The Mosaic Effect: Why AI Is Breaking Enterprise Access Control
In this Security Boulevard article, Kamiwaza Field CTO James Urquhart makes the case that AI is fundamentally breaking traditional enterprise access control. The culprit is the "mosaic effect": the long-recognized risk that individually harmless pieces of information, when combined, can expose something sensitive. AI dramatically amplifies this, because large language models and inference systems can correlate thousands of low-risk data points in seconds, uncovering patterns that once took human analysts weeks. The result is a silent expansion of what counts as sensitive — a timestamp, a purchase record, or metadata that becomes revealing only when linked. Urquhart argues that role-based access control (RBAC) and even attribute-based access control (ABAC) were designed for a world where data sensitivity is static and intrinsic, but in the AI era sensitivity is contextual, relational, and constantly shifting. His proposed answer is relationship-based access control (ReBAC), which models the evolving links between users, resources, actions, and purpose — granting access based on why, when, and in what context a relationship is valid, and revoking it automatically when that relationship dissolves. He explains how ReBAC builds on zero-trust principles, scales better in heavily regulated industries by avoiding rule sprawl, and behaves more like a living graph than a static rulebook. The piece is a strong articulation of a theme central to Kamiwaza's platform and one of its key SEO topics. Read the full article on Security Boulevard for the complete argument.
Source: Security Boulevard — Read the full article