In this Security Boulevard article, Kamiwaza Field CTO James Urquhart makes the case that AI is fundamentally breaking traditional enterprise access control. The culprit is the "mosaic effect": the long-recognized risk that individually harmless pieces of information, when combined, can expose something sensitive. AI dramatically amplifies this, because large language models and inference systems can correlate thousands of low-risk data points in seconds, uncovering patterns that once took human analysts weeks. The result is a silent expansion of what counts as sensitive — a timestamp, a purchase record, or metadata that becomes revealing only when linked. Urquhart argues that role-based access control (RBAC) and even attribute-based access control (ABAC) were designed for a world where data sensitivity is static and intrinsic, but in the AI era sensitivity is contextual, relational, and constantly shifting. His proposed answer is relationship-based access control (ReBAC), which models the evolving links between users, resources, actions, and purpose — granting access based on why, when, and in what context a relationship is valid, and revoking it automatically when that relationship dissolves. He explains how ReBAC builds on zero-trust principles, scales better in heavily regulated industries by avoiding rule sprawl, and behaves more like a living graph than a static rulebook. The piece is a strong articulation of a theme central to Kamiwaza's platform and one of its key SEO topics. Read the full article on Security Boulevard for the complete argument.
Source: Security Boulevard — Read the full article