Garbage In, Risk Out: Why AI Security Starts with Data Integrity
Key Highlights
- AI's effectiveness is directly tied to the quality and relevance of the data it accesses, making data governance essential for success.
- Messy or ROT data not only hampers AI accuracy but also introduces significant security and regulatory risks, including the risk of cyberattacks.
- Organizations must proactively cleanse and control their data to ensure AI outputs are reliable, explainable, and compliant with evolving regulations.
- Custom AI pilots require careful oversight to avoid pulling in irrelevant or insecure data, which can lead to unreliable results and security vulnerabilities.
- Early investment in data quality and governance can transform AI initiatives from costly failures into strategic assets, safeguarding against future risks.
AI is increasingly integrated into organizations, whether through enterprise accounts for popular Large Language Models (LLMs) or through custom-built pilots. It has now evolved past being just a productivity tool into a trusted ‘employee.’ However, like any other new employee, AI doesn’t know everything and needs clear guidance to work correctly. Without proper planning, organizations might receive AI-generated outputs that look great at first glance but are, too often, built from ‘messy data’ that compromises both accuracy and security.
AI cannot create something out of nothing. An organization’s AI output depends solely on whether the organization has provided AI access to valid, uncompromised and relevant data. If AI integrates with a massive repository of irrelevant data, it will grasp at anything it can find that’s even remotely relevant to its queries, creating not just inaccurate outputs but also a real security and regulatory risk.
If organizations proactively plot the best path through this data to align with broader risk management requirements and give AI only the data it needs, then this new ‘employee’ can transform outputs for the better.
If AI integrates with a massive repository of irrelevant data, it will latch onto anything it can find that’s even remotely relevant to its queries, creating not just inaccurate outputs but also real security and regulatory risks.
AI is Only as Good as Its Data
For most users, AI might seem to work like magic, since an LLM can almost instantly respond to a question with a seemingly intelligent and well-researched answer. But AI doesn’t create something from nothing, and it’s not magic, which brings us to the main issue – the data itself.
To generate useful answers, AI needs access to valid, uncompromised and, most importantly, relevant data. However, providing this clean data remains a major challenge for adopting organizational AI. According to a recent MIT report, 95% of genAI business pilots are seeing zero returns. Considering that AI is only as good as the data that underpins it, it wouldn’t be a surprise if a big part of the AI pilot failure stems from organizations pulling from a well of data poisoned by redundant, obsolete, or trivial (ROT) data.
This challenge is only becoming more difficult as data volume skyrockets. It's estimated that we created, captured, copied and consumed about 181 zettabytes of data globally last year alone. Because most organizations today lack a full picture of their data estate, this pattern allows ROT data to accumulate in the background. And now, as organizations start to leverage their data for AI, that ROT data is holding back their AI development and introducing security risks without them realizing the downstream consequences.
Additionally, creating custom internal AI pilots is highly complicated and requires a more hands-on approach. While off-the-shelf AI tools may include built-in guardrails and are relatively straightforward to deploy, custom-built pilots require significantly more oversight. They must navigate complex business rules, evolving datasets and continuous tuning to ensure relevance and accuracy. Without strong data governance, these systems often pull in ROT data, leading to unreliable outputs and stalled pilot programs.
Spreading ROT Becomes a Security Risk
The risks associated with poor data quality extend far beyond inaccurate outputs. Without firm and precise guardrails specifying which data AI can pull from, organizations running custom AIs not only receive incorrect outputs, but also discover what’s at stake when ROT spreads. ROT data, once introduced to AI systems as a credible source, can poison AI pilots and mutate into wider security concerns.
A lack of data visibility can have a profound impact on cybersecurity. Instead of putting in the groundwork to ensure visibility, organizations might grant AI access to all data as a kind of free-for-all pass. Not only does that create slow and ineffective AI, but it also creates a form of centralized privilege that could become an effective attack vector if placed in the wrong hands. Organizational and IT leaders are beginning to understand this threat, and according to a recent survey, 29% of them dread AI-related risks in the year ahead.
As businesses realize this risk, attackers are close behind. Once they’ve perfected a method for attacking AI tools, they can use them as a landing point to attack the entire infrastructure, much as they would with overly privileged identities today. Cyberattacks can happen at unforgiving speed, as according to a recent report, the average time it takes for an attacker to gain system access, exfiltrate data and demand ransom is only 24 hours.
The fragmented state of global AI regulation adds another layer of risk. Without consistent or immediate regulatory pressure, AI governance can slip down the priority list. This creates a false sense of security. In reality, organizations are building AI systems without full visibility into the data behind them, leaving them exposed and unprepared as compliance requirements inevitably catch up.
Cut Away ROT for Explainability, Compliance and Success
Organizations cannot afford to wait for these risks to materialize fully. The most effective approach is to address them early by ensuring that data is clean, controlled and well understood before expanding AI initiatives.
So, rather than waiting for these cybersecurity and compliance concerns to mature, it's best to get ahead of them and ensure that all data is clean, controlled and secure. As regulation catches up with AI, one requirement will define success: explainability.
Unless organizations can both navigate and clearly explain the ins and outs of their data and AI, meeting compliance expectations will be a challenge. Organizations must evaluate the current state of their data, identify and remove data that does not serve the organization, and improve AI outputs while safeguarding against security risks.
With a better understanding of the data, organizations can build the right guardrails for custom AI projects, ensuring the data they pull is relevant and secure. Hopefully, this shift will turn custom AI pilots from failures into successes.
About the Author

Rick Vanover
Office of the CTO - Vice President Product Strategy
Rick Vanover is the Office of the CTO and Vice President of Product Strategy for Veeam. Rick is an expert in intelligent data management. In his role at Veeam, Rick sits at the crossroads of many types of storage. Whether it is storage systems, critical application data, data in the cloud, or data anywhere in between, he has experience managing data as IT practices evolve with new technologies.
