co‑Founder, Gidi Cohen, describes a shift that has been quietly reshaping enterprise risk for the past two years. It’s a shift many security teams feel intuitively but haven’t yet named: the traditional architecture of data security (data at rest, data in motion, data in use) is no longer aligned with how information is actually created and how it flows, inside AI‑driven organizations.

For decades, that model worked because the world it governed was stable. Humans created documents, humans sent emails, humans uploaded files, and humans made mistakes. Data moved in discrete objects across predictable workflows. Controls like classification, labeling, access management, and DLP were designed for that environment, and for a long time, they delivered meaningful protection.

But as Gidi argues, the assumptions beneath that architecture are breaking. Not because the controls are wrong, but because the environment has changed faster than the architecture can adapt.

At Bonfy, we’ve been building for this moment from the beginning. And with the launch of Bonfy ACS V2, the architectural break Gidi describes becomes something enterprises can finally address, not in theory, but in practice.

AI Has Shifted the Center of Gravity

The most important insight from Gidi’s article is that AI hasn’t simply increased the volume of data or the speed of workflows. It has fundamentally changed where risk emerges, where thinking is done, where reasoning is born!

In traditional environments, “data in use” meant a person opening a file, copying text, pasting into a browser, or sending an email. The risk was tied to human actions and human errors.

In AI‑driven environments, “data in use” looks nothing like that. AI systems now routinely decompose content, retrieve fragments, recombine information, infer new attributes, and generate entirely new outputs. The sensitivity of that information is no longer intrinsic—it’s contextual. The same piece of data may be harmless in one interaction and a policy violation in another, depending on who or what is requesting it and how it is being assembled.

This is the heart of the architectural break: risk is created during generation, not only during access or movement.

And that means the control plane must shift as well.

Why Traditional Controls Struggle in AI Workflows

Gidi’s article points out something security teams are already experiencing: the tools built for human‑paced workflows are under strain in machine‑paced environments.

AI systems operate continuously, not in discrete events. They make decisions in milliseconds. They propagate mistakes instantly. They generate content that may be partially correct, partially inferred, and partially hallucinated. And they do all of this across multiple channels: email, SaaS apps, collaboration tools, copilots, custom LLM apps, and increasingly, autonomous agents.

Traditional DLP and DSPM architectures weren’t designed for this. They assume static objects, deterministic processing, and predictable movement. They rely on post‑event investigation or selective inline enforcement. They treat each channel as a separate domain.

AI collapses all of those boundaries.

A single workflow may retrieve data from a store, process it inside a model, enrich it via an external service, generate new content, and distribute it through a collaboration tool, all in seconds, without a human ever touching the data.

Risk emerges across these transitions, not neatly within one control layer.

This is why multi‑channel, context‑aware, entity‑aware security is no longer optional. It’s foundational.

Bonfy ACS V2: Turning the Architectural Break Into a New Architecture

Bonfy ACS V2 was built specifically for the world Gidi describes. It’s not an incremental update or a new feature set, it’s a second‑generation platform designed for AI‑native data security.

At its core is a unified, multi‑channel architecture that treats email, SaaS apps, collaboration tools, AI systems, custom GenAI apps, browser‑based Shadow AI, and now AI agents as parts of a single data ecosystem. One engine analyzes content. One knowledge graph provides business and entity context. One policy plane governs both human and AI‑driven actions. Combined, it’s that security conscience that agents need to operate securely; it's that instinct which we humans have developed with time and experience.

This matters because AI workflows don’t respect channel boundaries. A copilot may pull from SharePoint, summarize content, enrich it with CRM data, and send it through email. An agent may retrieve information, call external MCP servers, generate a response, and trigger downstream automations. A browser‑based assistant may extract sensitive content and send it to an external model.

Bonfy ACS V2 sees all of it as one continuous flow, and governs it accordingly.

The Breakthrough: Data‑in‑Use Inspection for AI Agents

Perhaps the clearest example of the architectural shift is Bonfy’s new MCP Server capability. In his article, Gidi explains why AI agents represent the next major expansion of enterprise risk: they read, write, infer, and act autonomously. They can access multiple systems, call external tools, and generate content without human oversight.

Traditional controls can’t see inside the agent’s reasoning loop. Bonfy ACS V2 can.

With our MCP Server, agents can now call Bonfy during their reasoning process to inspect content in real time. They can verify whether a summary contains PII, whether retrieved content violates a trust boundary, or whether an outbound action would expose sensitive information. The agent can then adjust its behavior based on Bonfy’s response.

This completes the control model:

  • Input control: governing what the agent can see
  • Output control: governing what the agent produces
  • Data‑in‑use control: governing what the agent does while thinking
  • a second‑generation, low‑latency architecture
  • a unified, entity‑aware analysis engine
  • multi‑channel visibility and enforcement
  • inline controls at the moment of generation
  • a single policy plane for humans and AI actors

This is the architectural break, implemented.

From Concept to Capability

Gidi’s article describes the shift. Bonfy ACS V2 operationalizes it.

It brings together:

This is what AI‑native data security looks like, not a new category layered on top of old ones, but a rethinking of where the control plane must live.

The Future Is Already Here

As Gidi writes, the familiar categories of data at rest, in motion, and in use still matter. But “in use” now means something fundamentally different. In a world where humans, copilots, and autonomous systems continuously assemble and generate information, security must evolve from protecting where data lives to governing how information is created.

Bonfy ACS V2 is built for that world.

And it’s available now. Contact us to learn more. 

Share this post