Why AI agents make your unstructured data problem impossible to ignore

AI agents don't wait for permission. They access whatever content they can find. Box CISO Heather Ceylan explains why your unstructured data governance problem just became urgent. See how Box secures enterprise AI: https://www.box.com/security-compliance What this video is about For years, enterprises tolerated messy, unclassified unstructured data. Content scattered across local devices, Microsoft 365, Box, and other cloud storage systems. The risk felt manageable because the people accessing that content were humans. Humans who weren't supposed to see something usually didn't go looking for it. AI agents don't work that way. In this interview, Box CISO Heather Ceylan breaks down exactly why the shift from human access to agent access changes the entire risk calculus, and what security leaders need to do about it before an incident forces their hand. The blast radius problem Heather opens with a scenario that makes the stakes concrete. Imagine your legal team is working on a deal. The data is material, nonpublic information sitting in a folder that isn't classified correctly and isn't properly access-controlled. A human who isn't supposed to see it probably won't find it. They're not looking. But now imagine the product team deploys an agent to research that same company. The agent finds the legal team's folder, surfaces the deal information, builds it into a product roadmap, and Slacks product leaders about what it found. That's not a theoretical risk. That's a compliance and legal crisis that would not have existed in a human-only access model. The reason agents amplify risk so dramatically, Heather explains, is that their permissions are often intentionally broad. They need to complete multi-step processes, so restrictive permissions are frequently not built into the agents themselves. That makes the governance of the content they access the critical control point. AI as the solution, not just the problem The counterintuitive pivot in this conversation is Heather's argument that AI can actually solve the governance problem it creates. Manual data classification has always been impractical. AI changes that. Modern AI can understand what content is and how sensitive it is, not just match keywords or regex patterns the way legacy DLP tools did. It can proactively apply classification labels and automatically enforce permissions based on those labels. And critically, those labels travel with the content wherever it goes across systems. The governance ladder Heather closes with a practical sequence for security leaders: Consolidate content into a single storage location. Use AI to classify that content at scale. Apply controls based on those classifications. Once you have a strong, secure content layer, let agents operate on it with guardrails in place. On shadow AI and human oversight Heather argues that security leaders who say no to AI don't stop AI adoption. They create shadow AI. The right posture is to give teams safe, governed ways to experiment. Even with strong content governance in place, certain agent actions — deleting files, sharing entire folders publicly, still warrant human approval. FAQs: Q: Why do AI agents create more risk than human users accessing the same unstructured data? A: Agents are designed to access whatever content they can find to complete multi-step tasks, and their permissions are often intentionally broad. That makes the governance of the content itself the critical control point. Q: What does Heather mean by "blast radius" in the context of AI agents? A: Blast radius refers to the scope of damage when something goes wrong. When an agent accesses content it shouldn't, it can surface that content to other teams, build it into workflows, and take action on it, multiplying the impact before anyone notices. Q: Can AI really help classify unstructured data at scale? A: Legacy DLP tools classified content based on keywords and regex patterns. Modern AI can understand what content actually is and how sensitive it is, making automated classification at scale genuinely feasible in a way it wasn't before. Q: What's the right sequence for enterprises deploying AI agents? A: Heather recommends: (1) consolidate content into a single storage location, (2) use AI to classify it, (3) apply access controls based on those classifications, and (4) only then deploy agents on that governed content layer. Q: How should security leaders handle the shadow AI problem? A: Saying no to AI doesn't prevent adoption, it drives it underground. Give teams safe, governed ways to experiment so they can evaluate usefulness before full implementation. Q: Should all agent actions require human approval? A: Not all of them. Low-risk actions can be automated once content controls are strong. High-stakes actions, like deleting files or sharing folders publicly, still warrant human oversight.