The Zero Trust Workout Plan: Building AI-Ready Data Security
A September 2025 presentation on zero trust (and my first Substack article, I'll be writing on this platform from now on.)
Introduction
In September, I presented a session titled The Zero Trust Workout Plan: Build AI-Ready Data Security for the International Data Security User Group, an initiative created by Justine Wolters and Anna Bordioug, data security professionals from the Netherlands and Canada. Together, they have built a programme of monthly sessions featuring some of the most engaged Microsoft Purview MVPs and practitioners in the field.
Justine asked me to open the series with a broader framing session from my perspective as a Microsoft employee, something to set the context before the expert presenters dive deeper into Purview data security and compliance practices in the months ahead.
My session focused on a practical, no-fluff approach to building resilient, AI-ready data security by treating Zero Trust not as a buzzword but as a daily discipline. Whether an organisation is just beginning or already scaling its practices, the goal was to offer a workout plan for the AI era: a way to strengthen identity, data, access, and monitoring in a world where systems behave less like engineered machines and more like living networks.
Since these sessions are not recorded by design, this article reconstructs the argument behind the slides and links each section to the relevant part of the deck. It is meant to give you the structure, the reasoning, and the practical lens that shaped the full talk.
You can view the deck (in presentation mode) and download it (in PDF format) here: The Zero Trust Workout Plan.pptx
The One Security Concept to Outlast Them All
Relevant section in the deck: Everything’s Changed, But Not Too Much
The shift to hybrid work, and now generative AI, has not changed the most fundamental principles of cybersecurity. What has changed is the speed, scale, and interconnectedness of the systems we operate within.
In the physical world, structures like rockets, railway lines, and manufacturing plants are complex but not dynamic. They behave as engineered systems. Their parts are designed to interact in predictable ways. For decades, many organizations have implicitly treated cybersecurity the same way, as if defending a static machine: identify the components, secure the boundaries, and assume steady-state operation.
But digital systems today behave differently. They resemble biological ecosystems, immune systems, or cybernetic networks. They produce emergent properties that cannot be understood by analysing any component in isolation. Attacks evolve. Behaviours change. Dependencies shift. AI accelerates all of this. It introduces new interactions, new inferences, and new ways for information to flow across systems without explicit design. In this kind of environment, resilience does not come from perfect engineering. It comes from adaptability.
This is why Zero Trust becomes more important as security concept. Healthy biological systems do not survive because they anticipate every threat. They survive because their fundamentals stay active, reinforcing strength where they are most vulnerable. In the same way, implementing Zero Trust is about building the macronutrients and core muscle groups of a resilient security posture. It enables organizations to adapt even when the specific risks change.
Therefore the emergence of generative AI is not a reason to abandon Zero Trust. It is the strongest reason to return to its fundamentals: assume breach, use least privilege, and verify explicitly across every interaction. AI expands the ways data can be accessed, transformed, inferred, and combined. That expansion does not call for a new paradigm but for a deeper commitment to the one that already works.
How Work Evolved
Relevant section in the deck: The Birth of Hybrid Work (2021)
We know this story all too well by now: before hybrid work, most data and systems lived inside organisational boundaries, accessed primarily through managed devices. Work was centralised, predictable, and governed through network-level control.
Hybrid work expanded that footprint. Organisations adopted more SaaS applications, cloud-hosted data, unmanaged devices, and direct user access from outside the corporate network. Instead of a single controlled environment, work became distributed, fragmented, and context-dependent. Adoption of Microsoft Purview’s Information Protection solution accelerated in response to this shift; a world where corporate data could be accessed from anywhere, on any device.
The presentation frames Zero Trust for data security professionals through the lens of fitness. You cannot predict the exact illness or injury you will face, but you can build a body that is difficult to break. Health comes from ongoing training, balanced macronutrients, and strength across key systems. Security works the same way. Zero Trust is not only about predicting specific attacks. It is a discipline that strengthens identity, data, access, monitoring, and recovery so that when new threats emerge, the organisation is already conditioned to withstand them.
AI accelerates this evolution by making previously siloed data discoverable through natural language. Weak data classification or misconfigured access controls become direct exposure risks rather than operational inconveniences. Hybrid work changed the topology of where data lives. AI changes the accessibility, reach, and value of that data in ways no previous interface ever has.
AI Introduces New Classes of Risk
Relevant section in the deck: The Whole AI Thing (2016 to 2025)
Traditional applications behave deterministically. The same input produces the same output. Enforcement can occur through explicit code, storage rules, and boundary-based logic.
AI systems behave differently. They generalise, infer, synthesise, and produce new outputs based on patterns rather than strict instruction. Similar inputs produce similar outcomes, but similarity is not sameness. Validation has to move from deterministic enforcement to context-aware supervision across dynamic behavior.
The presentation relies on the apprentice metaphor. AI behaves less like a pre-programmed machine and more like a junior analyst who can fill gaps, connect information, and produce answers no one explicitly stored. That ability creates value, but also new leakage paths, because sensitive information can be reconstructed or inferred without directly querying a protected source.
The same section also emphasises that AI generates new forms of sensitive data. Intermediate outputs, model behaviour, and derived information can all expose patterns the organisation never intended to make visible. Without Zero Trust enforcement across these points, sensitive information can leak through inference rather than through direct access.
Zero Trust Must Apply Across AI Nodes
Relevant section in the deck: The Zero Trust Workout Plan
The presentation introduces the concept of AI nodes: points where data is accessed, transformed, or transmitted. These nodes include accounts, apps, devices, VMs, containers, data, APIs, and increasingly the interfaces that tie AI components together, such as those defined through the use of Model Context Protocol (MCP) servers.
With Zero Trust, each interaction requires explicit verification based on identity, context, sensitivity, and policy. The aim is to ensure data access is always intentional, contextual, and verified at the moment it occurs.
Essentially, Zero Trust is foundational aspect of safe AI deployment rather than a standalone architecture objective.
Your Zero Trust Gym Gear
Before an organization begins any Zero Trust workout routine, it needs the right gear. This section in the presentation introduces the core tools and capability planes Microsoft provides to put Zero Trust into practice, especially in environments preparing for AI. One diagram captures this particularly well. It was not part of my original presentation, but I included it here thanks to a helpful suggestion from my colleauge Peter Moy during the session.
Identity is the fulcrum. It is the control plane that determines who can access what, under which conditions, and with what level of verification. Microsoft Entra anchors this plane through strong authentication and a wide range of identity signals such as user and location, device posture, application context, and real-time risk. The more signals an identity provides, the more precisely access can be evaluated and enforced.
The second plane follows the discipline of assume breach. This is expressed through the Microsoft Defender stack, which supplies threat context, incident timelines, and correlated alerts across endpoints, applications, identities, and cloud services. Defender helps security teams interpret signals in sequence rather than in isolation and reduces the likelihood of missing an early-stage event.
The third plane brings the principle of use least privilege to life by grounding it in data. Microsoft Purview enriches incidents with data-level context including the sensitivity of the information involved, the user’s interactions with that data, the potential risk of the behaviour observed, and the volume of sensitive content at stake. Data becomes identifiable, governed, and policy-bound rather than an undifferentiated stream moving through the IT environment.
The presentation also outlines several Zero Trust swim lanes where organisations can begin based on their goals. Some focus on securing remote and hybrid work. Others focus on reducing the business impact of breaches, identifying and protecting sensitive data, securing AI applications and datasets, or meeting regulatory and compliance obligations. Progress in one lane strengthens performance in the others, in the same way that gains in one area of physical fitness improve the overall system.
Zero Trust becomes real when these capability planes work together. Identity, threat detection, and data protection form a practical foundation that organisations can apply with the tools they already have.
Conclusion
Zero Trust was never meant to be a slogan. It was built for environments where complexity shifts faster than we can predict, and where systems behave more like living networks than machines. AI accelerates that shift. It increases inference, expands interactions, and raises the value and exposure of every piece of data.
In this kind of landscape, Zero Trust is not a project. It is a discipline. Identity shapes every decision through Entra. Defender interprets every signal. Purview gives data structure, value, and governance. Together, they form a security posture that learns, adapts, and strengthens with use.
As AI becomes native to every workflow, the organizations that succeed will be the ones that treat Zero Trust as daily conditioning rather than distant strategy. The presentation frames the mindset. The practice starts now.