Skip to Content
User GuideData Lens

Data Lens

As organizations adopt AI agents and assistants, enterprise data starts to move in new and less predictable ways. Files are retrieved through RAG pipelines, summarized in conversations, and reused across agents, users, and AI services. This creates new data exposure risks that require a deeper understanding of how AI interacts with organizational data.

AI Detection & Response Data Lens is an evolution of Zenity AI Runtime Observability. While Zenity previously provided a first layer of observability through detailed AI activity logs, Data Lens introduces an insights-driven, data-centric view. Together, they allow organizations to move from answering what happened to understanding what matters most.

With activity-level observability, users could answer questions such as:

  • What messages did a specific user send across AI platforms?
  • Which tools were invoked by a given agent?
  • What actions occurred during a specific AI interaction?

Data Lens builds on this foundation by aggregating activity into meaningful insights, such as:

  • Which data items are most frequently accessed by AI
  • How data usage evolves over time
  • Which sensitive data items are broadly exposed across agents and services

Data Lens answers a critical question: Which data items are being touched by AI, how often, by whom, and how risky are they?

Concepts

Data Item

A data item is any distinct piece of data accessed, referenced, fed into, or generated by AI agents.

Examples include:

  • Files retrieved through RAG flows such as documents, spreadsheets, and presentations
  • Web pages accessed by agents

In Data Lens:

  • Each data item appears once, deduplicated by its URL or unique ID.
  • Files and web pages are normalized into a single table, regardless of the originating AI platform
  • Email and Teams message items include a unique identifier in their name to reduce ambiguity

This allows security teams to reason about data exposure at the data object level, not per interaction.

Sensitivity

Sensitivity represents all known indicators that a data item may contain sensitive or regulated information.

Sensitivity signals are aggregated from multiple sources, including:

  • Native labels such as Microsoft Information Protection labels
  • Location-based indicators such as sensitive folders or sites.
  • Zenity detections identifying sensitive information types like PII or PCI

Data Lens displays all applicable sensitivity indicators side by side, allowing teams to quickly assess risk without relying on a single classification source.

Note: phase 1 includes sensitivity labels indicators, locations and detection are to be added soon.

Popularity

Popularity reflects how frequently a data item is accessed by AI agents.

It is measured using:

  • Access count across all AI interactions
  • First seen and last accessed timestamps

Popularity is a strong risk signal. Highly accessed sensitive data is more likely to be overshared, misused, or unintentionally propagated by agents. Data Lens explicitly correlates popularity with sensitivity to surface high-risk exposure candidates.

Cross-Platform Correlation

AI activity often spans multiple platforms such as Microsoft Copilot, Copilot Studio, ChatGPT Enterprise, and others.

Data Lens normalizes and correlates data access across:

  • Different AI services
  • Different agents
  • Different users

This creates a unified view of data exposure across the entire agentic environment.

Using Data Lens

  1. Navigate to AI Observability
  2. Select Data Lens

You are presented with a table of all data items touched by AI agents in your environment.

Understanding the Data Lens Table

Data Lens Columns

Each row in the table represents a single data item and includes:

  • Icon indicating data item type such as file or web page
  • Name showing the file name or web domain
  • Access Count showing how many times AI agents accessed the item
  • Last Accessed timestamp
  • Findings aggregated and grouped by severity
  • Sensitivity indicators aggregated from all sources

By default, the table:

  • Filters provate emails and Teams messages out
  • Is sorted by Access Count in descending order

This default view helps surface the most actively used and shared data items first.

Searching and Filtering Data

Data Lens Filters

Use search and filters to narrow down data exposure scenarios, including:

  • Sensitivity Label to focus on specific classifications
  • Location to find data items within sensitive folders
  • Agent, AI Service, or User
  • Data Item Type such as file format or web page

Filters can be combined to isolate high-risk cases, such as sensitive files accessed by multiple agents across services.

Investigating a Data Item

Data Lens Side Panel

Clicking a data item opens a detailed side panel with:

  • Item metadata including name, type, format, and URL
  • Aggregated sensitivity indicators
  • Findings linked directly to filtered Findings view
  • Access count linked to filtered activity view
  • A content snippet when available

Below that, The side panel includes visualizations that show:

  • AI access over time, broken down by AI service
  • Distribution of accesses by agents
  • Distribution of accesses by users

Clicking any agent or user directly navigates to the activity view, pre-filtered to the selected data item and entity.

This enables fast investigation paths from data exposure to responsible agents and actors.

Summary

Data Lens provides a data-first perspective on AI security by evolving Zenity AI Runtime Observability from raw activity into actionable insights. By correlating real AI activity with sensitivity and usage signals, Data Lens helps identify overshared and high-risk data early, prioritize investigations, and reduce data exposure across agentic environments.