Gartner research signals rise of Zero Trust data governance buy-in

“Organisations can no longer implicitly trust data or assume that it was human-generated,” said Wan Fui Chan, managing vice-president at Gartner. “As AI-generated data becomes pervasive and indistinguishable from human-created data, a Zero Trust posture establishing authentication and verification measures is essential to safeguard business and financial outcomes.”

Large language models (LLMs) are typically trained on ‘web-scraped’ data and a variety of sources, including books, code repositories and research papers. Some of these sources already contain AI-generated content. If current trends continue, nearly all will eventually be populated with AI-generated data.

According to the 2026 Gartner Chief Information Officer and Technology Executive Survey, 84% of respondents expect their organisation to increase funding for Generative AI in 2026. As organisations accelerate both the adoption of and investment in AI initiatives, the volume of AI-generated data will continue to rise. This means that future generations of LLMs will increasingly be trained on outputs from previous models, in turn heightening the risk of ‘model collapse’ whereby AI tools’ responses may no longer accurately reflect reality.

“As AI-generated content becomes more prevalent, the regulatory requirements for verifying ‘AI-free’ data are expected to intensify in certain regions,” continued Chan. “However, these requirements may differ significantly across geographies, with some jurisdictions seeking to enforce stricter controls on AI-generated content, while others may adopt a more flexible approach.”

Further, Chan noted: “In this evolving regulatory environment, all organisations will need the ability to identify and tag AI-generated data. Success will very much depend on having the right tools and a workforce skilled in information and knowledge management, as well as metadata management solutions that are essential for data cataloguing.”

Active metadata management practices will become a key differentiator, enabling organisations to analyse, alert and automate decision-making across their data assets.

Risk management

Organisations should consider several strategic actions when seeking to manage the risks of unverified data:

*Appoint an AI governance leader

Establish a dedicated role responsible for AI governance, including Zero Trust policies, AI risk management and compliance operations. This leader should work closely with data and analytics teams to ensure both AI-ready data and systems capable of handling AI-generated content

*Foster cross-functional collaboration

Form cross-functional teams that include cyber security, data and analytics and other relevant stakeholders to conduct comprehensive data risk assessments in order to identify business risks related to AI-generated data and determine which are addressed by existing data security policies and which need new strategies

*Leverage existing governance policies

Build on current data and analytics governance frameworks and focus on updating security, metadata management and ethics-related policies to address new risks from AI-generated data

*Adopt active metadata practices

This enables real-time alerts when data is stale or requires recertification, in turn helping organisations to quickly identify when business-critical systems may become exposed to inaccurate or otherwise biased data

*Further information is available online at www.gartner.com