Artificial intelligence is not only transforming business models but is redefining the very foundations of data governance. What was once a periodic and reactive process now demands to be continuous, automated, and above all, trustworthy. And in this new paradigm, the technology distribution channel emerges as a key player in translating regulatory and technical complexity into real business opportunities.

The Starting Point: Alarmingly Low Visibility

According to the Thales 2026 Data Threat Report, only 34% of organizations know exactly where their data is stored, and only 39% are able to classify it in its entirety. This lack of visibility, combined with the speed and scale at which AI processes information, is putting unprecedented pressure on traditional governance frameworks.

Eutimio Fernández, Regional Sales Director for Iberia at Thales Cybersecurity Products, explains it clearly: “This lack of visibility, coupled with the speed at which AI processes information, demands an evolution toward governance models that combine continuous visibility, granular policy enforcement, and behavioral analysis to differentiate between acceptable and malicious automation.”

For Fernández, organizations must rethink identity, encryption, and data visibility as essential infrastructure. “Those that integrate robust governance into their AI strategies will be better positioned to innovate securely and prevent AI from becoming their new internal threat,” he warns.

The Channel as a Demand Thermometer

From the distributor's perspective, the demand is clear. Carlos Serra, Head of Technical Practices at TD SYNNEX Spain, notes that their partners—integrators, resellers, and managed service providers—are seeing growing interest in solutions that allow organizations to know at all times where their data is, who accesses it, and for what purpose.

“AI has turned data into the most dynamic and, at the same time, most exposed asset of any organization: automated systems process it at a speed and scale that traditional governance frameworks—designed for human workflows—simply cannot absorb,” says Serra.

This paradigm shift is accelerating the adoption of integrated data security platforms that combine automated discovery and classification, encryption, centralized key management, and real-time behavioral analysis. “At TD SYNNEX, we are actively working with our vendors and partners to ensure this transformation reaches organizations in an orderly, practical manner, with the right technical support at each stage of the process,” he adds.

Emerging Risks: When AI Becomes a Threat

The massive use of data for training AI models is generating a new category of risks that traditional security architectures cannot manage. Fernández provides compelling data: “70% of organizations already identify AI as the main risk to their data security, and 61% of respondents acknowledge that their AI applications are active targets for attackers, with sensitive data as the main prize. Likewise, 47% of sensitive data in the cloud remains unencrypted, exponentially amplifying exposure in training flows.”

The Thales Bad Bot 2026 report reveals that, of the detectable AI traffic in 2025, 85% corresponded to model training crawlers, and more than 10% of those sessions triggered malicious bot detection rules. “This means that AI automation is already evolving toward behaviors typically associated with threats, and that organizations' data may be used to train third-party models without any consent or control,” adds Fernández.

Juan Manuel Valiente, Director of Services at Secure&IT, identifies another emerging challenge: the possibility that models memorize or reproduce personal information used during training. “Although artificial intelligence systems are not designed to store personal data in a conventional way, certain techniques or configurations can lead to the unwanted disclosure of confidential information. Added to this are risks associated with data inference, i.e., the ability to deduce characteristics, behaviors, or profiles of a person from seemingly non-sensitive information,” he explains.

From a regulatory perspective, these risks are driving companies to strengthen data protection impact assessments, anonymization and pseudonymization mechanisms, and AI governance and oversight measures. “The challenge is no longer just about protecting the data that is collected, but also about controlling the knowledge, patterns, and conclusions that AI systems can extract from it,” Valiente concludes.

SMEs: The Weakest Link and the Big Opportunity

“The level of preparedness is uneven,” admits Carlos Serra. While large corporations have dedicated teams and specific budgets to comply with regulations such as the AI Act, Cyber Resilience Act, and the evolution of GDPR, SMEs face a double pressure: regulatory complexity grows faster than their ability to adapt, and internal technical resources are limited.

This is where the distributor plays a critical role. “Our mission is not only to distribute technology, but to make that technology accessible, understandable, and deployable for organizations of any size. This involves providing the channel with technical and commercial training on regulatory frameworks, maturity assessment tools for end customers, and solutions that reduce implementation complexity,” says Serra.

Eutimio Fernández adds that “53% of companies still rely on traditional security strategies, designed primarily for human users and perimeter controls that are insufficient for the requirements of the AI Act and European digital sovereignty frameworks.” And he brings a revealing fact: 53% of organizations cede control of encryption keys to their cloud providers for more than half of their applications, thus giving up effective control over their own data. “This practice, which may seem operationally convenient, poses a significant regulatory risk in an environment where the AI Act and GDPR require organizations to be able to demonstrate at all times who has access to what data and under what conditions,” he explains.

The Channel as a Bridge Between Regulation, Technology, and Business

Xan Fernández, Director of Data and AI at Babel, argues that the channel must play a fundamental role as a bridge between regulation, technology, and business. “Many companies don't just need tools; they need criteria, methodology, and execution capability. And there, the channel has a privileged position because it knows the reality of customers, works closely with vendors, and has practical experience implementing solutions in real environments,” he explains.

For Fernández, the channel's role must go far beyond selling technology. “It must help companies identify use cases, classify risks, design secure architectures, select vendors, define governance policies, train users, and establish controls that enable responsible use of data and AI.” Additionally, the channel can act as an accelerator of best practices. “By internally applying AI to improve its own processes, optimize teams, automate tasks, and develop new solutions, it gains very valuable learnings that it can then pass on to its customers: what works, what risks arise, what controls are necessary, and how to scale AI safely and sustainably,” he details.

“At Babel, we see it clearly: ethics in AI is not resolved with a statement of principles. It is grounded in architectures, processes, controls, training, human review when appropriate, and evidence. There, the channel can add tremendous value because it turns regulatory and ethical concepts into real solutions that companies can adopt,” he concludes.

Business Opportunities: Beyond Encryption

Carlos Serra acknowledges that “there is a great opportunity” for the channel, “resulting from the convergence of European regulations, the explosion of agentic AI, and the growing attack surface in multicloud environments, which generate a structural demand for encryption, key management, access control, and data discovery and classification solutions.” “30% of companies already allocate specific budgets to AI security, and this percentage will only grow as the AI Act comes into full effect,” he adds.

But Serra highlights that there is also an emerging and differentiating opportunity around API and identity protection against AI-driven malicious automation. In 2025, AI-based bot attacks multiplied by 12.5, 27% of bot attacks already target APIs directly, and account takeover fraud grew 70% year-over-year. “For integrators and channel providers, positioning around integrated platforms that connect malicious automation detection with identity protection and API security represents a high-value-added opportunity,” he concludes.

In this context, the channel must not only prepare to advise on vulnerabilities in AI agents or corrupted workflows, but also to offer ethical hacking and penetration testing services that validate the security of AI implementations. AI-driven data governance has become fertile ground for the channel, where trust and technical knowledge make the difference.

Original source: ComputerWorld. Analysis and adaptation by ForgeNEX.