BigID and Atlan announced a new integration on March 9, 2026 at the Gartner Data & Analytics Summit in Orlando designed to unify structured and unstructured data governance into a single control plane for enterprise AI deployments. The integration combines BigID’s Data Security Posture Management capabilities with Atlan’s modern data catalog platform, allowing organizations to discover, classify, and track data lineage across both structured databases and unstructured data environments from a shared governance interface.
The joint architecture introduces several operational capabilities that were previously managed in separate systems. BigID’s automated classification engine identifies sensitive data across documents, files, and cloud storage environments while Atlan’s catalog surfaces those risk signals directly alongside governance metadata such as lineage, ownership, and data usage context. Security alerts, sensitivity tags, and classification results now appear inside the catalog interface where data engineers and AI teams select data assets for analytics pipelines and model development.
The integration responds to a structural problem created by modern AI development. Traditional data governance programs were designed primarily around structured databases and data warehouses where schema and lineage could be tracked centrally. AI systems increasingly rely on unstructured information sources such as documents, emails, PDFs, and knowledge repositories. Those sources often sit outside catalog visibility while still feeding analytics workloads and retrieval‑augmented generation pipelines.
By connecting BigID’s classification and risk scoring infrastructure directly to Atlan’s governance layer, the integration embeds security posture into the point where data decisions are made. Every asset visible inside the catalog now carries both governance metadata and security classification context. This shift reflects a growing expectation among enterprise governance teams that the data powering AI systems must be discoverable, classified, and traceable before it enters production pipelines.
Key Terms
DSPM (Data Security Posture Management)
A category of security software that discovers, classifies, and monitors sensitive data across cloud storage systems, databases, and file environments to identify security risks and policy violations.
Data Catalog
A centralized system that organizes enterprise data assets and provides metadata about those assets, including ownership, lineage, and usage context so teams can locate and govern data used in analytics and AI systems.
Data Lineage
A record showing how data moves across systems and transformations, allowing organizations to trace where a dataset originated, how it was modified, and where it is used in downstream pipelines.
Structured Data
Data stored in defined schema such as relational databases or data warehouses where fields, tables, and relationships are organized in a consistent format.
Unstructured Data
Information that does not follow a predefined schema, including documents, emails, PDFs, images, and files stored in collaboration platforms or cloud storage systems.
Control Plane
A centralized governance layer used to supervise and manage systems, policies, and infrastructure components across an organization’s data or technology environment.
RAG Pipeline (Retrieval‑Augmented Generation)
An AI architecture where a language model retrieves information from external knowledge sources before generating a response, allowing models to answer questions using enterprise data.
Sensitive Data Classification
The process of automatically identifying and labeling data that contains personal information, confidential records, or regulated data categories requiring governance controls.
Data Divide Is Breaking Enterprise AI Governance Programs
Organizations attempting to govern artificial intelligence pipelines frequently discover that their data governance infrastructure was designed for a different era of analytics. Traditional governance platforms focused almost entirely on structured databases and data warehouses where schema, ownership, and lineage could be tracked centrally. Modern AI initiatives increasingly draw from unstructured sources such as documents, collaboration platforms, file systems, and cloud storage repositories. As AI adoption accelerates, governance teams are discovering that much of the data entering AI systems exists outside the environments where governance policies were originally enforced.
AI pipelines increasingly retrieve information from unstructured sources such as documents, PDFs, emails, and cloud storage repositories that were never cataloged in traditional data governance systems.
Business units deploying AI tools often introduce new data flows into models without formal governance review, creating shadow AI environments that governance teams cannot easily observe.
Data governance leaders and security teams remain accountable for the same AI data risk but frequently operate from separate systems and separate views of enterprise data.
Regulatory frameworks such as the EU AI Act and NIST AI RMF are beginning to require demonstrable lineage and classification for the data feeding AI systems rather than relying solely on policy documentation.
Every successful AI initiative starts with context. Atlan is the context layer for data and AI — the place where technical metadata, business meaning, and governance all come together. By bringing BigID's DSPM risk signals directly into that context layer, we give our joint customers a single view of where sensitive data lives, how it flows, and which analytics and AI experiences depend on it — and then automate the right guardrails at scale. Together, we're helping enterprises move faster on AI with the confidence that their data is understood, governed, and trusted end to end
— Marc Seifert, Head of Global Alliances, Atlan
These operational pressures explain why organizations are increasingly searching for governance architectures capable of bridging the structured and unstructured data divide. Platforms that combine data discovery, classification, and catalog visibility across both environments aim to provide the continuous oversight required once AI systems begin operating inside enterprise workflows.
How Enterprises Are Currently Managing Data Governance Across AI Pipelines
Most enterprise AI governance programs today operate through a collection of disconnected systems rather than a single unified architecture. Data governance teams typically manage structured assets through a catalog platform where lineage, ownership, and usage context are documented. Security teams, meanwhile, rely on separate data security posture management tools to identify sensitive data across file systems, collaboration platforms, and cloud storage environments. Because these systems evolved to solve different problems, they rarely share a common operational view of how data flows into AI pipelines.
The structured and unstructured divide becomes most visible when organizations attempt to document how an AI system was built. A governance analyst reviewing a catalog may see lineage across warehouse tables and analytics pipelines, but the documents, emails, or knowledge repositories used in retrieval‑augmented generation pipelines often exist outside that lineage record. The result is a governance view that appears complete while missing the very data sources that shaped the model’s output.
This gap frequently becomes visible during compliance reviews or internal AI risk assessments. Regulators and audit teams increasingly ask organizations to demonstrate where the data used in AI systems originated, how it was classified, and whether sensitive information was included in training or inference pipelines. When unstructured sources were never cataloged or classified in the first place, organizations struggle to produce the documentation needed to demonstrate that oversight existed before deployment.
Before the new integration, organizations running both BigID and Atlan often attempted to bridge this divide manually. Classification data generated by BigID would be reviewed in a separate console while governance analysts continued working inside the catalog. Reconciling those views required manual comparison between systems, creating delays and inconsistencies in how risk signals were interpreted. The integration between BigID and Atlan attempts to eliminate that reconciliation step by embedding security classification directly into the catalog interface where data selection decisions occur.
BigID and Atlan’s Unified Catalog Signals a New Standard for AI‑Ready Data Infrastructure
The integration between BigID and Atlan introduces a governance architecture designed to eliminate the operational separation between data security and data catalog visibility. BigID’s discovery and classification engine scans both structured databases and unstructured environments such as cloud storage, collaboration platforms, and document repositories. Those classification signals are then surfaced directly inside the Atlan catalog interface where data engineers, analysts, and AI teams select datasets for analytics workflows and model pipelines. This removes the need for teams to move between separate consoles to understand the security posture of the data they are evaluating.
Once classification signals enter the catalog, governance context changes at the user level. Sensitivity labels, policy alerts, and risk indicators generated by BigID appear alongside lineage, ownership, and usage metadata maintained by Atlan. A governance analyst reviewing a dataset can now see both the operational history of that data and the security classification attached to it before approving its use in an analytics workflow or AI pipeline. According to Atlan CEO Marc Seifert, the goal of the integration is to ensure that governance signals are visible exactly where data decisions are made.
The integration also extends lineage visibility across environments that were historically difficult to trace. When a document or file identified as sensitive enters a data pipeline, its classification context can now follow the transformations that move it into analytics systems or AI retrieval pipelines. For governance teams responding to compliance reviews, this creates a record showing how sensitive information moved across the system rather than requiring analysts to reconstruct those flows after the fact.
From an organizational perspective, the unified catalog introduces a shared operational surface for both governance and security teams. Chief Data Officers and Chief Information Security Officers often operate from separate systems that produce different interpretations of enterprise data risk. By surfacing security classification signals inside the catalog interface, the integration allows both groups to evaluate the same data assets through a common governance lens.
Policy intelligence is also surfaced closer to the moment when data is selected for use. Instead of security policies existing in a separate review process, risk signals now appear while engineers and analysts are choosing datasets inside the catalog. This shifts governance enforcement earlier in the pipeline where decisions about which data feeds analytics models and AI systems are actually made.
Our Take
AI Governance Take
The BigID–Atlan integration closes a governance gap that many enterprise AI programs have struggled to address: the separation between structured data governance and unstructured data security classification. For organizations building AI pipelines on top of enterprise knowledge bases, documents, and collaboration systems, that gap has made it difficult to demonstrate how sensitive information enters model workflows. Industries with strict compliance obligations such as financial services and healthcare will likely see the most immediate benefit from architectures that unify catalog lineage with security classification across both data types.
However, the integration does not automatically solve the governance problem for most organizations. The architecture only delivers value when both BigID and Atlan are already deployed and integrated across the same data environments. Enterprises operating with only one of these platforms, or neither, would need to invest in additional infrastructure before realizing the unified governance view described in the announcement.
Governance teams evaluating this approach should begin by mapping where unstructured data currently enters their AI pipelines. Documents, knowledge repositories, and collaboration platforms often feed retrieval‑augmented generation systems without passing through traditional catalog oversight. Organizations should assess whether existing catalog or DSPM deployments already capture those sources, whether the BigID–Atlan integration would activate capabilities they already own, and whether their lineage documentation satisfies emerging requirements from frameworks such as the EU AI Act or the NIST AI Risk Management Framework.
If your organization is evaluating platforms that combine data cataloging, security classification, and AI governance controls, review the vendors currently mapped in the GAIG marketplace. Compare how different platforms handle structured and unstructured data discovery, lineage, and policy enforcement before committing to a governance architecture that will sit underneath your AI pipelines.
