Securing Your Internal Knowledge Amidst Shadow AI
The graph provides the same advantages for specific regulatory frameworks, security policies, and business rules. These boons can help compliance and governance personnel implement access controls, as well as dynamic agents tasked with the same thing. According to Franz CEO Jans Aasman, “The rise of Policy-as-Knowledge—encoding HIPAA, SOX, CMS, and AML rules as machine-checkable logic—will transform how AI agents act within regulated workflows. Instead of relying on human reviews or ad hoc filters, autonomous systems will reason over encoded policies before executing an action, much like compilers enforcing syntax before code runs.”
Knowledge Graphs
The reasoning Aasman mentioned is one of the premier benefits of storing metadata about knowledge assets in a semantic knowledge graph. Although, to a lesser extent, this benefit extends to property graphs. Coupling this nonstatistical form of AI (typified by rulesbased systems and logic) with statistical AI (exemplified by language models) produces substantial gains for securing internal knowledge. The tandem is commonly referred to as neuro-symbolic AI, which is primed for models reasoning over data security rules.
“Neuro-symbolic AI links language models to ontologies, rules, and provenance graphs, enabling real-time validation of whether a decision complies with institutional or legal frameworks,” Aasman observed. These capabilities can ensure that AI agents adhere to established data governance stipulations. They’re also useful for humans accessing or sharing information within and between different departments. Thus, “You know, for example, if you should be shipping a particular piece of content to a particular customer,” Grout remarked.
Overcoming Shadow AI
Incorporating knowledge graphs to manage the metadata obtained during the data discovery process has the added benefit of helping organizations overcome shadow AI, in which individuals use AI systems that haven’t been approved by their organizations. With the neuro-symbolic AI approach Aasman referenced, “LLMs will be the language layer, and neuro-symbolic is the cognitive operating system, governance reasoning layer. Symbolic structures will govern what agents know, can do, and must not do.” LLMs are the interface for users interacting with the knowledge graph. However, the symbolic structures (rules, ontologies, etc.) are primed for constraining the answers of retrieval-augmented generation (RAG) systems and language model interactions for question-answering, summarization, synthesis, and more.
This approach “grounds the AI workflow into a knowledge graph, which has business objects and documents,” Grout revealed. “The ability to do multi-hop reasoning really means people trust the response. They won’t want to go outside of your business and do something crazy with your information.” Moreover, the ability for these intelligent systems to perform multistep reasoning is helpful for determining toxic combinations of content, in which individual documents or embeddings are innocuous, but, when combined, present considerable security issues. “If a specific role can have access to three different documents and use those documents together to work out or imply something is commercially sensitive or secret, we can make it so you can navigate through that and not show them the other document,” Grout commented.