Artificial intelligence (AI) has changed the cybersecurity game, and this can be seen in its impact on something called “the mosaic effect.” Here, Security magazine talks with Luke Norris, Co-Founder and CEO of Kamiwaza, about “the mosaic effect” and how AI is shaping it today. 

Security magazine: Tell us about your background and experience within the security industry.

Norris: I’ve spent more than two decades working in infrastructure, operations, and security roles where scale, reliability, and governance were core requirements.

Earlier in my career, I built and ran security programs for regulated financial organizations, with direct responsibility for audit controls, business continuity planning, and third-party risk. I also led large-scale operations environments, including integrated operations centers supporting global infrastructure and disaster recovery systems.

Over time, my work shifted toward distributed and multi-cloud architectures, where security and data sovereignty had to function consistently across cloud providers and on-prem environments. As founder and executive chairman of Faction, I focused on data-first architectures that exposed the limits of traditional access control at scale.

Today, as Co-Founder and CEO of Kamiwaza, my focus is on how AI changes the security model itself: how inference and autonomous systems introduce new, emergent risks like the mosaic effect that existing controls were never designed to handle.

Security: What is “the mosaic effect”?

Norris: The mosaic effect describes a situation where individual pieces of information are each permissible to access on their own, but when combined, reveal something more sensitive than any single piece would suggest.

This concept originated in the intelligence and privacy disciplines, where analysts recognized that aggregation itself can create risk. What’s changed is scale and speed. Modern AI systems can correlate thousands of low-risk data points in seconds, uncovering patterns that they were never explicitly instructed nor authorized to find.

The risk doesn’t live in any one dataset. It emerges from how data is combined, inferred, and contextualized, often across systems and over time.

Security: Why is “the mosaic effect” a concern?

Norris: Because most security controls were designed to evaluate access in isolation.

Traditional access control answers questions like: Is this user allowed to see this dataset? That framing assumes each access can be evaluated independently. But AI systems correlate data faster and more broadly than humans ever could, generating inferences across previously unrelated inputs in real time.

That means you can have a system that is technically compliant at every step, with the right roles and permissions in place, and still produce an outcome that violates policy or regulatory intent. This is especially critical in federal, defense, and regulated enterprise environments where data fusion itself can cross classification or sensitivity boundaries.

As organizations deploy AI into operational workflows, this gap becomes impossible to ignore. The system can do exactly what it was allowed to do, and still do the wrong thing.

Security: If traditional access control can’t manage this issue, how can “the mosaic effect” be mitigated?

Norris: Mitigating the mosaic effect requires shifting from static permission checks to contextual authorization. Even when extended with attribute-based or relationship-based models, most access control systems still evaluate decisions on a per-request basis.

That limitation becomes critical when AI systems chain actions, inherit authority, and combine context across time and systems. Consider an AI agent with legitimate access to employee directories, project assignments, and calendar data. Each query is authorized. But when the agent correlates all three to infer organizational restructuring plans or upcoming layoffs, it crosses a boundary that no single permission covers.

Instead of asking only who is accessing what, systems need to evaluate why access is occurring, how it relates to previous actions, and what the combined effect is likely to be. That includes understanding purpose, delegation, time, and relationships between data, agents, and decisions.

This becomes especially critical in distributed environments where inference happens across multiple systems. Authorization decisions can’t live in a single database or policy engine — they must account for what’s being combined and where the inference occurs.

In practice, this means authorization decisions need to be made with awareness of inference context. It also means treating AI agents as first-class actors with constrained authority, rather than as neutral tools operating under a single service account.

This doesn’t eliminate risk entirely, but it turns mosaic effects from an invisible failure mode into something that can be actively governed.

Security: Is there anything we haven’t discussed that you would like to add?

Norris: One important clarification is that the mosaic effect isn’t a reason to slow down AI adoption. It’s a signal that our security models need to evolve alongside our systems.

We’ve seen this pattern before. When systems moved from centralized to distributed, perimeter security stopped working. When humans were no longer the only actors, identity models had to change. AI is another step in that progression.

What makes AI different is velocity. Authorization decisions that were evaluated quarterly or during policy reviews now need to happen in real time for every inference request. That means security can’t be a static snapshot. It has to be a living system that updates continuously as permissions change, new data is added, users are onboarded, or projects are restructured.

Organizations that treat this as a systems problem, where contextual authorization adapts dynamically to every add, move, change, and delete, will be able to deploy AI more safely and more confidently than those who try to paper over it with static controls.