Every day, machine learning systems summarize clinical records, assess financial risk, personalize customer experiences, and optimize supply chains. Much of the data behind these systems is sensitive. As AI moves from experimentation to production, data moves through more pipelines, more third-party systems, more model endpoints, and more operational logs.
With this in mind, walls have been built around data as a safeguard. To ensure their safety while traveling. But why do we need to move so much raw data in the first place?
Data breaches are not inevitable
There is an important difference between protecting data and minimizing its exposure. Traditional security strategies are often built on the assumption that exposure is inevitable. Encrypt stored data. Encrypt in transit. Restrict access. Monitor activity. These controls are important and will continue to be essential. However, machine learning does not solve the entire problem.
Traditional encryption protects your data until you need to use it. To do anything with encrypted data, it usually needs to be decrypted somewhere. Homomorphic encryption allows computation on encrypted data and is an important area of privacy-preserving machine learning, but it often incurs significant computational overhead, delay, and cost. Differential privacy can reduce the risk of individual records being exposed due to noise injection, but it can also impact the practicality of the model if not carefully calibrated.
These approaches are valuable. The problem is that publishing raw data is often treated as a starting point. Enterprise AI requires a prevention-first architecture. That is, an architecture that reduces or completely eliminates exposure of sensitive information before it reaches downstream machine learning environments.
McKinsey In its 2025 State of AI Survey, 88% of respondents said their organization regularly uses AI in at least one business function, up from 78% a year ago. PwC We found that 88% of senior executives surveyed plan to increase their AI budget over the next 12 months thanks to agent AI. and risk net ranked information security as the No. 1 operational risk in 2026 for the fifth consecutive year, while AI risk entered the operational risk ranking on its own. Increasing adoption of AI means more sensitive data being used in more places. Without a different architecture, each successful deployment increases the attack surface.
I’ve seen this problem repeatedly for nearly 20 years when building AI systems in environments where reliability, security, and scale aren’t options. Examples include fraud detection at Mastercard and Equifax, large-scale optimization at Coca-Cola and VICI Partners, and digital identity systems where data protection is central to the entire business model. The model often works. The proof of concept is promising. The challenge is deploying it at enterprise scale without sending raw sensitive data to places where it’s not needed.
Train on vectors instead of raw data
That’s the problem VEIL was designed to address. veil Abbreviation for Vector Encoded Information Layer. It is a privacy-preserving machine learning architecture built on a concept called information compression anonymization (ICA). that addresses one of the central barriers in enterprise AI today: how to use sensitive data without exposing it.
Instead of sending raw feature data to a downstream model pipeline, we transform the raw data near the source into a compressed, task-tailored vector representation. These representations are what the model is trained on and what the model recognizes during inference. The raw records remain in your trusted source environment.
This is not just another wrapper for the same pipeline. Change anything that crosses trust boundaries. If your model only needs the predictive signals contained in the reduced representation, names, phone numbers, account attributes, financial details, or other sensitive source characteristics do not need to go through the model delivery stack. VEIL is designed to preserve the signals needed for supervised learning tasks while discarding information that should not be exposed downstream.
in Technical white paper published on arXivInformationally Compressive Anonymization: Non-Degrading Sensitive Input Protection for Privacy-Preserving Supervised Machine Learning details the architecture and its underlying reasoning. The key principle is that downstream systems must operate on risk-mitigated representations rather than raw sensitive inputs. If a downstream training environment, model endpoint, log stream, or storage layer is compromised, the attacker should not receive the original records that the enterprise was trying to protect.
Privacy without normal performance degradation
The most common argument against privacy-preserving machine learning is that privacy usually comes at the cost of reduced accuracy, increased latency, increased complexity, or all three. This tradeoff is one reason why many promising AI projects are stuck between proof of concept and production. Companies don’t want to expose sensitive information, but they also don’t want to implement solutions that are too slow, too expensive, or too degraded to be useful.
Under the evaluation conditions described in the VEIL study, this architecture achieved data compression ratios ranging from 95 percent to 99.96 percent while maintaining predictive utility that matched, and in some cases exceeded, the performance of baseline models. That’s important. This suggests that privacy and utility don’t always have to be polar opposites.
The reason is that in an enterprise model, you rarely need all the information contained in the raw records. They need task-relevant signals. A well-designed representation layer can concentrate that signal and filter out what is unnecessary for prediction. So the real question is not whether everything can be protected after export. The question is whether we can avoid exporting most of it at all.
From defense to prevention
This is the change we need now in AI security. Organizations have long focused on protecting sensitive information as it enters complex environments. The next step is to reduce the amount of sensitive information entering those environments in the first place.
A prevention-first machine learning architecture asks a variety of questions. Can representations be generated within a trusted source environment? Can raw inputs, encoder parameters, and sensitive gradients remain there? Can downstream training and inference be performed only on vectors? Are vectors useless for reconstruction but not useful for prediction?
This approach is not a substitute for encryption, access controls, monitoring, data governance, or responsible retention practices. It should work in parallel with them. However, there is less raw sensitive data to protect, which reduces the burden on all downstream controls. It also creates a security posture that is more resilient to changes in computational assumptions, such as post-quantum concerns that make it increasingly difficult to rely solely on cryptographic secrecy over the long term.
From security management to competitive advantage
The broader opportunity goes beyond security. It’s access. Many organizations have highly valuable datasets that are underutilized because the privacy, governance, and regulatory risks are too high. Healthcare, financial services, insurance, identity, fraud prevention, and supply chain operations all contain data that, if used securely, can improve AI systems.
The companies that win with AI may not be the ones with the largest models. They may be the ones who can safely unlock your most valuable data. It requires a change in mindset. Sensitive data should not be treated as something that necessarily needs to be copied, moved, and exposed for AI to function. This should be treated as something that can be translated, minimized, and used through a more secure interface.
After all, the future of AI security cannot be won by building high walls around increasingly large pools of raw data. At every perimeter, you can win by designing pipelines that move less sensitive data, expose less data, and make it less useful to attackers.
Train in vector. Never publish raw data. For enterprise AI, this is more than just a security principle. This is the path from proof of concept to commercialization.
