Perforce reveals uncertainty around AI data privacy

Perforce Software’s 2025 State of Data Compliance and Security Report has revealed a striking disconnect between enterprise AI ambitions and the understanding of data privacy risks. According to the report, a large majority of organizations support using sensitive data in AI development but simultaneously express significant concerns about its security. This paradox emphasizes the urgent need for organizations to adopt clearer guidance and implement robust data protection strategies as AI adoption grows.

The survey captures responses from multiple industries and provides insights into how businesses handle sensitive data in AI, analytics, and software development contexts. It highlights both organizational optimism about AI’s potential and the apprehension surrounding the management of sensitive information.

The AI data privacy paradox

The report shows that 91% of organizations believe sensitive data should be allowed in AI model training. At the same time, 78% report high concern about theft or breaches. Experts say this discrepancy stems from a lack of understanding about the permanence of data in AI systems. Once sensitive information is used to train a model, it cannot be fully removed or made completely secure. This creates a lasting exposure risk, particularly when personal or confidential data is involved.

Steve Karam, Principal Product Manager at Perforce, noted that organizations face dual pressures: the need to innovate rapidly with AI while ensuring that privacy and compliance standards are met. He emphasized that personally identifiable information (PII) should never be used in model training, and that alternative approaches, such as synthetic data, can provide secure pathways for AI development.

This paradox is not merely theoretical. Organizations often underestimate the ways in which AI systems retain and propagate training data. Even in controlled environments, model outputs can inadvertently expose sensitive information, making it imperative for businesses to adopt comprehensive strategies to manage risk.

Rising breach risks in non-production environments

Non-production environments, such as testing and development, remain a common source of data exposures. The report found that 60% of organizations experienced breaches or theft in software development, AI, or analytics environments—an increase of 11% from the previous year. This rising trend highlights the vulnerabilities that exist outside of production systems, where data is often treated as less sensitive.

Despite the known risks, 84% of organizations still allow exceptions to data compliance policies in non-production environments. This practice can propagate exposures and create a false sense of security. Ross Millenacker, Senior Product Manager at Perforce, observed that many organizations perceive protecting sensitive data through methods like masking as cumbersome or manual. As a result, exceptions are often made, inadvertently increasing risk.

The persistence of breaches in non-production environments demonstrates the need for more automated and integrated solutions. Organizations are encouraged to implement data protection practices consistently across all environments, including test and staging environments, to minimize vulnerabilities.

Growing investment in AI data privacy solutions

In light of these risks, the survey shows that 86% of organizations plan to invest in AI data privacy solutions within the next one to two years. These investments reflect growing recognition that privacy and security cannot be sidelined in the race to implement AI.

Investment strategies vary but typically include automated data masking, access controls, auditing mechanisms, and monitoring systems to detect unauthorized data access. Organizations are increasingly prioritizing technologies that allow AI initiatives to move forward without compromising sensitive information.

Protecting sensitive data has become a strategic imperative. Organizations that fail to implement robust safeguards face not only regulatory repercussions but also potential reputational damage. The report underscores that AI adoption cannot occur in isolation from comprehensive data privacy strategies, and organizations must plan investments accordingly.

The role of synthetic data in AI development

One of the approaches highlighted in the report is the use of AI-powered synthetic data generation. Synthetic data mimics the statistical characteristics of real data but does not contain identifiable personal information, allowing organizations to develop and train AI models without risking sensitive data exposure.

Perforce’s Delphix DevOps Data Platform integrates synthetic data generation with traditional data masking and delivery processes. This unified approach enables businesses to ensure privacy compliance while providing realistic datasets for testing, analytics, and AI training. By adopting synthetic data, organizations can significantly reduce the risk of exposing sensitive information while still benefiting from AI-driven insights.

Synthetic data also provides flexibility in AI pipelines. Organizations can generate datasets tailored to specific testing or training needs without waiting for production data to be sanitized. This capability reduces delays in development cycles and supports agile AI initiatives, making it a practical alternative to traditional approaches that rely on limited anonymization or complex masking procedures.

Compliance challenges and organizational culture

The report emphasizes that AI data privacy challenges are not solely technical—they are cultural and procedural as well. Many organizations allow exceptions to data compliance policies because of perceived workflow burdens or a lack of understanding about risks. Bridging this gap requires not only technology but also training and clear governance policies.

Organizations are encouraged to develop a comprehensive culture of data responsibility. This includes educating employees on the permanent nature of sensitive data in AI systems, enforcing consistent compliance across environments, and leveraging technology to streamline privacy protections.

The survey findings suggest that organizations that integrate privacy considerations early in their AI strategy are more likely to achieve both regulatory compliance and operational efficiency. Those that fail to do so risk increased exposure, potential breaches, and long-term legal or reputational consequences.

Perforce reveals uncertainty around AI data privacy

Perforce’s 2025 report underscores the uncertainty surrounding AI data privacy in enterprise environments. The paradox between the desire to use sensitive data in AI and the high concern about data breaches highlights a critical need for clear guidance and integrated solutions.

Organizations that adopt AI responsibly and securely, including the use of synthetic data and consistent privacy controls, can navigate these challenges without slowing innovation. Implementing robust practices across all environments—from development to production—ensures that AI initiatives proceed with minimal risk to sensitive data.

The report’s findings call attention to the broader implications of AI adoption. As businesses continue to explore AI capabilities, understanding the intersection of data privacy, compliance, and technological innovation will be essential to mitigating risks while enabling growth and competitive advantage.

By integrating secure AI practices, organizations can align their AI ambitions with the necessary safeguards to protect sensitive information, reinforcing both regulatory compliance and stakeholder trust.