Your classification scheme was not built for AI
Most enterprises have a data classification scheme. It typically has three to five levels — something like Public, Internal, Confidential, Restricted. It was designed for traditional data security: controlling access to files, databases, and network shares. It answers the question "who can see this data?"
AI breaks this model because the question is no longer just "who can see it" but "where does it go, who processes it, what happens to it during processing, and does it influence future outputs?" A document classified as "Internal" under your existing scheme might be perfectly fine for employees to read, but completely unacceptable to send to a cloud AI provider that retains data for 30 days and operates infrastructure in a different jurisdiction.
Traditional classification also assumes you know the data in advance. A database of customer records can be classified once and that classification persists. But AI usage is dynamic — an employee might paste a sentence that contains no sensitive data, or they might paste an entire medical record. The classification needs to happen at the point of use, not at the point of storage.
This module builds an AI-specific classification framework that accounts for these differences. It maps to your existing classification scheme rather than replacing it, so you do not need to reclassify your entire data estate.
