DataGrail’s AI Governance Solution Uncovers Shadow AI & Helps Businesses Innovate with Confidence

Honor Data Privacy Rights, Detect AI in SaaS & Draft Pre-populated AI risk Assessments with DataGrail’s AI Governance Solution

Gary Flake Named an AI Advisor & DataGrail Releases Responsible AI Use Principles & Policies Playbook to Guide Businesses Through Privacy-Forward AI Governance

DataGrail’s AI Governance Solution uncovers AI risks in third-party apps and systems that power their business, helping organizations get the benefits of AI innovation, while understanding and managing its associated risks. (Graphic: Business Wire)

SAN FRANCISCO--()--DataGrail, the leading Data Privacy Platform,™ today announces its AI Governance Solution. At a time when 48% of CISOs cite AI security as their biggest concern, DataGrail’s AI Governance Solution uncovers AI risks in third-party apps and systems that power their business, helping organizations get the benefits of AI innovation, while understanding and managing its associated risks.

Additionally, in response to customer demand, DataGrail unveiled its Responsible AI Use Principles & Policies Playbook. Available to enterprises and consumer brands, DataGrail provides a framework for businesses to develop their own customized AI principles and policy based on their values. This two-pronged approach– assisting brands in creating their own policies while simultaneously examining AI risk posed by third parties– is game-changing for companies navigating an uncertain, rapidly evolving data privacy landscape.

“The AI landscape is evolving quickly. As such, we must teach AI to work with us, not against us, and that means taking a pragmatic approach to discovering where you’re using AI, monitoring its usage, and controlling it when possible,” said DataGrail CEO and Co-founder Daniel Barber. “Regulations are coming, but not soon enough. To preserve the human right to data privacy, companies must act now. With DataGrail for AI Governance and our playbook on responsible AI use, we provide organizations with everything they need to move forward mindfully.”

Gary Flake Joins DataGrail Advisory Board

Underscoring its commitment to leading companies into an AI future, DataGrail also announced that technology visionary Gary Flake will take on an active advisory role, weighing in on the company’s AI policies and procedures, as well as how AI fits into its product roadmap. Flake is currently the Chief Scientist of, a startup seeking to decode EEG for brain-health insights and the future of human-computer interactions. Flake has also held executive positions at Microsoft, Yahoo!, Salesforce, and Overture and has advised dozens of startups, public companies, non-profits, universities, and government research institutions. Notably, Flake has filed over 150 patents and has numerous publications spanning over 35 years, focusing on machine learning, data mining, search, data visualization and complex systems.

AI Governance That Meets the Moment

Amid increased third-party risk, and rising consumer data privacy expectations, CISOs in particular are tasked with understanding data risk from generative AI, interpreting what sources it has access to, and uncovering its classification of data. DataGrail’s patent-pending Responsible Data Discovery uncovers shadow AI within a business. With this technology, DataGrail found it’s likely at least 40% of businesses are either knowingly or unknowingly using OpenAI at their businesses.

With DataGrail’s AI Governance Solution security and privacy teams can:

  • Discover traditional AI and generative AI models in third parties: DataGrail’s Responsible Data Discovery continuously detects AI and generative AI models used throughout an organization's SaaS and third-party systems.
  • Easily categorize systems & data: Automatically identify models within your systems and apply smart categories, providing an up-to-date view of business risk.
  • Assess, audit, and monitor AI risks: Build AI risk assessment to meet regulatory requirements, including the EU’s AI act and California’s automated decision-making enforcements. Extend Data Protection Impact Reports (DPIAs) or Privacy Impact Assessments (PIAs) to understand third-party vendor AI usage and give a holistic view of vendors using AI.
  • Orchestrate data requests across your AI systems: No matter where personal information lives across your AI systems, DataGrail will orchestrate deletion, access, and opt-out requests.

A Playbook Designed to Safeguard the Future in an AI World

DataGrail collaborated with several customers to develop a playbook that guides leaders through a straightforward process that others can learn from in order to create their own AI Use principles and policies that meet their needs and brand values. Simultaneously, DataGrail worked to formulate its internal policies on responsible AI use. The DataGrail Responsible AI Use Principles & Policies Playbook removes the headaches, stress, and uncertainty companies experience when trying to craft policies themselves by walking teams through a series of basic steps and principles. This simple yet essential resource also includes worksheets, questions, and examples that can further assist companies in their efforts to take advantage of AI responsibly.

“AI is transforming the world– it’s something every company should adopt– but with care,” said new DataGrail Advisor, Gary Flake. “Generative AI in particular is an innovation accelerator, yet as with any new technology, there can be unintended consequences. DataGrail helps companies be prepared. This is one of the most important missions of our time, and I look forward to working with the team to ensure companies adopt best practices to get the most out of AI with the least risk.”

Learn more about all that DataGrail provides at

About DataGrail

DataGrail is the data privacy company for this era. We help brands minimize risk, stay a step ahead of consumer and employee expectations, and safeguard their reputation. Our complete, enterprise-grade data privacy platform is powered by patented Risk Intelligence technology that detects shadow IT and makes vulnerable data visible so brands can proactively manage risk. Leveraging responsible automation at scale and the largest integration network in data privacy, DataGrail automates privacy workflows across systems to perform risk assessments, accelerate data subject request (DSR) fulfillment, and optimize resources.

Headquartered in San Francisco, the world’s most trusted brands partner with DataGrail on their data privacy journey, including Salesforce, FanDuel, Dexcom, Databricks, Instacart, amongst others. DataGrail is backed by leading VCs and strategic investors, including Third Point Ventures, Felicis Ventures, Next47, Cloud Apps Capital Partners, Operator Collective, HubSpot, Okta Ventures, and American Express Ventures. Visit or follow DataGrail on Twitter and LinkedIn to learn more.


Kristan Curren

Social Media Profiles


Kristan Curren