It is clear now that we live in the age of AI. Companies are rapidly rolling out AI tools to support employees in a variety of ways, from coding to business intelligence to customer service and more. AI is transforming from a static tool to query information into agentic AI, where AI agents take action on their own, based on what they’ve learned and what they’ve been configured to do.
Data from Metrigy’s forthcoming Workplace Collaboration and Contact Center Security and Compliance: 2025-26 shows that the vast majority of companies have already implemented, or plan to implement AI. Just 8% of the more than 300 participating organizations have no plans to deploy it. As AI deployments grow, so too does the need to ensure compliance. Indeed, more than 80% of our participants have implemented, or plan to implement, a governance policy to ensure AI security and compliance.
It should come as no surprise that companies offering compliance management solutions are also embracing AI to improve their ability to manage and enforce policies. However, as they do, they may inadvertently create risks for their customers. To protect customer data, compliance management vendors must ensure data protection, and they must disclose the data they capture, how they use it, and how customers can ensure that their data is not used for model training without their consent. Absent transparency, data shared with third-party providers becomes a black box.
To ensure the protection of customer data, Theta Lake has announced that it has achieved ISO/IEC 42001 certification. Jointly developed by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC), ISO//IEC 42001 is the first standard for an artificial intelligence management system. This certification demonstrates that Theta Lake is providing demonstrable trust and transparency with its own implementation of AI, providing customers with assurances over how their data is captured and used.
Theta Lake demonstrates its ability to help organizations manage these threats and protect themselves from inadvertent data loss while ensuring compliance for AI. Metrigy’s research found that more than 70% of companies assess their vendors for their security compliance certifications, a number we expect to grow as organizations focus on minimizing the risk of AI.
Beyond the new certification, Theta Lake also announced updates to its digital communications governance and archiving (DCGA) suite, released in June of 2025. These new capabilities provide the ability to detect risk in the use of AI, such as attempts to jailbreak AI chatbots and agents. Already, more than 60% of companies in our research are implementing, or planning to implement, such capabilities to identify and mitigate risks in their use of AI agents. Of those, 57% are implementing protection against model poisoning attacks.
As AI changes the IT landscape, so too does it change the threat matrix and compliance requirements. Successful organizations must take a proactive approach toward managing and securing AI. Doing so requires leveraging specific capabilities to protect against current and emergent threats. It also requires due diligence to ensure that your security and compliance vendors are themselves transparent in the use of AI. Theta Lakes’ new certification and DCGA capabilities provide the ability for organizations to improve their AI security and compliance posture through a verifiable set of tools.
by Irwin Lazar, President and Principal Analyst at Metrigy, CISSP
ABOUT METRIGY: Metrigy is an innovative research and advisory firm focusing on the rapidly changing areas of workplace collaboration, digital workplace, digital transformation, customer experience and employee experience—along with several related technologies. Metrigy delivers strategic guidance and informative content, backed by primary research metrics and analysis, for technology providers and enterprise organizations