Miles Jamison 
Gina Scinta, deputy chief technology officer of Thales Trusted Cyber Technologies, is urging federal agencies to strengthen cybersecurity and data governance protections as retrieval-augmented generation, or RAG, becomes a leading architecture for artificial intelligence deployments throughout government, Federal News Network reported Thursday.
Why Are RAG Systems Creating New Security Risks?
RAG systems connect large language models to agency knowledge bases to generate responses using internal data rather than public information. While the approach can enhance mission-specific outputs, Scinta said it also expands potential exposure points for sensitive information, underscoring the need for a data-centric security platform and end-to-end data protection provided by cloud service providers.
The Thales 2026 Data Threat Report noted that AI and agentic applications are increasing risks associated with controlled unclassified information, personally identifiable information and other sensitive data assets. The report found that 97 percent of surveyed organizations experienced harm from AI-generated disinformation. Thales also noted that organizations manage an average of 89 software-as-a-service applications, creating broader and more complex data access pathways.
What Security Capabilities Should Agencies Require?
Scinta recommends that federal IT leaders evaluate cybersecurity vendors based on their ability to provide the following capabilities:
- Pre-ingestion data discovery and classification
- Transparent encryption
- Independent key management
- Continuous data activity monitoring
- Least-privilege access enforcement
- Hybrid architecture coverage
- Post-quantum cryptography readiness
These priorities reflect the growing need to secure AI systems from the earliest stages of deployment. In a 2025 interview with GovLoop, Scinta emphasized the need to implement safeguards, including encryption and strict access controls, early in the AI integration process.
