Kiteworks Launches Data-Layer AI Governance Platform

Kiteworks today introduced a new data-layer governance platform to address growing enterprise concerns about AI agent security and compliance, positioning the offering as a first-of-its-kind solution for regulated environments.

Kiteworks targets AI governance gap with data-layer approach

The new platform, Kiteworks Compliant AI, is designed to enforce governance controls directly at the data access layer, rather than at the model or application level, ensuring that every AI agent interaction with sensitive data is authenticated, policy-governed, encrypted, and logged.

According to the company, the platform applies attribute-based access control (ABAC), FIPS 140-3 validated encryption, and tamper-evident audit logging regardless of the AI model, prompt, or agent framework in use. 

“The Kiteworks unified platform has always given channel partners a strong story around secure data exchange—unified governance across email, file sharing, SFTP, managed file transfer, APIs, and data forms,” David Byrnes, Kiteworks’ VP of global channels, told Channel Insider ahead of the launch. 

“Kiteworks Compliant AI extends that same governance to AI agents as a first-class channel,” he added.

Agentic AI becomes a new employee and introduces new risks

This architecture is intended to close what Kiteworks describes as a widening governance gap as enterprises rapidly deploy agentic AI systems.

“AI agents are the new digital employees—and like all employees, they access, handle, share, and act on regulated data,” said Kiteworks Chief Product Officer Yaron Galant. 

“The difference is that AI agents exercise zero independent ethical judgment. They will access any data they are not explicitly prevented from touching. HIPAA does not care whether a human or an AI agent accessed that patient record. Kiteworks Compliant AI governs the data layer—not the model—so every agent interaction is authenticated, ABAC policy-governed, FIPS 140-3 encrypted, and logged in a tamper-evident audit trail before any regulated data is touched. No other platform delivers this combination of controls at the data layer for AI agents. That’s not a feature—it’s an architecture,” Galant continued.

Enterprise adoption outpaces control mechanisms

The launch comes as organizations accelerate AI adoption without corresponding governance maturity. 

Kiteworks cited its 2026 Data Security and Compliance Risk Forecast Report, which found that all surveyed organizations have agentic AI on their roadmap, with more than half already running agents in production.

However, significant control gaps remain. The report found that 63% of organizations cannot enforce purpose limitations on AI agents, while 60% lack the ability to terminate misbehaving agents.

Broader industry data points to similar concerns. 

AI-related vulnerabilities are now considered the fastest-growing cyber risk by a majority of organizations, while academic research has demonstrated that autonomous agents can exfiltrate data and execute unauthorized actions without effective safeguards.

“This is where channel partners step in. Most mid-market and enterprise organizations don’t have the internal expertise to govern AI data access across regulatory frameworks,” Byrnes said. 

“They know they need AI. They know they need guardrails. They need a trusted partner to bridge the gap,” he continued.

Governed assists aim to operationalize compliance

To operationalize governance, Kiteworks introduced three “Governed Agent Assists,” which are compliance-ready workflows built on its Data Policy Engine. 

These include capabilities for folder operations, file lifecycle management, and automated form creation in regulated environments.

Each assist enforces policy controls across actions such as creating, moving, or deleting data, while maintaining compliance with frameworks such as HIPAA, SOX, PCI, and FISMA.

How channel partners can build new service offerings around AI governance

Byrnes told Channel Insider he thinks channel partners will benefit significantly from Kiteworks’ product evolution.

“For resellers, MSPs, and MSSPs, this isn’t just a product announcement. It’s the foundation for an entirely new service category,” Byrnes said, noting that customers will likely find ways to adopt AI with or without partners in the near future.

Byrnes is betting the new capabilities from Kiteworks will enable channel partners to remain helpful, trusted advisors to their customers in an AI-driven environment.

Audit and assessment services top opportunities for MSPs

The platform also emphasizes auditability as a core differentiator. Kiteworks said organizations can generate complete compliance evidence packages—including access policies, encryption validation, and audit logs—within hours rather than weeks.

For MSPs and others, the opportunities are vast. Byrnes highlighted the following as potential avenues for partners to explore:

• Assessment engagements in which partners evaluate a customer’s AI data access posture against regulatory requirements
• Deployment services through which partners configure governed AI workflows across content repositories
• Ongoing managed services, including monitoring AI agent activity, tuning access policies, and generating compliance evidence for auditors

Why data-layer governance matters

Kiteworks argues that data-layer enforcement is the only reliable control point for AI agents, as they can bypass model-level guardrails through techniques such as prompt injection. 

By embedding governance directly into data access workflows, the company aims to provide a consistent enforcement mechanism across disparate AI ecosystems.

The company will showcase Compliant AI at the RSA Conference 2026, where it plans to demonstrate real-time governance of AI agent interactions for enterprise and public sector use cases.

As regulatory scrutiny around AI intensifies, Kiteworks is betting that compliance, and the ability to prove it, will become a critical differentiator for organizations deploying AI at scale.

“Channel partners who move early on governed AI data access will own a category that didn’t exist 18 months ago,” said Byrnes. 

“The combination of AI agent deployment, regulatory urgency, and platform consolidation pressure creates a service opportunity that spans assessment, implementation, and ongoing management.”